Jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any Node.js application and more! How? Building cargo build –release Running Target a specific process and execute a basic expression: ./target/debug/jscythe …
Tag Archives: Node.js
Njsscan : A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Node.js Applications
Njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. Installation pip install njsscan Requires Python 3.6+ and supports only Mac and Linux Command Line Options $ njsscanusage: njsscan [-h] [–json] [–sarif] [–sonarqube] [–html] [-o OUTPUT] [-c …
Mininode : A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis
Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction (1) coarse, (2) fine. Mininode constructs the dependency graph (modules and functions used) of the application starting from main file, i.e. entry point of the application. Mininode initializes entry point …
WARCannon : High Speed/Low Cost CommonCrawl RegExp In Node.js
WARCannon was built to simplify and cheapify the process of ‘grepping the internet’. With WARCannon, you can: Build and test regex patterns against real Common Crawl data Easily load Common Crawl datasets for parallel processing Scale compute capabilities to asynchronously crunch through WARCs at frankly unreasonable capacity. Store and easily retrieve the results How It …
Continue reading “WARCannon : High Speed/Low Cost CommonCrawl RegExp In Node.js”
Js-X-Ray : JavaScript & Node.js Open-Source SAST Scanner
Js-X-Ray is a JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting the results of this tool will still require you …
Continue reading “Js-X-Ray : JavaScript & Node.js Open-Source SAST Scanner”
Pown : A Security Testing An Exploitation Toolkit Built
Pown (Pown.js) is a security testing and exploitation toolkit built on top of Node.js and NPM. Unlike traditional security tools like Metasploits, Pown.js considers frameworks to be an anti-pattern. Therefore, each module in it is in fact a standalone NPM module allowing greater degree of reuse and flexibility. Creating new modules is a matter of …
Continue reading “Pown : A Security Testing An Exploitation Toolkit Built”
NodeJsScan – Static Security Code Scanner For Node.js Applications
NodeJsScan is a static security code scanner (SAST) for Node.js applications. Configure & Run Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py pip3 install -r requirements.txt python3 migrate.py # Run once to create database entries required python3 app.py # Testing Environment gunicorn -b 0.0.0.0:9090 app:app –workers 3 –timeout 10000 # Production Environment This will run it …
Continue reading “NodeJsScan – Static Security Code Scanner For Node.js Applications”
Pwned – A Command-Line Tool For Querying The ‘Have I been Pwned?’ Service
A command-line tool for querying Troy Hunt’s Have I been pwned ? service using the hibp Node.js module. Pwned Installation Download and install Node.js, then install pwned globally using npm: npm install pwned -g Alternatively, you can run it on-demand using the npx package runner: npx pwned How To Ue ? pwned <command> Commands: pwned …
Continue reading “Pwned – A Command-Line Tool For Querying The ‘Have I been Pwned?’ Service”