CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Current rules for C,C++,GO, Python, javascript, Swift, PHP, Ruby, ASP, Kotlin, Dart and Java.(you can create your rules).
Go to CodeCat directory, install backend and frontend libs:
$ apt install python3-venv python3-dev libffi-dev rustc libssl-dev
$ python3 -m venv .venv
$ . .venv/bin/activate
$ pip install wheel
$ pip install -r Frontend/requirements.txt
$ pip install -r Backend/requirements.txt
Run backend and frontend
$ cd Codecat
$ cd Frontend; python3 wsgi.py &
$ cd ..
$ cd Backend; python3 wsgi.py &
Next step you need save your user to login:
$ curl -i -X POST -H “Content-Type: application/json” -d ‘{“email”:”admin2@test.com”,”username”:”admin”,”password”:”rubrik123″}’ https://127.0.0.1:50001/api/users -k
These endpoint /API/users run only once in the first deployment. If you try to send a request again to insert a user, the endpoint return 404 is security to block resources of possible attacks.
Go to the following “https://127.0.0.1:50093/front/auth/”. Now you can enter this system-auth, use login “admin”, pass “rubrik123”.
Note About TLS: You can configure and load your TLS cert in “wsgi.py”.
Suppose you need to run in production. So I recommend another way.
$ gunicorn -b 127.0.0.1:50001 wsgi:app
If you want, you can use TLS with CERT resources:
$ gunicorn –certfile=server.crt –keyfile=server.key -b 127.0.0.1:50001 wsgi:app
The same command to frontend, but you need to use port 50093.
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…