graudit

LSE top 100LSE top 100graudit (52)graudit (52)

Tool and Usage

Project details
LicenseGPLv3
Programming languageshell script
AuthorEldar Marcussen
Latest release2.2 []

Project health

85
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.

How it works

Graudit is short for Grep rough audit. Not surprisingly, it uses the GNU grep utility to find security flaws in source code. The tool has a set of database files that include patterns for each supported programming language. It uses these patterns to evaluate the code and see if there are any positive matches. If the tool finds a match, it will display this.

Usage and audience

graudit is commonly used for code analysis. Target users for this tool are developers, pentesters, and security professionals.

Features

  • Command line interface

Example usage and output

===========================================================
.___ __ __
_________________ __ __ __| _/|__|/ |_
/ ___\_` __ \__ \ | | \/ __ | | \\_ __\
/ /_/ > | \// __ \| | / /_/ | | || |
\___ /|__| (____ /____/\____ | |__||__|
/_____/ \/ \/
grep rough audit - static analysis tool
v2.1 written by @Wireghoul
=================================[justanotherhacker.com]===
Usage: graudit [opts] /path/to/scan

OPTIONS
-A scan ALL files
-B supress banner
-c <num> number of lines of context to display, default is 2
-d <dbname> database to use or /path/to/db/file
-h prints a short help text
-i case in-sensitive search
-l lists databases available
-L vim friendly lines
-v prints version number
-x exclude these files (comma seperated list:-x *.js,*.sql)
-z supress colors
-Z high contrast colors


Database is one of asp, jsp, other, perl, php, python or default, not providing a database will use default
/path is the path to the file or directory to audit
Options of graudit
===========================================================
.___ __ __
_________________ __ __ __| _/|__|/ |_
/ ___\_` __ \__ \ | | \/ __ | | \\_ __\
/ /_/ > | \// __ \| | / /_/ | | || |
\___ /|__| (____ /____/\____ | |__||__|
/_____/ \/ \/
grep rough audit - static analysis tool
v2.1 written by @Wireghoul
=================================[justanotherhacker.com]===
/tmp/vuln/test.py-28-
/tmp/vuln/test.py:29:def file_access(request):
/tmp/vuln/test.py-30- msg = request.GET.get('msg', '')
##############################################
/tmp/vuln/test.py-41- try:
/tmp/vuln/test.py:42: data = open(os.path.join(base_path, filename), 'rb').read()
/tmp/vuln/test.py-43- except IOError:
##############################################
/tmp/vuln/test.py-63- try:
/tmp/vuln/test.py:64: os.unlink('p0wned.txt')
/tmp/vuln/test.py-65- except:
##############################################
/tmp/vuln/test.py-71- # Try it the Python 3 way...
/tmp/vuln/test.py:72: exec(base64.decodestring(bytes(first_name, 'ascii')))
/tmp/vuln/test.py-73- except TypeError:
##############################################
/tmp/vuln/test.py-75- try:
/tmp/vuln/test.py:76: exec(base64.decodestring(first_name))
/tmp/vuln/test.py-77- except:
##############################################
/tmp/vuln/test.py-83- try:
/tmp/vuln/test.py:84: data = open('p0wned.txt').read()
/tmp/vuln/test.py-85- except IOError:
graudit in action: several matches were discovered that may lead to security vulnerabilities

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code is easy to read and understand
  • + Tool is easy to use
  • + Used language is shell script
  • + The source code of this software is available

Author and Maintainers

Graudit is under development by Eldar Marcussen.

Installation

Supported operating systems

Graudit is known to work on Linux.

graudit alternatives

Similar tools to graudit:

85

gosec

Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. Read how it works in this review.

85

Bandit

Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.

76

PyT

Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.

All graudit alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.