Pentest Book
Search…
Code review

General

1
# Guidelines
2
https://rules.sonarsource.com/
3
4
# Resource
5
https://vladtoie.gitbook.io/secure-coding/
6
7
# Tools
8
https://www.sonarqube.org/downloads/
9
https://deepsource.io/signup/
10
https://github.com/pyupio/safety
11
https://github.com/returntocorp/semgrep
12
https://github.com/WhaleShark-Team/cobra
13
https://github.com/mhaskar/Bughound
14
15
# Find interesting strings
16
https://github.com/s0md3v/hardcodes
17
https://github.com/micha3lb3n/SourceWolf
18
https://libraries.io/pypi/detect-secrets
19
20
# Tips
21
1.Important functions first
22
2.Follow user input
23
3.Hardcoded secrets and credentials
24
4.Use of dangerous functions and outdated dependencies
25
5.Developer comments, hidden debug functionalities, configuration files, and the .git directory
26
6.Hidden paths, deprecated endpoints, and endpoints in development
27
7.Weak cryptography or hashing algorithms
28
8.Missing security checks on user input and regex strength
29
9.Missing cookie flags
30
10.Unexpected behavior, conditionals, unnecessarily complex and verbose functions
Copied!

JavaScript

1
https://jshint.com/
2
https://github.com/jshint/jshint/
Copied!

NodeJS

1
https://github.com/ajinabraham/nodejsscan
Copied!

Electron

1
https://github.com/doyensec/electronegativity
2
https://github.com/doyensec/awesome-electronjs-hacking
Copied!

Python

1
# bandit
2
https://github.com/PyCQA/bandit
3
# pyt
4
https://github.com/python-security/pyt
5
# atheris
6
https://github.com/google/atheris
7
# aura
8
https://github.com/SourceCode-AI/aura
Copied!

.NET

1
# dnSpy
2
https://github.com/0xd4d/dnSpy
3
4
# .NET compilation
5
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe test.cs
6
7
# Cheatsheet
8
https://www.c-sharpcorner.com/UploadFile/ajyadav123/net-penetration-testing-cheat-sheet/
Copied!

PHP

1
# phpvuln
2
https://github.com/ecriminal/phpvuln
Copied!

C/C++

1
# flawfinder
2
https://github.com/david-a-wheeler/flawfinder
Copied!

Java

1
# JD-Gui
2
https://github.com/java-decompiler/jd-gui
3
4
# Java compilation step-by-step
5
javac -source 1.8 -target 1.8 test.java
6
mkdir META-INF
7
echo "Main-Class: test" > META-INF/MANIFEST.MF
8
jar cmvf META-INF/MANIFEST.MF test.jar test.class
Copied!
Task
Command
Execute Jar
java -jar [jar]
Unzip Jar
unzip -d [output directory] [jar]
Create Jar
jar -cmf META-INF/MANIFEST.MF [output jar] *
Base64 SHA256
sha256sum [file] | cut -d' ' -f1 | xxd -r -p | base64
Remove Signing
rm META-INF/.SF META-INF/.RSA META-INF/*.DSA
Delete from Jar
zip -d [jar] [file to remove]
Decompile class
procyon -o . [path to class]
Decompile Jar
procyon -jar [jar] -o [output directory]
Compile class
javac [path to .java file]
Last modified 2mo ago