codewarrior: detect sinks of SQL injection, SSTI, XXE, LFI, XSS
Codewarrior
Codewarrior is a tool for static code analysis. Codewarrior is a tool to help you in manual code review for different programming languages. You can load external rules for each context of programming language to detect sinks of SQL injection, SSTI, XXE, LFI, XSS, and soon. Following another point, yes, you can load rules to extract secrets of files following a recursive approach to extract resources, for example, to show tokens of AWS, GCP, and Azure accounts.
The tool uses Moongose HTTPd resources with TLS, design pattern follows the KISS principle.
Features
- Resources to load and search custom rules
- Resources to recursive search in files following sink point by regex rule and file extension
- Options to edit rules on the fly
- Options to list files by extension
- Rules to extract credentials (Azure, AWS, GCP, twilio and soon)
- HTTPd view with web socket resources and effects with prismjs, fancybox, and jquery
- Syntax highlighted by programming language
- Resource to control IP address to access codewarrior by allow list.
Trick
* All HTML code and web sockets + javascript code you can view at path “web/”.
* If you change the default port, you need to edit the port in web/ at web sockets connection.
Install & Use
Copyright (c) 2015, Antonio Carlos Costa da Silva, aka “CoolerVoid”
All rights reserved.