Graudit – Code Audit Tool Using Grep


Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Usage


Graudit supports several options and tries to follow good shell practices. For a list of the options you can run graudit -h or see below. The simplest way to use graudit is;

You can download Graudit v1.1 here:

graudit-1.1.tar.bz2

Or read more here.

Posted in: Countermeasures, Exploits/Vulnerabilities, Secure Coding

, , ,


Latest Posts:


LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.


3 Responses to Graudit – Code Audit Tool Using Grep

  1. GZero September 1, 2009 at 9:26 am #

    I really like this. Simple and brutally effective.

    Thanks Darknet!

  2. Henk September 6, 2009 at 4:10 pm #

    This kind of scanner will produce many false positives to be really useful. Another problem not tackled with graudit is the problem with proned custom-made functions.

    Did anyone found a (non-trivial) bug with graudit?

  3. Wireghoul September 18, 2009 at 4:57 am #

    Hello,

    I am the author of the aforementioned software. Version 1.2 has just been released which seriously reduces the number of false positives. The default rule set now focuses on lower hanging fruit.

    I have found SQLi, RFI and command execution in popular web apps with graudit.

    Version 1.2+ will address custom functions (it’s on github, but not in release).