Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., ndm, maven).
The framework can be used by security auditors, pentesters and even baked into an enterprise’s application security program and release cycle in an automated fashion.
The project is putting practicionar’s ability to extend and fit the toolkit to her own specific needs. As such, it is designed to be able to extend it to other sources, public registries, package management schemes and extending the abstract model and accompnaied heuristics engine.
Dependency Combobulator is ready to work with as it is – just git clone
or download the package from https://github.com/apiiro/combobulator
Make sure to install required dependencies by running:
pip install -r requirements.txt
-h, –help show this help message and exit
-t {npm,NuGet,maven}, –type {npm,NuGet,maven}
Package Manager Type, i.e: npm, NuGet, maven
-l LIST_FROM_FILE, –load_list LIST_FROM_FILE
Load list of dependencies from a file
-d FROM_SRC, –directory FROM_SRC
Extract dependencies from local source repository
-p–package SINGLE Name a single package.
-c CSV, –csv CSV Export packages properties onto CSV file
-gh GITHUB_TOKEN, –github GITHUB_TOKEN
GitHub Access Token (Overrides .env file setting)
-a {compare,comp,heuristics,heur}, –analysis {compare,comp,heuristics,heur}
Required analysis level – compare (comp), heuristics
(heur) (default: compare)
Supported package types (-t, –t): npm, maven
Supported source dependency assessment:
Analysis level is customizable as you can build your own preferred analysis profile in seconds. Dependency Combobulator does come with several analysis levels out-of-the-box, selected by -a, –analysis
Supported output format:
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…