Graudit allows the user to find potential vulnerabilities within the source code of a software. It uses the GNU utility
grep to compare the source code with signature sets within different databases. It is comparable to other analyzers such as RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and retaining its flexibility.
Graudit: Source Code Auditing Tool
The default database contains generic rules which aim to sniff out common vulnerabilities within the source code. In addition to this, there are databases for:
– ASP.NET, C, .NET, JSP, Perl, PHP and Python.
The ‘all’ database combines all of the mentioned databases into a single database. The developer recommends first using the default database to find common vulnerabilities and then use language specific databases to find additional vulnerabilities.
- Portable, Flexible and easy to use
- Option to add custom databases
- Ensure that source code does not have any vulnerabilities saving the user from future headaches
- Supports many different languages ensuring that whichever language you use, you will be protected with this tool
- When compared with other tools, this tool has lower technical requirments ensuring it can run on most systems
Clone the GitHub repo:
$ git clone https://github.com/wireghoul/graudi
You can then symlink graudit so it is in path:
$ ln -s ~/graudit/graudit ~/bin/graudit
Enter the following command:
$ graudit -h
=========================================================== .___ __ __ _________________ __ __ __| _/|__|/ |_ / ___\_` __ \__ \ | | \/ __ | | \\_ __\ / /_/ > | \// __ \| | / /_/ | | || | \___ /|__| (____ /____/\____ | |__||__| /_____/ \/ \/ grep rough audit - static analysis tool v2.6 written by @Wireghoul =================================[justanotherhacker.com]=== Usage: graudit [opts] /path/to/scan OPTIONS -d database to use or /path/to/file.db (uses default if not specified) -A scan ALL files -x exclude these files (comma separated list: -x *.js,*.sql) -i case in-sensitive scan -c number of lines of context to display, default is 2 -B suppress banner -L vim friendly lines -b colour blind friendly template -z suppress colors -Z high contrast colors -l lists databases available -v prints version number -h prints this help screen