Tools

NodeJsScan: static security code scanner for Node.js applications

NodeJsScan

Static security code scanner (SAST) for Node.js applications.

How to Configure

  1. Clone the repo: git clone https://github.com/ajinabraham/NodeJsScan.git
  2. Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py
  3. Run pip install -r requirements.txt
  4. Run python createdb.py
  5. Run python app.py

This will run NodeJsScan on http://0.0.0.0:9090 If you need to debug, set DEBUG = True in core/settings.py

NodeJsScan CLI

The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.

python cli.py -d <node_js_source_code>

Learn Node.js Security: Pentesting and Exploitation

OpSecX Video Course

Docker

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

DockerHub

docker pull opensecurity/nodejsscan
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

NodeJsScan Web UI

NodeJsScan V2

Static Analysis

NodeJsScan Static Scan ResultsNodeJsScan Static Scan Vulnerability Details

Copyright (C) ajinabraham

Source: https://github.com/ajinabraham/

 

 

Read more…

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

Leave a Reply