chevron_left chevron_right
Login Register invert_colors photo_library
Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Hawkeye scanner-cli filter_list
Author
Message
Hawkeye scanner-cli #1
[Image: FCXbs3g.png]
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.
Modules
Modules are basically little bits of code that either implement their own logic, or wrap a third party tool and standardise the output. They only run if the required criteria are met. For example: The
Code:
npm outdated

module would only run if a
Code:
package.json

is detected in the scan target - as a result, you don't need to tell Hawkeye what type of project you are scanning.

Generic Modules
  • files-ccnumber: Scans for suspicious file contents that are likely to contain credit card numbers
  • files-contents: Scans for suspicious file contents that are likely to contain secrets
  • files-entropy: Scans files for strings with high entropy that are likely to contain passwords. Entropy scanning is disabled by default because of the high number of false positives. It is useful to scan codebases every now and then for keys, in which case please run it please using the
    -m files-entropy
  • switch.
  • files-secrets: Scans for suspicious filenames that are likely to contain secrets
Node.js
  • node-npmaudit: Checks node projects for dependencies with known vulnerabilities with npm audit
  • node-npmoutdated: Checks node projects for outdated npm modules with npm outdated
  • node-yarnaudit: Checks yarn projects for dependencies with known vulnerabilities with yarn audit
  • node-yarnoutdated: Checks node projects for outdated yarn modules with yarn outdated
PHP
  • php-security-checker: Checks whether the composer.lock contains dependencies with known vulnerabilities using security-checker
Python
  • python-bandit: Scans for common security issues in Python code with bandit.
  • python-piprot: Scans python dependencies for out of date packages with piprot
  • python-safety: Checks python dependencies for known security vulnerabilities with the safety tool.
Ruby
  • ruby-brakeman: Statically analyzes Rails code for security issues with Brakeman.
  • ruby-bundler-scan: Scan for Ruby gems with known vulnerabilities using bundler
[Image: Vs4P58c.png]

Reply






Users browsing this thread: 1 Guest(s)