Bughound: open-source static code analysis tool

What is Bughound?

Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential vulnerabilities in your code.

Bughound has its own Elasticsearch and Kibana Docker image that is preconfigured with dashboards to give you a strong visualization for the findings.

You can detect various types of vulnerabilities such as:

• Command Injection.
• XXE.
• Unsafe Deserialization.
• And more!

Bughound can analyze PHP and JAVA code for now, and it contains a group of unsafe functions for these languages.

How does it work?

First of all, Bughound will build a list of all the files inside your project based on the extension of the files you want to audit, then it will read each file and try to find any pre-defined unsafe functions for your project’s language.

The analysis phase depends on pre-configured regex and some custom text matching to detect the potential vulnerabilities, so again, you need to do the manual analysis so you can check if these findings are exploitable.

Finally, it will send the results to the Bughound docker image which has a pre-configured Elasticsearch and Kibana that contain the customized dashboards for your findings.

The dashboards will give you details about the findings such as:

• Function name.
• Category of the vulnerability.
• Line number.
• And much more!

Also using Kibana, you will be able to view the potentially vulnerable code snippet to start doing your analysis and tracing phase to check if it’s exploitable or not.

Of course, you can use your own ELK stack if you want, and Bughound will do the initial configuration for you, but you will not have the pre-configured dashboards in this case.

Install

git clone https://github.com/mhaskar/Bughound

pip3 install -r requirements.txt

Use

Scan Local project

For example, to scan a local php project, you can use the following command:

./bughound.py –path /opt/dummyproject –language php –extension .php –name dummyproject

This command will create a new project called “dummyproject” in the Elasticsearch index, and crawl all the local files with the extension “.php” in the local path “/opt/dummyproject” and ship the results to Elasticsearch.

Scan remote git repository

Also, you can pull a remote project from the git repository using –git switch like the following:

./bughound.py –git https://github.com/DummyCode/DummyProject –language php –extension .php –name dummyproject

Bughound will clone the code for you and save it in the projects directory, then will scan it.

Tutorial

Copyright (C) 2021 mhaskar