HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Hawkeye scanner-cli v1.8.1 - security/vulnerability/risk scanning tool

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,610
Solutions
2
Reputation
32
Reaction score
100,454
Points
2,313
Credits
32,620
‎6 Years of Service‎
 
76%
output-768x744.png


The Hawkeye scanner-cli is project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.

  •     Designed to be entirely extensible by just adding new modules with the correct signature to lib/modules
  •     Modules return results via a common interface, which permits consolidated reporting and artifact generation
  •     Should be very easy to run regardless of the type of project that you’re scanning

Modules

Modules are basically little bits of code that either implement their own logic, or wrap a third party tool and standardise the output. They only run if the required criteria are met. For example: The npm outdated module would only run if a package.json is detected in the scan target – as a result, you don’t need to tell Hawkeye what type of project you are scanning.

Generic Modules

    files-ccnumber: Scans for suspicious file contents that are likely to contain credit card numbers
    files-contents: Scans for suspicious file contents that are likely to contain secrets
    files-entropy: Scans files for strings with high entropy that are likely to contain passwords. Entropy scanning is disabled by default because of the high number of false positives. It is useful to scan codebases every now and then for keys, in which case please run it please using the -m files-entropy switch.
    files-secrets: Scans for suspicious filenames that are likely to contain secrets

Java

    java-find-secbugs: Finds common security issues in Java code with findsecbugs
    java-owasp: Scans Java projects for gradle/maven dependencies with known vulnerabilities with the OWASP dependency checker

Node.js

    node-crossenv: Scans node projects for known malicious crossenv dependencies
    node-npmaudit: Checks node projects for dependencies with known vulnerabilities with npm audit
    node-npmoutdated: Checks node projects for outdated npm modules with npm outdated

PHP

    php-security-checker: Checks whether the composer.lock contains dependencies with known vulnerabilities using security-checker

Python

    python-bandit: Scans for common security issues in Python code with bandit.
    python-piprot: Scans python dependencies for out of date packages with piprot
    python-safety: Checks python dependencies for known security vulnerabilities with the safety tool.

Ruby

    ruby-brakeman: Statically analyzes Rails code for security issues with Brakeman.
    ruby-bundler-scan: Scan for Ruby gems with known vulnerabilities using bundler

Adding a module

If you have an idea for a module, please feel free open a feature request in the issues section. If you have a bit of time left, please consider sending us a pull request. To see modules work, please head over to the modules folder to find how things are working.

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top