Audit Node Modules With YARA Rules Logo

Audit Node Modules With YARA Rules

0
Free
Visit Website

The purpose of this tool is to run a given set of YARA rules against the given node_module folder. With this approach, We can define YARA rules to identify suspicious scripts which are injected into node packages. Mainly inspired by these articles: Malicious packages in npm, Malicious NPM packages target Amazon, Slack with new dependency attacks, Hunting malicious NPM packages. This package can be added to the CI/CD pipeline. Software Requirements: Docker, Docker Compose, Makefile. How to use: Clone this repo, execute audit operation with `make` command, report available in `artifacts/output.json`.

FEATURES

ALTERNATIVES

Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.

Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.

A Capture The Flag (CTF) platform for testing computer security skills

All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.

A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers

A script that checks for common best-practices around deploying Docker containers in production.