0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity
hacktricks/pentesting/pentesting-web/code-review-tools.md

4.7 KiB
Raw Blame History

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.

Code Review Tools

General

https://owasp.org/www-community/Source_Code_Analysis_Tools

https://www.sonarqube.org/downloads/
https://deepsource.io/signup/
https://github.com/pyupio/safety
https://github.com/returntocorp/semgrep
https://github.com/WhaleShark-Team/cobra
https://github.com/insidersec/insider

# Find interesting strings
https://github.com/s0md3v/hardcodes
https://github.com/micha3lb3n/SourceWolf
https://libraries.io/pypi/detect-secrets

JavaScript

https://jshint.com/
https://github.com/jshint/jshint/

NodeJS

https://github.com/ajinabraham/nodejsscan

Electron

https://github.com/doyensec/electronegativity

Python

# bandit
https://github.com/PyCQA/bandit
# pyt
https://github.com/python-security/pyt

.NET

# dnSpy
https://github.com/0xd4d/dnSpy

# .NET compilation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe test.cs

Java

# JD-Gui
https://github.com/java-decompiler/jd-gui

# Java compilation step-by-step
javac -source 1.8 -target 1.8 test.java
mkdir META-INF
echo "Main-Class: test" > META-INF/MANIFEST.MF
jar cmvf META-INF/MANIFEST.MF test.jar test.class
Task Command
Execute Jar java -jar [jar]
Unzip Jar unzip -d [output directory] [jar]
Create Jar jar -cmf META-INF/MANIFEST.MF [output jar] *
Base64 SHA256 sha256sum [file] | cut -d' ' -f1 | xxd -r -p | base64
Remove Signing rm META-INF/.SF META-INF/.RSA META-INF/*.DSA
Delete from Jar zip -d [jar] [file to remove]
Decompile class procyon -o . [path to class]
Decompile Jar procyon -jar [jar] -o [output directory]
Compile class javac [path to .java file]

Go

https://github.com/securego/gosec

PHP

Psalm and PHPStan.

Solidity

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.