graudit
Tool and Usage
Project details
- License
- GPLv3
- Programming language
- shell script
- Author
- Eldar Marcussen
- Latest release
- 3.6
- Latest release date
Project health
Why this tool?
Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.
How it works
Graudit is short for Grep rough audit. Not surprisingly, it uses the GNU grep utility to find security flaws in source code. The tool has a set of database files that include patterns for each supported programming language. It uses these patterns to evaluate the code and see if there are any positive matches. If the tool finds a match, it will display this.
Usage and audience
graudit is commonly used for code analysis. Target users for this tool are developers, pentesters, and security professionals.
Features
- Command line interface
Example usage and output
.___ __ __
_________________ __ __ __| _/|__|/ |_
/ ___\_` __ \__ \ | | \/ __ | | \\_ __\
/ /_/ > | \// __ \| | / /_/ | | || |
\___ /|__| (____ /____/\____ | |__||__|
/_____/ \/ \/
grep rough audit - static analysis tool
v2.1 written by @Wireghoul
=================================[justanotherhacker.com]===
Usage: graudit [opts] /path/to/scan
OPTIONS
-A scan ALL files
-B supress banner
-c <num> number of lines of context to display, default is 2
-d <dbname> database to use or /path/to/db/file
-h prints a short help text
-i case in-sensitive search
-l lists databases available
-L vim friendly lines
-v prints version number
-x exclude these files (comma seperated list:-x *.js,*.sql)
-z supress colors
-Z high contrast colors
Database is one of asp, jsp, other, perl, php, python or default, not providing a database will use default
/path is the path to the file or directory to audit
.___ __ __
_________________ __ __ __| _/|__|/ |_
/ ___\_` __ \__ \ | | \/ __ | | \\_ __\
/ /_/ > | \// __ \| | / /_/ | | || |
\___ /|__| (____ /____/\____ | |__||__|
/_____/ \/ \/
grep rough audit - static analysis tool
v2.1 written by @Wireghoul
=================================[justanotherhacker.com]===
/tmp/vuln/test.py-28-
/tmp/vuln/test.py:29:def file_access(request):
/tmp/vuln/test.py-30- msg = request.GET.get('msg', '')
##############################################
/tmp/vuln/test.py-41- try:
/tmp/vuln/test.py:42: data = open(os.path.join(base_path, filename), 'rb').read()
/tmp/vuln/test.py-43- except IOError:
##############################################
/tmp/vuln/test.py-63- try:
/tmp/vuln/test.py:64: os.unlink('p0wned.txt')
/tmp/vuln/test.py-65- except:
##############################################
/tmp/vuln/test.py-71- # Try it the Python 3 way...
/tmp/vuln/test.py:72: exec(base64.decodestring(bytes(first_name, 'ascii')))
/tmp/vuln/test.py-73- except TypeError:
##############################################
/tmp/vuln/test.py-75- try:
/tmp/vuln/test.py:76: exec(base64.decodestring(first_name))
/tmp/vuln/test.py-77- except:
##############################################
/tmp/vuln/test.py-83- try:
/tmp/vuln/test.py:84: data = open('p0wned.txt').read()
/tmp/vuln/test.py-85- except IOError:
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + The source code is easy to read and understand
- + Tool is easy to use
- + Used language is shell script
- + The source code of this software is available
Installation
Supported operating systems
Graudit is known to work on Linux.
graudit alternatives
Similar tools to graudit:
Bandit
Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.
gosec
Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. Read how it works in this review.
PyT
Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Categories
This tool is categorized as a Linux static analysis tool, Python code analysis tool, code security testing tool, and static code analyzer.