chevron_left chevron_right
Login Register invert_colors photo_library
Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Electronegativity is a tool to identify misconfigurations and security anti-patterns filter_list
Author
Message
Electronegativity is a tool to identify misconfigurations and security anti-patterns #1
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications.
It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper.
Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron. A good understanding of Electron (in)security is still required when using Electronegativity, as some of the potential issues detected by the tool require manual investigation.
If you're interested in Electron Security, have a look at our BlackHat 2017 research Electronegativity - A Study of Electron Security and keep an eye on the Doyensec's blog.


[Image: electrodemo.gif]
Usage:
Code:
$ electronegativity -h
Code:
Option
Description-V
output the version number
-i, --input
input (directory, .js, .html, .asar)
-l, --checks
only run the specified checks, passed in csv format
-s, --severity
only return findings with the specified level of severity or above
-c, --confidence
only return findings with the specified level of confidence or above
-o, --output <filename[.csv or .sarif]>
save the results to a file in csv or sarif format
-r, --relative
show relative path for files
-h, --help
output usage information
[Image: Vs4P58c.png]

Reply






Users browsing this thread: 1 Guest(s)