SucoshScanny: automated Source Code vulnerability scanner and assessment framework
Sucosh Scanny
“Sucosh” is an automated Source Code vulnerability scanner(SAST) and assessment framework for Python(Flask-Django) & NodeJs capable of performing code review in Web Application Developing or Source Code Analysis processes. It can detect a lot of vulnerabilities (RCE, SSTI, Insecure Deserialization, SSRF, SQLI, CSRF, etc.) in a given source code. For now, only the detection modules of python(flask, Django) and nodejs(express js.) languages are finished. In the future, specific detection functions will be written for php (Laravel, Codeigniter), .NET, Go, and other languages.
Scaning
Python
- Flask
- Django
Node Js.
- Express JS.
Other Languages and Frameworks
- There will be an update soon
RCE
- Find Danger Functions
- Find Mitigation Functions
- Tracking İnputs
LFI
- Find Danger Functions
- Tracking İnputs
SSTI
- Find Danger Functions
- Tracking İnputs
SSRF
- Find Danger Functions
- Tracking İnputs
CSRF
- Check CSRF Token in HTML Forms
Secret Detection
- Check Secrets Data (AWS-Key etc.)
SQLI
- Find String Concanations in SQL Structures
- Find İnputs in the source code
CVE
- Check Vulnerable Dependencies
XSS
Reflected
- Find String Concanations in SQL Structures
- Find İnputs every programming language
Stored
- Find Danger Fuctions in every programming language
- Find İnputs every programming languages
- Find Mitigation Fuctions in every programming language
DOM
- Find Danger Fuctions DOM and every programming language
- Find Mitigation Fuctions DOM every programming language
- Find İnputs DOM in every programming language
- Find vulnerable Jquery versions
Custom Rule Sets
- Rule Set İntegration with YAML
Web Features
** To Do Developer Teams**
- Admin Dashboard and Developers Dashboards
- Graphs for Severity of All Vulnerabilities
- Listing Vulnerabilities
- Github or Gitlab Api Key integration
Download
git clone https://github.com/MustafaBilgici/SucoshScanny.git
Use
