/vulnerability_tool

Automated vulnerability scanning tool for any code repository.

Primary LanguagePythonMIT LicenseMIT

Generic Vulnerability Tool

An automated vulnerability scanning tool for any code repository.

While there are a number of existing tools out there that can scan a specific codebase (ex. Python, React.js, C#, .NET), there isn't a single solution that can work for all of them. The purpose of this tool, is to be an easily extendable solution, for any type of codebase.

Structure

One of the key features of this tool is how it's structured. This project is divided up into two main pieces:

  • The core framework /framework
  • Test modules /vulnerability_modules

The purpose of the core framework is to call each test module, passing in a file, its contents, and other helpful information, to determine if there is a vulnerability. Each test module represents a single vulnerability to look for. By adding a test module to /vulnerability_modules, the core framework can automatically find it and call it when performing the vulnerability scan.

Set Up

  1. Navigate to the root directory of your project (that you want to set up vulnerability scanning).
  2. Clone this repository with the following command:
git clone https://github.com/kevjin/vulnerability_tool
  1. Run the command to scan all project files:
python vulnerability_tool/run_tool.py

Troubleshooting Setup:

  • Check that Python is version 2.7. Try Python -V
  • If any Python dependencies are missing, make sure to install them. (Ex. pip install colorama)
  • If troubleshooting fails, create an issue in the Github project.

Git Integration

The vulnerability tool supports git integration, so every time a developer makes a git commit, the tool will automatically perform a scan on any changed files.

2-Step Set up

  1. Copy the file precommit_hook/pre-commit.py into .git/hooks/. Since .git/ is a hidden directory, you may need to configure your IDE to show hidden files.
  2. Rename the copied pre-commit.py file to pre-commit.

DEBUG Mode

By default, DEBUG mode is set to true. When a vulnerability scan is run, any passed tests are shown as well. It may be cleaner to set DEBUG=False in framework/tool.py.

Ignore Error Messages

Use the following flag to make a commit and skip the vulnerability scans:

git commit -m <MSG HERE> --no-verify

Contributing

See CONTRIBUTING.md