The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly identify the weakness.
The tool supports the semgrep integration.
Learn more on http://scodescanner.info
New features are added on this tool.
- Scans folder inside folder inside folder and so on..
- Added more ways of finding user controlled variable, one eg:-
$x = $this->getRequest()->getParam('id') - Integration of Semgrep
- It will not only notify you at which file but also which line the vulnerable code exists for quickly identified it.
- Results out in
.txtfile - Scan each variable in each file
- Gives you the best results on the basis of rules defined in rules directory.
PHP, Python3
If you don't have any of these please download, then,
- Python V3 must be installed
- On terminal:-
pip3 install -r requirements.txt - On terminal:-
python3 scodescanner.py --help
If still you face import error please try to import it with pip and open a issue if possible.
I would really like to hear your thoughts on this tool. And if you wanted to contribute in this tool please let me know on Twitter agrawalsmart7 or you can send me a Pull request.
For now, I have focused only on PHP, but in future, I will make this scanner for other languages too. Focused languages are:- PHP, ASP, PYTHON JAVA. Let me know if anyone interested.
Also, I will update this tool regularly to make it more powerful.