Graudit: Source Code Auditing Tool

Graudit: Source Code Auditing Tool

Graudit allows the user to find potential vulnerabilities within the source code of a software. It uses the GNU utility grep to compare the source code with signature sets within different databases. It is comparable to other analyzers such as RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and retaining its flexibility. 

Graudit: Source Code Auditing Tool 

This tool involves different databases which are included within the tool which are compared with extended regular expressions (POSIX). The user has the option to add additional databases or create their own ones if needed. The databases support a huge range of languages from JavaScript to Python. Lastly, the user has the option to scan a single file or scan multiple files at the same time. 

Note: The user has the option to install the tool locally or globally by acting as a superuser. It is however recommended by the developer to clone the repository to that all of the latest database are included within the software.


The default database contains generic rules which aim to sniff out common vulnerabilities within the source code. In addition to this, there are databases for:

– ASP.NET, C, .NET, JSP, Perl, PHP and Python.

The ‘all’ database combines all of the mentioned databases into a single database. The developer recommends first using the default database to find common vulnerabilities and then use language specific databases to find additional vulnerabilities.


  • Portable, Flexible and easy to use
  • Option to add custom databases
  • Ensure that source code does not have any vulnerabilities saving the user from future headaches
  • Supports many different languages ensuring that whichever language you use, you will be protected with this tool
  • When compared with other tools, this tool has lower technical requirments ensuring it can run on most systems

Supported Platforms: 

  • Linux 


  • None


Clone the GitHub repo: 

$ git clone 

You can then symlink graudit so it is in path: 

$ ln -s ~/graudit/graudit ~/bin/graudit 

Graudit Usage

Enter the following command: 

$ graudit -h 

Available Options: 

                                      .___ __  __   
          _________________  __ __  __| _/|__|/  |_ 
         / ___\_` __ \__  \ |  |  \/ __ | | \\_  __\
        / /_/  >  | \// __ \|  |  / /_/ | |  ||  |  
        \___  /|__|  (____  /____/\____ | |__||__|  
       /_____/            \/           \/           
              grep rough audit - static analysis tool
                  v2.6 written by @Wireghoul
Usage: graudit [opts] /path/to/scan

  -d  database to use or /path/to/file.db (uses default if not specified) 
  -A scan ALL files 
  -x exclude these files (comma separated list: -x *.js,*.sql) 
  -i case in-sensitive scan 
  -c  number of lines of context to display, default is 2 

  -B suppress banner 
  -L vim friendly lines 
  -b colour blind friendly template 
  -z suppress colors 
  -Z high contrast colors 

  -l lists databases available 
  -v prints version number 
  -h prints this help screen 
Documentation Box
Download Box