Categories: Kali Linux

Electronegativity : A Tool to Identify Misconfigurations & Security Anti-Patterns in Electron Applications

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications.

Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron.

A good understanding of Electron (in)security is still required when using it, as some of the potential issues detected by the tool require manual investigation.

Also Read : PHP : Security Check List 2019

Installation

Major releases are pushed to NPM and can be simply installed using:

$ npm install @doyensec/electronegativity -g

Usage

$ electronegativity -h

OptionDescription
-Voutput the version number
-i, –inputinput (directory, .js, .html, .asar)
-o, –outputsave the results to a file in csv or sarif format
-c, –checksonly run the specified checks, passed in csv format
-h, –helpoutput usage information

Using it to look for issues in a directory containing an Electron app:

$ electronegativity -i /path/to/electron/app

Using the tool to look for issues in an asar archive and saving the results in a csv file:

$ electronegativity -i /path/to/asar/archive -o result.csv

Note: If you’re running into the Fatal Error “JavaScript heap out of memory”, you can run node using node –max-old-space-size=4096 electronegativity -i /path/to/asar/archive -o result.csv

Credit :  Claudio MerloniIbram MarzoukJaroslav Lobačevski and many other contributors.

R K

Recent Posts

Nmap cheat sheet for beginners

Nmap (Network Mapper) is a free tool that helps you find devices on a network,…

9 hours ago

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

1 week ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

1 week ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

1 week ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

1 week ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

1 week ago