Last active
December 5, 2015 17:39
-
-
Save nstarke/7ee0c1d357ae55caf09b to your computer and use it in GitHub Desktop.
Egrep commands to find security vulnerabilities and perform security audits on CSharp code. Useful for penetration testers operating in a Microsoft / CSharp environment.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Returns instances where anti xss measures are deployed | |
| egrep -r --include "*.cs" -e "(AntiXssEncoder|Server\.HtmlEncode|Html.Encode)" . | |
| # Returns possible command injection areas | |
| egrep -r --include "*.cs" -e "(Process|Process\.Start)\(" . | |
| # Returns possible xss scenarios (string concatention in HTML/XML) | |
| egrep -r --include "*.cs" -e "<.*>\"\s*\+.*\+\s*\"<.*>" . | |
| # Returns places where anti csrf measure are deployed | |
| egrep -r --include "*.cs" -e "ValidateAntiForgeryToken" . | |
| # Returns places where raw sql statements are executed | |
| egrep -r --include "*.cs" -e "(ExecuteNonQuery|SqlCommand)\(" . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment