Graudit: Source Code Auditing Tool

CyberPunk Vulnerability Analysis

Last Release: 03/01/2022 Last Commit: 04/11/2022

Graudit allows the user to find potential vulnerabilities within the source code of a software. It uses the GNU utility grep to compare the source code with signature sets within different databases. It is comparable to other analyzers such as RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and retaining its flexibility.

Graudit: Source Code Auditing Tool

This tool involves different databases which are included within the tool which are compared with extended regular expressions (POSIX). The user has the option to add additional databases or create their own ones if needed. The databases support a huge range of languages from JavaScript to Python. Lastly, the user has the option to scan a single file or scan multiple files at the same time.

Note: The user has the option to install the tool locally or globally by acting as a superuser. It is however recommended by the developer to clone the repository to that all of the latest database are included within the software.

Databases

The default database contains generic rules which aim to sniff out common vulnerabilities within the source code. In addition to this, there are databases for:

– ASP.NET, C, .NET, JSP, Perl, PHP and Python.

The ‘all’ database combines all of the mentioned databases into a single database. The developer recommends first using the default database to find common vulnerabilities and then use language specific databases to find additional vulnerabilities.

Features:

Portable, Flexible and easy to use
Option to add custom databases
Ensure that source code does not have any vulnerabilities saving the user from future headaches
Supports many different languages ensuring that whichever language you use, you will be protected with this tool
When compared with other tools, this tool has lower technical requirments ensuring it can run on most systems

Supported Platforms:

Linux

Requirements:

None

Install

Clone the GitHub repo:

$ git clone https://github.com/wireghoul/graudi

You can then symlink graudit so it is in path:

$ ln -s ~/graudit/graudit ~/bin/graudit

Graudit Usage

Enter the following command:

$ graudit -h

Available Options:

===========================================================
                                      .___ __  __   
          _________________  __ __  __| _/|__|/  |_ 
         / ___\_` __ \__  \ |  |  \/ __ | | \\_  __\
        / /_/  >  | \// __ \|  |  / /_/ | |  ||  |  
        \___  /|__|  (____  /____/\____ | |__||__|  
       /_____/            \/           \/           
              grep rough audit - static analysis tool
                  v2.6 written by @Wireghoul
=================================[justanotherhacker.com]===
Usage: graudit [opts] /path/to/scan

OPTIONS 
  -d  database to use or /path/to/file.db (uses default if not specified) 
  -A scan ALL files 
  -x exclude these files (comma separated list: -x *.js,*.sql) 
  -i case in-sensitive scan 
  -c  number of lines of context to display, default is 2 

  -B suppress banner 
  -L vim friendly lines 
  -b colour blind friendly template 
  -z suppress colors 
  -Z high contrast colors 

  -l lists databases available 
  -v prints version number 
  -h prints this help screen