Forked from nstarke/nodejs-security-vulnerability-grep.sh
Created
October 5, 2024 09:06
-
-
Save Splint3r7/96967257bad766523f21059d0a4cddf9 to your computer and use it in GitHub Desktop.
Node.js Security Vulnerability Grep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this command will return instances where the child_process module is loaded. | |
| # that module is generally a good signal that the application is shelling out | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "require(\s*)\((\s*)'child_process'(\s*))" . | |
| # this command will return instances where code is dynamically executed. | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "eval(\s*)\(" . | |
| # this command will check common dangerous functions and report when strings are arguments | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)\".*\"" . | |
| # same as above but will catch variables passed as arguments | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)" . | |
| # this command can be used to gauge whether or not CSRF protections are in place in libraries such as express | |
| # if no results are returned, that can mean no CSRF protections exist at the framework level. | |
| # will vary based on application framework. | |
| grep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "csrf" . | |
| # NODE-ORM, Sequelize: find places where potential unsafe SQL queries are executed: | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "\.(execQuery|query)(\s*)\((\s*)\".*\".*\+" . | |
| # mongoose: database connect functions (look for hard-coded credentials) | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "\.(createConnection|connect)(\s*)\(" . | |
| # hard coded port values in JSON documents: | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "\"port\.*\"(\s*):(\s*)\d+" . | |
| # look for username / password strings for json keys: | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "\"(username|user|password|pass)\"(\s*):(\s*)\".*\"" . | |
| # look for places with possible dom-based XSS | |
| egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(window.)?location((\s*)|\.)(href)?\=" . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment