nstarke · January 8, 2025 13:58
diff --git a/nodejs-security-vulnerability-grep.sh b/nodejs-security-vulnerability-grep.sh
 # this command will return instances where the child_process module is loaded.  
 # that module is generally a good signal that the application is shelling out
 egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "require(\s*)\((\s*)'child_process'(\s*))" .

 # this command will return instances where code is dynamically executed.  
 egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "eval(\s*)\(" .

 # this command will check common dangerous functions and report when strings are arguments
 egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)\".*\"" .

 # same as above but will catch variables passed as arguments
 egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)" .

 # this command can be used to gauge whether or not CSRF protections are in place in libraries such as express
 # if no results are returned, that can mean no CSRF protections exist at the framework level.  
 # will vary based on application framework.
 grep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "csrf" .

 # NODE-ORM, Sequelize: find places where potential unsafe SQL queries are executed:
 egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "\.(execQuery|query)(\s*)\((\s*)\".*\".*\+" .

 # mongoose: database connect functions (look for hard-coded credentials)
 egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "\.(createConnection|connect)(\s*)\(" .

 # hard coded port values in JSON documents:
 egrep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "\"port\.*\"(\s*):(\s*)\d+" .

 # look for username / password strings for json keys:
 egrep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "\"(username|user|password|pass)\"(\s*):(\s*)\".*\"" .

 # look for places with possible dom-based XSS
 egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(window.)?location((\s*)|\.)(href)?\=" .
	# this command will return instances where the child_process module is loaded.
	# that module is generally a good signal that the application is shelling out
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "require(\s)\((\s)'child_process'(\s))" .

	# this command will return instances where code is dynamically executed.
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "eval(\s)\(" .

	# this command will check common dangerous functions and report when strings are arguments
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "(setInterval\|setTimeout\|new(\s)Function)(\s)\((\s)\".*\"" .

	# same as above but will catch variables passed as arguments
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "(setInterval\|setTimeout\|new(\s)Function)(\s)\((\s)" .

	# this command can be used to gauge whether or not CSRF protections are in place in libraries such as express
	# if no results are returned, that can mean no CSRF protections exist at the framework level.
	# will vary based on application framework.
	grep -r --exclude-dir "node_modules" --include ".js" --include ".json" --exclude ".min." -e "csrf" .

	# NODE-ORM, Sequelize: find places where potential unsafe SQL queries are executed:
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "\.(execQuery\|query)(\s)\((\s)\".\".*\+" .

	# mongoose: database connect functions (look for hard-coded credentials)
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "\.(createConnection\|connect)(\s)\(" .

	# hard coded port values in JSON documents:
	egrep -r --exclude-dir "node_modules" --include ".js" --include ".json" --exclude ".min." -e "\"port\.\"(\s):(\s*)\d+" .

	# look for username / password strings for json keys:
	egrep -r --exclude-dir "node_modules" --include ".js" --include ".json" --exclude ".min." -e "\"(username\|user\|password\|pass)\"(\s):(\s)\".*\"" .

	# look for places with possible dom-based XSS
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "(window.)?location((\s)\|\.)(href)?\=" .