Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications.
Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron.
A good understanding of Electron (in)security is still required when using it, as some of the potential issues detected by the tool require manual investigation.
Also Read : PHP : Security Check List 2019
Installation
Major releases are pushed to NPM and can be simply installed using:
$ npm install @doyensec/electronegativity -g
Usage
$ electronegativity -h
Option | Description |
---|---|
-V | output the version number |
-i, –input | input (directory, .js, .html, .asar) |
-o, –output | save the results to a file in csv or sarif format |
-c, –checks | only run the specified checks, passed in csv format |
-h, –help | output usage information |
Using it to look for issues in a directory containing an Electron app:
$ electronegativity -i /path/to/electron/app
Using the tool to look for issues in an asar archive and saving the results in a csv file:
$ electronegativity -i /path/to/asar/archive -o result.csv
Note: If you’re running into the Fatal Error “JavaScript heap out of memory”, you can run node using node –max-old-space-size=4096 electronegativity -i /path/to/asar/archive -o result.csv
Credit : Claudio Merloni, Ibram Marzouk, Jaroslav Lobačevski and many other contributors.
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…