Semgrep Tool UI
- https://github.com/Orange-Cyberdefense/grepmarx
Semgrep
- Resources
- https://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/
- Installation
python3 -m pip install semgrep
- Custom Rulesets
- Standard Library: https://github.com/returntocorp/semgrep-rules
- C/C++: https://github.com/0xdea/semgrep-rules
# Semgrep Commands
semgrep --config=auto PATH/TO/SRC
Vulhub
- https://github.com/vulhub/vulhub
Resources
- Sonarsource: https://rules.sonarsource.com/
- Semgrep + Rules: https://github.com/returntocorp/semgrep
- Secure Code Review: https://securecode.wiki/docs/lang/golang/
- Find-sec-bugs: https://find-sec-bugs.github.io/
- Code Review Snippets: https://github.com/harsh-bothra/SecurityExplained
Discovering Tree Structure of Directories in Command Line
tree -L 3
Using SCP to copy source code from remote server
scp user@[ip_address]:~/path/to/file .unzip -q file -d opencrx
Website(s) used to grep code in public repositories
- https://grep.app/
Debugging Techniques
HTML/JS
- Python Simple Server:
python3 -m http.server 8000 - PHP Server:
php -S localhost:8000
PHP Server Side Code Debugging
- In Docker instance (WordPress)
apt install php-xdebug- OR use PECL
- Locate
phpdbg - Port forward assigned port
- PHPStorm
- Zip contents (/var/www/bitnami/wordpress) and move to PHPStorm
- Sometimes cannot work out directory structure ==> need to resolve path mapping problems
Python Server Side Code Debugging
git clone [repo]- PyCharm
Java Server Side Code Debugging
- IntelliJ IDEA
- Can also decompile Jar files