Audit Node Modules With YARA Rules
The purpose of this tool is to run a given set of YARA rules against the given node_module folder. With this approach, We can define YARA rules to identify suspicious scripts which are injected into node packages. Mainly inspired by these articles: Malicious packages in npm, Malicious NPM packages target Amazon, Slack with new dependency attacks, Hunting malicious NPM packages. This package can be added to the CI/CD pipeline. Software Requirements: Docker, Docker Compose, Makefile. How to use: Clone this repo, execute audit operation with `make` command, report available in `artifacts/output.json`.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
Nmap is an essential network scanning tool used for network security auditing and status monitoring.
A Ruby script that scans networks for vulnerable third-party web applications and front-ends with known exploitable security flaws.
All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.