Tool and Usage
- MPL 2.0
- Programming language
- Latest release
- Latest release date
Why this tool?
Shellharden helps to detect flaws in shell scripts that may result in vulnerabilities. While being similar to Shellcheck, this tool can apply the suggested changes to a shell script.
How it works
Shellharden focuses on the proper use of variable quoting. It scans the code for variables and determines if quoting is applied. The tool uses colored output to indicate shows what to should be added (green) or remove (red).
The project was first released in February of 2017. The GitHub project page has a clear description of the project and why to use the tool. It provides a screenshot and some helpful commands for beginners. We can't find the full name of the author (anordal), which might be a possible improvement to add to the project.
Usage and audience
Shellharden is commonly used for code analysis. Target users for this tool are developers, pentesters, security professionals, and system administrators.
- Colored output
- Command line interface
Example usage and output
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + Tool is easy to use
- + More than 3000 GitHub stars
- + The source code of this software is available
- - Full name of author is unknown
Supported operating systems
Shellharden is known to work on Linux.
Similar tools to Shellharden:
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. Read how it works in this review.
Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.
This tool page was updated at . Found an improvement? Help the community by submitting an update.