ajinabraham/nodejsscan ajinabraham/nodejsscan

  • Stars
    star
    2,233
  • Rank 19,935 (Top 0.5 %)
  • Language
    CSS
  • License
    GNU General Publi...
  • Created over 9 years ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ajinabraham/nodejsscan
github

ajinabraham

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

nodejsscan is a static security code scanner for Node.js applications.

nodejsscan nodejsscan icon

Static security code scanner (SAST) for Node.js applications powered by libsast and semgrep.

Made with Love in India Tweet

platform License python Tests

Support nodejsscan

  • Donate via Paypal: Donate via Paypal
  • Sponsor the Project: Github Sponsors

e-Learning Courses & Certifications

OpSecX Video Course OpSecX Node.js Security: Pentesting and Exploitation - NJS

Run nodejsscan

docker pull opensecurity/nodejsscan:latest
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

Setup nodejsscan locally

Install Postgres and configure SQLALCHEMY_DATABASE_URI in nodejsscan/settings.py or as environment variable.

From version 4 onwards, windows support is dropped.

git clone https://github.com/ajinabraham/nodejsscan.git
cd nodejsscan
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 manage.py recreate-db # Run once to create database schema

To run nodejsscan

./run.sh

This will run nodejsscan web user interface at http://127.0.0.1:9090

Command Line Interface(CLI) and Python API

njsscan_cli

Presentations

Watch the video

Integrations

Slack Alerts

Create your slack app Slack App and set SLACK_WEBHOOK_URL in nodejsscan/settings.py or as environment variable.

nodejsscan slack alert

Email Alerts

Configure SMTP settings in nodejsscan/settings.py or as environment variable.

CI/CD or DevSecOps

Build Docker image

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

nodejsscan screenshots

nodejsscan web ui nodejsscan dashboard nodejsscan charts nodejsscan overview nodejsscan findings

More Repositories

1

CMSScan

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
CSS
913
star
2

OWASP-Xenotix-XSS-Exploit-Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
Python
502
star
3

Xenotix-Python-Keylogger

Xenotix Python Keylogger for Windows.
Python
451
star
4

njsscan

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
JavaScript
314
star
5

Node.Js-Security-Course

Contents for Node.Js Security Course
JavaScript
313
star
6

Droid-Application-Fuzz-Framework

Android application fuzzing framework with fuzzers and crash monitor.
HTML
270
star
7

WebAppSec

Web Application Security
Python
120
star
8

Static-DOM-XSS-Scanner

Static DOM XSS Scanner is a Static Analysis tool written in python that will iterate through all the JavaScript and HTML files under the given directory and will list out all the possible sources and sinks that may cause DOM XSS. At the end of the scan, the tool will generate an HTML report.
Python
116
star
9

libsast

Generic SAST Library
Python
105
star
10

Xenotix-APK-Reverser

Xenotix APK Reverser is an OpenSource Android Application Package (APK) decompiler and disassembler powered by dex2jar, baksmali and jd-core.
Python
76
star
11

aws_security_tools

Scripts and tools for AWS Pentest
Python
51
star
12

PoC

Proof of Concepts, Exploits
Python
28
star
13

Xenotix-xBOT

Xenotix xBOT is a Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C
Python
27
star
14

njsscan-action

nodejsscan Github Action
Dockerfile
20
star
15

WhatsApp-AutoClean

WhatsApp AutoClean is an android app that removes all WhatsApp media (images, videos, sound etc) and hide them from being shown in Gallery
Java
16
star
16

tizen-security

Tools made for Tizen Security Analysis
Python
14
star
17

Exploit-Research-Ported

Exploit Research & Development - Ported Exploits
Python
11
star
18

package_scan

PoC: Python package static and dynamic analysis to detect environment variable stealing
Python
10
star
19

node.js-simple-https-server

A simple HTTPS server that uses self signed certificate. Useful for PoC purposes
JavaScript
8
star
20

JSComm-API-Hooker

Tool to hook all communication APIs including XHR/XHR2, WebSockets, Web Workers, PostMessage and Server Sent Events
JavaScript
8
star
21

bad_python_extract

A vulnerable web application written in Python Flask to demonstrate insecure file extraction
Python
8
star
22

Android-SSL-Certificate-Pinning

A sample android application implementing Moxie's Certificate Pinning Library
Java
8
star
23

Vulnerable_Tornado_App

An intentionally vulnerable web application written in Python using Tornado
CSS
7
star
24

OpSec-Firefox-Addon-Exploit-Suite

OpSec Firefox Addon Exploit Suite is a POC application that demonstrate various flaws in the Firefox Add-on Security Model.
Visual Basic
7
star
25

OAuth-Request-Crafter

OAuth Request Crafter
Visual Basic
7
star
26

AutomatingWindowsPrivilegeEscalation

Python
5
star
27

poc-rogue

Python
4
star
28

python-hash-calculator

Python Hash Calculator
4
star
29

simple-php-browser-detection

Simple PHP script to get browser details.
3
star
30

SafeDOM

A failed attempt to prevent DOM XSS.
JavaScript
2
star
31

YouPlay

Media Server that dumps youtube playlist into mp3
Python
2
star
32

ctf

HTML
1
star
33

awesome-windows-exploitation

A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom
1
star
34

apache-struts2-CVE-2017-5638

Demo Application and Exploit
Python
1
star
35

PacSec2014

Demo at PacSec2014
Python
1
star
36

Google-Voice-on-Zenwatch-3-button

Google Voice on ZenWatch 3 crown button
Java
1
star
37

codeql-uboot

CodeQL
1
star
38

NoSQLi-Vulnerable-App

NoSQLi Vulnerable App
HTML
1
star
39

PebbleWatch-LocateMe

Pebble App that Locates You
JavaScript
1
star