scodescanner: scan the source code for finding the Critical Vulnerabilities

SCodeScanner

SCodeScanner stands for Source Code scanner where the user can scan the source code for finding the Critical Vulnerabilities. The main objective of this scanner is to find the vulnerabilities inside the source code before the code gets published in Prod.

Features

1. Supported PHP Language
2. Supported YAML Language
3. Pass results to bug tracking services like Jira also Slack (Sending files to groups to multiple people at once).
4. Gives results in JSON format, which can easily be used in any other program.
5. Works with Rules. We only need to create some rules in which the target rule is not present in the php/yaml directory.
6. Rules that can scan advanced patterns

Achievements

SCodeScanner received 5 CVEs for finding vulnerabilities in multiple CMS plugins.

• CVE-2022-1465
• CVE-2022-1474
• CVE-2022-1527
• CVE-2022-1532
• CVE-2022-1604

Install

git clone https://github.com/agrawalsmart7/scodescanner.git
cd scodescanner
pip3 install -r requirements.txt

Use

Copyright (C) 2022 agrawalsmart7 

Source: https://github.com/agrawalsmart7/