ScodeScanner v2.1.0

ScodeScanner is an automated tool, created in purpose of finding the vulnerabilities inside the source code before commiting it into the production. This will help the developers to quickly identify the vulnerabilities and patch those vulnerabilities at Dev Time.

In Support Language

ScodeScanner only supports PHP for now, but soon it will start supporting other languages too.

Whats new?

1) Added advance rules - It will detect if the variable is using user input validated function, and find the match accordingly.

  $var1 = $_GET['a'];
    $var2 = $_GET['b'];

   echo htmlspecialchars($var1 ); This will Ignore
   echo $var1; This will match

   $encryptedvalue = htmlspecialchars($var2);
   echo $encryptedvalue; this will ignore

   echo $var2; this will match

2) Added Jira Integration - Where you can directly send the file to Jira Instance

3) Added Slack Integration - Where you can send file to slack channel

4) Added –check flag - Which will double check the results

Note: This flag might miss the match where if one file imported variables from other file. So use accordingly.

5) Resolved Bugs

6) Edited Rules

Download

SCodeScanner hosted with GitHub. Head to the GitHub repository for downloads, bug reports, and features requests.

Contribution

Would love your thoughts on this, and would be great to work with community.

Thanks!

Introducing ScodeScanner

ScodeScanner is an automated tool, created in purpose of finding the vulnerabilities inside the source code before commiting it into the production. This will help the developers to quickly identify the vulnerabilities and patch those vulnerabilities at Dev Time.

In Support Language

ScodeScanner only supports PHP for now, but soon it will start supporting other languages too.

SCodeScanner features

Features are:-

  • Support for scanning the folder which contains multiple PHP files.
  • This will not only notify at which file but also notify you at which line the vulnerable code exists for quickly identifying the vulnerability.
  • This scans not only the PRE-Defined PHP variables but also scans the custom variables. Like a $test1 = $_GET["aaa"]. then it scans for both $test1 and the GET variables inside the source code.
  • It scans functions with a function that contains our variable. Like include(htmlentities($test)) so it will parse this and give the results like the $test variable found inside the include function. Because there might be possiblity of using base64 function instead of htmlentities.
  • Support of parsing the whitespacese
  • Output results in PHP file which contains HTML anchor tags (for browsing smoothly).
  • It runs on your localhost, where you will have to give the folder name for scans.
  • You can add more functions which are dangerous if you found missing any inside the vulnerablefunctions python file.

Download

SCodeScanner hosted with GitHub. Head to the GitHub repository for downloads, bug reports, and features requests.

Contribution

Would love your thoughts on this, and would be great to work with community.

Thanks!

Example content

Sample Video of how this tool results the output and what? (If error comes, Please Click on “Open site in new window”)