Audit Node Modules With YARA Rules Logo

Audit Node Modules With YARA Rules

0
Free
Visit Website

The purpose of this tool is to run a given set of YARA rules against the given node_module folder. With this approach, We can define YARA rules to identify suspicious scripts which are injected into node packages. Mainly inspired by these articles: Malicious packages in npm, Malicious NPM packages target Amazon, Slack with new dependency attacks, Hunting malicious NPM packages. This package can be added to the CI/CD pipeline. Software Requirements: Docker, Docker Compose, Makefile. How to use: Clone this repo, execute audit operation with `make` command, report available in `artifacts/output.json`.

FEATURES

ALTERNATIVES

A vulnerable web site for testing Sentinel features

XGuardian XARA Security Scanner for OSX with URL scheme, Bundle ID, and keychain hijack checks.

A repository of open-source plugins for Rapid7 InsightConnect

A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.

Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.

FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.

A collection of SQL injection cheat sheets for various databases

A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.

PINNED