Bughound : Static Code Analysis Tool Based On Elastic search

Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential vulnerabilities in your code.

Bughound has its own Elasticsearch and Kibana Docker image that is preconfigured with dashboards to give you a strong visualization for the findings.

You can detect various types of vulnerabilities such as:

  • Command Injection.
  • XXE.
  • Unsafe Deserialization.
  • And more!

Bughound can analyze PHP and JAVA code for now, and it contains a group of unsafe functions for these languages.

I will make sure to add more and more functions/languages coverage with time, but for now the main focus is for the project stability itself.

Please note that Bughound results are not 100% accurate, it built to help you identify potential weaknesses during your analysis to investigate.

How It Works?

First of all, Bughound will build a list of all the files inside your project based on the extension of the files you want to audit, then it will read each file and try to find any pre-defined unsafe functions for your project’s language.

The analysis phase depends on pre-configured regex and some custom text matching to detect the potential vulnerabilities, so again, you need to do the manual analysis so you can check if these findings are exploitable.

Finally, it will send the results to the Bughound docker image which has a pre-configured Elasticsearch and Kibana that contain the customized dashboards for your findings.

The dashboards will give you details about the findings such:

  • Function name.
  • Category of the vulnerability.
  • Line number.
  • And much more!

Also using Kibana, you will be able to view the potentially vulnerable code snippet to start doing your analysis and tracing phase to check if it’s exploitable or not.

Of course, you can use your own ELK stack if you want, and Bughound will do the initial configuration for you, but you will not have the pre-configured dashboards in this case.

Requirements

You can install all the requirements to run Bughound code using the following command:

pip3 install -r requirements.txt

That will make sure all the requirements are installed for the code.

Also, you need to install Docker in order to run the Bughound image, more regarding this in the next section!

If you want to use your own Elasticsearch and Kibana instances, skip the docker installation step

Installation

Make sure to get the latest version of Bughound using the following command:

git clone https://github.com/mhaskar/Bughound

And after installing the requirements in the previous step you can run Bughound using the following command:

./bughound.py

You will get the main screen of Bughound.

┌─[askar@hackbook]─[/opt/bughound]
└──╼ $./bughound.py
_ _ _ _ _ ._ . _
|
\ | | | | / || | | | / \ | | | | | \ | | | \
| |) | | | | | | | _ | || | | | | | | | | | | | | | .–. | | _ < | | | | | | |_ | | | | | | | | | | | | . | | | | | | |_) | |–‘ | | || | | | | | | --' | |–‘ | | |\ | | ‘–‘ | |/ _____
/ ______| || || ______/ ______/ || __| |/
\ /
oVo
___XXX
/
XXXXX
/XXXXX\
/ XXX \
V V1.0 Beta
[+] Example: ./bughound3.py –path vulnerable_code/ –language php –extension .php –name testproject
usage: bughound.py [-h] [–path PATH] [–git GIT] –language LANGUAGE
–extension EXTENSION –name NAME [–verbose [VERBOSE]]
bughound.py: error: argument –language is required
┌─[✗]─[askar@hackbook]─[/opt/bughound]
└──╼ $

Docker image installation

To install the Bughound docker image, you can simply do the following:

docker pull bughound/bughound

And that will pull the latest version of the image and save it to your machine.

Once we pulled the image, we can run it using the following command:

docker run --name bughound -p5601:5601 -p 9200:9200 bughound/bughound

That will run the image under a new container called bughound and expose the ports that are needed by Bughound to communicate Elasticsearch and Kibana to your host.

You may need to increase the max virtual memory in order to use the image, so please make sure to run this command:

sysctl -w vm.max_map_count=262144

After getting two things done, you are ready now to use Bughound!

Usage

To start the analysis process for your code, you should use Bughound.py file which has some options, to see these options via the help banner, you can use the following command:

┌─[✗]─[askar@hackbook]─[/opt/bughound]
└──╼ $./bughound.py -h
._ _ _ _ _ ._ . _
|
\ | | | | / || | | | / \ | | | | | \ | | | \
| |) | | | | | | | _ | || | | | | | | | | | | | | | .–. | | _ < | | | | | | |_ | | | | | | | | | | | | . | | | | | | |_) | |–‘ | | || | | | | | | --' | |–‘ | | |\ | | ‘–‘ | |/ _____
/ ______| || || ______/ ______/ || __| |/
\ /
oVo
___XXX
/
XXXXX
/XXXXX\
/ XXX \
V V1.0 Beta
[+] Example: ./bughound3.py –path vulnerable_code/ –language php –extension .php –name testproject
usage: bughound.py [-h] [–path PATH] [–git GIT] –language LANGUAGE
–extension EXTENSION –name NAME [–verbose [VERBOSE]]
Optional arguments:
-h, –help show this help message and exit
–path PATH local path of the source code
–git GIT git repository URL
–language LANGUAGE the used programming language
–extension EXTENSION
extension to search for
–name NAME project name to use
–verbose [VERBOSE] show debugging messages
┌─[askar@hackbook]─[/opt/bughound]
└──╼ $

Scan Local Project

For example, to scan a local php project, you can use the following command:

./bughound.py --path /opt/dummyproject --language php --extension .php --name dummyproject

This command will create a new project called “dummyproject” in the Elasticsearch index, and crawl all the local files with the extension “.php” in the local path “/opt/dummyproject” and ship the results to Elasticsearch.

Scan Remote Git Repository

Also, you can pull a remote project from git repository using --git switch like the following:

./bughound.py --git https://github.com/DummyCode/DummyProject --language php --extension .php --name dummyproject

Bughound will clone the code for you and save it in projects directory, then will scan it.

Preconfigured Dashboards

If you decided to use the official Bughound docker image, you will get a couple of ready to use dashboards that will help you to do your analysis.

The following dashboards are available so far:

  • Bughound main dashboard
  • Command injection dashboard
  • Deserialization dashboard
  • XXE dashboard

These dashboards will give you statistics about the functions and code snippets that was found in the code so you can start your analysis process.

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

10 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

10 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

2 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago