# Code Analysis
[](https://ko-fi.com/Y8Y41FQ2GA)
## Sourcebot
{% embed url="" %}
## Open Source Analysis
{% embed url="" %}
## Training - Vulnerable Code Snippets
{% embed url="" %}
## Search for credentials
{% embed url="" %}
{% content-ref url="recon/osint/credentials-in-git-repos" %}
[credentials-in-git-repos](https://0xss0rz.gitbook.io/0xss0rz/pentest/recon/osint/credentials-in-git-repos)
{% endcontent-ref %}
## XSS in PHP Source Code
```bash
#!/bin/bash
# 1) save it as xssaminer
# 2) allow execution: chmod +x xssaminer
# 3) run it & check usage: ./xssaminer
if [ -z $1 ]
then
echo -e "Usage:\n$0 FILE\n$0 -r FOLDER"
exit
else
f=$1
fi
sources=(GET POST REQUEST "SERVER\['PHP" "SERVER\['PATH_" "SERVER\['REQUEST_U")
sinks=(? echo die print printf print_r var_dump)
xssam(){
for i in ${sources[@]}
do
a=$(grep -in "\$_${i}" $f | grep -o "\$.*=" | sed "s/[ ]\?=//g" | sort -u)
for j in ${sinks[@]}
do
grep --color -in "${j}.*\$_${i}" $f
for k in $a
do
grep --color -in "${j}.*$k" $f
done
done
done
}
if [ $f != "-r" ]
then
xssam
else
for i in $(find $2 -type f -name "*.php")
do
echo "File: $i"
f=$i
xssam
done
fi
```
{% embed url="" %}
{% embed url="" %}
## PHP Code Analysis
{% embed url="" %}
## SpotBugs
Java Code
{% embed url="" %}
## Semgrep
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
### Rules - C/C++
{% embed url="" %}
### Rules - Python, Javascript/GraphQL, Go, Rust
{% embed url="" %}
### Rules - Java/Android, PHP, Kotlin
{% embed url="" %}
### Rules - Multiple Languages
{% embed url="" %}
## Opengrep
{% embed url="" %}
## Sonarqube
{% embed url="" %}
### Scan
```
osboxes@osboxes:~/Desktop/test$ /opt/sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner -Dsonar.projectKey=test -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.token=sqp_298c331b3738f8a44310aece9e2de4008d82cde5
```
{% embed url="" %}
## Snyk
### Online
Not recommanded or remove sensitive information
{% embed url="" %}
### Snyk CLI
{% embed url="" %}
{% embed url="" %}
## CodeQL
{% embed url="" %}
{% embed url="" %}
Example with Visual Studio:
{% embed url="" %}
## Vulnhuntr
{% embed url="" %}
## PHP Static Analysis Tool
{% embed url="" %}
## Dependency Takeover - Node.js
{% embed url="" %}
## List of Static Application Security Testing (SAST) Tools
{% embed url="" %}
## Resources
### SEI CERT C Coding Standard
{% embed url="" %}
### SEI CERT C++ Coding Standard
{% embed url="" %}
### SEI CERT Oracle Coding Standard for Java
{% embed url="" %}
### OWASP Secure Coding Practices
{% embed url="" %}
## Interesting Books
{% content-ref url="../interesting-books" %}
[interesting-books](https://0xss0rz.gitbook.io/0xss0rz/interesting-books)
{% endcontent-ref %}
{% hint style="info" %}
**Disclaimer**: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.
{% endhint %}
* [**The Web Application Hacker’s Handbook**](https://www.amazon.fr/dp/1118026470?tag=0xss0rz-21) The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
* [**Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities**](https://www.amazon.fr/dp/1718501544?tag=0xss0rz-21) Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
* [**Real-World Bug Hunting: A Field Guide to Web Hacking**](https://www.amazon.fr/dp/1593278616?tag=0xss0rz-21) Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.
## Support this Gitbook
I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.
[](https://ko-fi.com/Y8Y41FQ2GA)
[](https://buymeacoffee.com/0xss0rz)
