Hi, Cool project :) It would be cool if you could run nodejsscan

Feature Added. <div class="snippet-clipboard-content notranslate position-relative
[Feature] Add code to run nodejsscan from cli about nodejsscan HOT 3 CLOSED

ajinabraham commented on September 4, 2024
[Feature] Add code to run nodejsscan from cli
from nodejsscan.
Comments (3)

ajinabraham commented on September 4, 2024
Thanks, will consider this.
from nodejsscan.
ajinabraham commented on September 4, 2024
Feature Added.
$ python cli.py -d /Users/ajin/Code/Node.Js-Security-Course/

[INFO] Running Static Analyzer Running on - /Users/ajin/Code/Node.Js-Security-Course/

{"files": [{"LICENSE": "/Users/ajin/Code/Node.Js-Security-Course/LICENSE"}, {"dir_traversal.js": "/Users/ajin/Code/Node.Js-Security-Course/dir_traversal.js"}, {"node-mongo.js": "/Users/ajin/Code/Node.Js-Security-Course/node-mongo.js"}, {"hpp.js": "/Users/ajin/Code/Node.Js-Security-Course/hpp.js"}, {"nodejsshell.py": "/Users/ajin/Code/Node.Js-Security-Course/nodejsshell.py"}, {"README.md": "/Users/ajin/Code/Node.Js-Security-Course/README.md"}, {"eval.js": "/Users/ajin/Code/Node.Js-Security-Course/eval.js"}, {".gitignore": "/Users/ajin/Code/Node.Js-Security-Course/.gitignore"}, {"global_scope.js": "/Users/ajin/Code/Node.Js-Security-Course/global_scope.js"}, {"simple_server.js": "/Users/ajin/Code/Node.Js-Security-Course/simple_server.js"}, {"redos.js": "/Users/ajin/Code/Node.Js-Security-Course/redos.js"}, {"command execution.js": "/Users/ajin/Code/Node.Js-Security-Course/command execution.js"}, {"deserialization.js": "/Users/ajin/Code/Node.Js-Security-Course/deserialization.js"}, {"fs.js": "/Users/ajin/Code/Node.Js-Security-Course/fs.js"}, {".gitORIG_HEAD": "/Users/ajin/Code/Node.Js-Security-Course/.git/ORIG_HEAD"}, {".gitconfig": "/Users/ajin/Code/Node.Js-Security-Course/.git/config"}, {".gitHEAD": "/Users/ajin/Code/Node.Js-Security-Course/.git/HEAD"}, {".gitdescription": "/Users/ajin/Code/Node.Js-Security-Course/.git/description"}, {".gitindex": "/Users/ajin/Code/Node.Js-Security-Course/.git/index"}, {".gitpacked-refs": "/Users/ajin/Code/Node.Js-Security-Course/.git/packed-refs"}, {".gitCOMMIT_EDITMSG": "/Users/ajin/Code/Node.Js-Security-Course/.git/COMMIT_EDITMSG"}, {".gitFETCH_HEAD": "/Users/ajin/Code/Node.Js-Security-Course/.git/FETCH_HEAD"}, {".gitobjects/59/d842baa84c8bf4a041873b61233d12a585816c": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/59/d842baa84c8bf4a041873b61233d12a585816c"}, {".gitobjects/57/e2fca634ae1f0ccf490c8667de95ae9f0d8aa1": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/57/e2fca634ae1f0ccf490c8667de95ae9f0d8aa1"}, {".gitobjects/35/50ea1a08aca5b43cbd97b985b0fc7f52d60079": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/35/50ea1a08aca5b43cbd97b985b0fc7f52d60079"}, {".gitobjects/9d/b17f139e7a17ade977ddb49723a64ddbfd9426": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/9d/b17f139e7a17ade977ddb49723a64ddbfd9426"}, {".gitobjects/a3/54af12aa468a31f8a896e74feb80a162b800f6": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/a3/54af12aa468a31f8a896e74feb80a162b800f6"}, {".gitobjects/b2/1a28e9bbe0622bb2f812fdecd1b5fabafbcc15": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/b2/1a28e9bbe0622bb2f812fdecd1b5fabafbcc15"}, {".gitobjects/b3/5dc667c6812c61b787e7298410cc8d621fe386": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/b3/5dc667c6812c61b787e7298410cc8d621fe386"}, {".gitobjects/a2/c6521db8739a15266df69e3f44c68faacc10d5": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/a2/c6521db8739a15266df69e3f44c68faacc10d5"}, {".gitobjects/d1/addaa5b523bbb77c5719fa1db80bdeab48df2a": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/d1/addaa5b523bbb77c5719fa1db80bdeab48df2a"}, {".gitobjects/ab/f7c42e3d997ba5734e0652ca02d4ff2240ed0f": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/ab/f7c42e3d997ba5734e0652ca02d4ff2240ed0f"}, {".gitobjects/eb/e7ab7878eb30647b551eee34adee4a3b4e2211": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/eb/e7ab7878eb30647b551eee34adee4a3b4e2211"}, {".gitobjects/e4/76ed726be25c30da47922c7bc42c829105b988": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/e4/76ed726be25c30da47922c7bc42c829105b988"}, {".gitobjects/ec/17d33eae793c680abefb376c1bcf34fe36bc9d": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/ec/17d33eae793c680abefb376c1bcf34fe36bc9d"}, {".gitobjects/20/de7c109528986d928db4beef5e7f53b4bd220b": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/20/de7c109528986d928db4beef5e7f53b4bd220b"}, {".gitobjects/4b/0e17362821dcff5fd9b1da68440f74f8ce55f1": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/4b/0e17362821dcff5fd9b1da68440f74f8ce55f1"}, {".gitobjects/28/d188c183720837d00ca64866141bdb21fc3813": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/28/d188c183720837d00ca64866141bdb21fc3813"}, {".gitobjects/17/0300613ff0a0793982dcf47fa4ecb56491c4d3": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/17/0300613ff0a0793982dcf47fa4ecb56491c4d3"}, {".gitobjects/2f/120d5221f2dd82c9b494a1fe1fc3db6f3ff695": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/2f/120d5221f2dd82c9b494a1fe1fc3db6f3ff695"}, {".gitobjects/6b/156fe1db9c5cd21ca1c68b7025bae40d0c5764": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/6b/156fe1db9c5cd21ca1c68b7025bae40d0c5764"}, {".gitobjects/3f/6e830ff5ee4e059b639698e6c24b7b724f2db7": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/3f/6e830ff5ee4e059b639698e6c24b7b724f2db7"}, {".gitobjects/37/82636e8058ac848c16ccc174013f5949e5c9ed": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/37/82636e8058ac848c16ccc174013f5949e5c9ed"}, {".gitobjects/08/5f5bac1765b33c23f4f0df03a49bd6ed3e7c48": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/08/5f5bac1765b33c23f4f0df03a49bd6ed3e7c48"}, {".gitobjects/01/b41367a87294b12faf274b4c31396ec1fe116c": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/01/b41367a87294b12faf274b4c31396ec1fe116c"}, {".gitobjects/0a/ef667eecd9623cb7282e6a25c532b843d8de94": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/0a/ef667eecd9623cb7282e6a25c532b843d8de94"}, {".gitobjects/90/9c621b9516e3f2b8fc3c74bbff56f2a0e70243": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/90/9c621b9516e3f2b8fc3c74bbff56f2a0e70243"}, {".gitobjects/b0/160266e7a5ce946723146c4794163b21de7c82": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/b0/160266e7a5ce946723146c4794163b21de7c82"}, {".gitobjects/ea/1eaba9fb8343b8cc715193111f6b44baf510e3": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/ea/1eaba9fb8343b8cc715193111f6b44baf510e3"}, {".gitobjects/e9/81c6edd6ed10410bce85c5fba48ac33d44e8a9": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/e9/81c6edd6ed10410bce85c5fba48ac33d44e8a9"}, {".gitobjects/f1/fd947483ea6fb0109a065f5386414fe41988a4": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/f1/fd947483ea6fb0109a065f5386414fe41988a4"}, {".gitobjects/2c/4b1b814498865e4c77d44869e2ccc57aae72b4": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/2c/4b1b814498865e4c77d44869e2ccc57aae72b4"}, {".gitobjects/8d/b46a333ce8e63f9efb77b9b20c928f1b15127c": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/8d/b46a333ce8e63f9efb77b9b20c928f1b15127c"}, {".gitobjects/8e/c9f14468c4a3746d1385cbdd193066fda97fbc": "/Users/ajin/Code/Node.Js-Security-Course/.git/objects/8e/c9f14468c4a3746d1385cbdd193066fda97fbc"}, {".gitinfo/exclude": "/Users/ajin/Code/Node.Js-Security-Course/.git/info/exclude"}, {".gitlogs/HEAD": "/Users/ajin/Code/Node.Js-Security-Course/.git/logs/HEAD"}, {".gitlogs/refs/heads/master": "/Users/ajin/Code/Node.Js-Security-Course/.git/logs/refs/heads/master"}, {".gitlogs/refs/remotes/origin/HEAD": "/Users/ajin/Code/Node.Js-Security-Course/.git/logs/refs/remotes/origin/HEAD"}, {".gitlogs/refs/remotes/origin/master": "/Users/ajin/Code/Node.Js-Security-Course/.git/logs/refs/remotes/origin/master"}, {".githooks/commit-msg.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/commit-msg.sample"}, {".githooks/pre-rebase.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/pre-rebase.sample"}, {".githooks/pre-commit.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/pre-commit.sample"}, {".githooks/applypatch-msg.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/applypatch-msg.sample"}, {".githooks/prepare-commit-msg.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/prepare-commit-msg.sample"}, {".githooks/post-update.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/post-update.sample"}, {".githooks/pre-applypatch.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/pre-applypatch.sample"}, {".githooks/pre-push.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/pre-push.sample"}, {".githooks/update.sample": "/Users/ajin/Code/Node.Js-Security-Course/.git/hooks/update.sample"}, {".gitrefs/heads/master": "/Users/ajin/Code/Node.Js-Security-Course/.git/refs/heads/master"}, {".gitrefs/remotes/origin/HEAD": "/Users/ajin/Code/Node.Js-Security-Course/.git/refs/remotes/origin/HEAD"}, {".gitrefs/remotes/origin/master": "/Users/ajin/Code/Node.Js-Security-Course/.git/refs/remotes/origin/master"}], "good_finding": {}, "total_count": {"mis": 8, "good": 0, "sec": 3}, "sec_issues": {"Remote Code Injection": [{"sha2": "c852c46da2ff4300ecc5df666328ca54151aa715a883abbc28fac84c37a9b2be", "description": "User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE).", "title": "Server Side Injection(SSI) - eval()", "lines": "var express = require('express');\nvar app = express();\napp.get('/', function(req, res) {\n    var resp = eval(\"(\" + req.query.name + \")\");\n    res.send('Response</br>' + resp);\n});\napp.listen(8000);", "filename": "eval.js", "tag": "rci", "path": "/Users/ajin/Code/Node.Js-Security-Course/eval.js", "line": 4}, {"sha2": "06f3f0ff3deed27aeb95955a17abc7722895d3538c14648af97789d8777cee50", "description": "User controlled data in 'unserialize()' or 'deserialize()' function can result in Object Injection or Remote Code Injection.", "title": "Deserialization Remote Code Injection", "lines": "app.use(cookieParser())\n\napp.get('/', function(req, res) {\n            if (req.cookies.profile) {\n                var str = new Buffer(req.cookies.profile, 'base64').toString();\n                var obj = serialize.unserialize(str);\n                if (obj.username) {\n                    res.send(\"Hello \" + escape(obj.username));\n                }\n            } else {", "filename": "deserialization.js", "tag": "rci", "path": "/Users/ajin/Code/Node.Js-Security-Course/deserialization.js", "line": 11}], "Cross Site Scripting (XSS)": [{"sha2": "ea2354a755f62f5bf3ac2e2283e52b8b95898844e4aec455efe1cdb4ff739835", "description": "Untrusted User Input in Response will result in Reflected Cross Site Scripting Vulnerability", "title": "XSS - Reflected Cross Site Scripting", "lines": "var express = require('express');\nvar app = express();\napp.get('/', function(req, res) {\n    res.send('id: ' + req.query.id);\n    console.log(\"GET / id=\" + req.query.id);\n});\napp.listen(3000);", "filename": "hpp.js", "tag": "xss", "path": "/Users/ajin/Code/Node.Js-Security-Course/hpp.js", "line": 4}]}, "vuln_count": {"Deserialization Remote Code Injection": 1, "Server Side Injection(SSI) - eval()": 1, "XSS - Reflected Cross Site Scripting": 1}, "missing_sec_header": {"Web Security": [{"tag": "web", "description": "X-Frame-Options (XFO) header provides protection against Clickjacking attacks.", "title": "Missing Security Header - X-Frame-Options (XFO)"}, {"tag": "web", "description": "Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.", "title": "Missing Security Header - Content-Security-Policy (CSP)"}, {"tag": "web", "description": "Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.", "title": "Missing Security Header - Strict-Transport-Security (HSTS)"}, {"tag": "web", "description": "Remove the X-Powered-By header to prevent information gathering.", "title": "Infromation Disclosure - X-Powered-By"}, {"tag": "web", "description": "X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.", "title": "Missing Security Header - X-Content-Type-Options"}, {"tag": "web", "description": "X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.", "title": "Missing Security Header - X-Download-Options: noopen"}, {"tag": "web", "description": "X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.", "title": "Missing Security Header - X-XSS-Protection:1"}, {"tag": "web", "description": "Public-Key-Pins (HPKP) ensures that certificate is Pinned.", "title": "Missing Security Header - Public-Key-Pins (HPKP)"}]}}
from nodejsscan.
uberspot commented on September 4, 2024
Noice 👍
from nodejsscan.
[Feature] Add code to run nodejsscan from cli about nodejsscan HOT 3 CLOSED

Comments (3)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent
