Translated ['network-services-pentesting/pentesting-web/code-review-tool

network-services-pentesting/pentesting-web/code-review-tools.md

@@ -1,8 +1,8 @@
 # Bronkode-oorsig / SAST-hulpmiddels
 
 {% hint style="success" %}
-Leer en oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
-Leer en oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Opleiding GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Leer & oefen AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Opleiding AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
+Leer & oefen GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Opleiding GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>
 
@@ -20,7 +20,7 @@ Leer en oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size
 * [**https://owasp.org/www-community/Source\_Code\_Analysis\_Tools**](https://owasp.org/www-community/Source\_Code\_Analysis\_Tools)
 * [**https://github.com/analysis-tools-dev/static-analysis**](https://github.com/analysis-tools-dev/static-analysis)
 
-## Meertalige Hulpmiddels
+## Multi-taal Hulpmiddels
 
 ### [Naxus - AI-Gents](https://www.naxusai.com/)
 
@@ -28,7 +28,7 @@ Daar is 'n **gratis pakket om PRs te hersien**.
 
 ### [**Semgrep**](https://github.com/returntocorp/semgrep)
 
-Dit is 'n **Open Source-hulpmiddel**.
+Dit is 'n **Open Source hulpmiddel**.
 
 #### Ondersteunde Tale
 
@@ -222,7 +222,7 @@ echo $FINAL_MSG
 ```
 {% endcode %}
 
-Jy kan die bevindinge visualiseer in [**https://microsoft.github.io/sarif-web-component/**](https://microsoft.github.io/sarif-web-component/) of deur die VSCode uitbreiding [**SARIF viewer**](https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer).
+Jy kan die bevindinge visualiseer in [**https://microsoft.github.io/sarif-web-component/**](https://microsoft.github.io/sarif-web-component/) of deur die VSCode uitbreiding [**SARIF viewer**](https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewer) te gebruik.
 
 Jy kan ook die [**VSCode uitbreiding**](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-codeql) gebruik om die bevindinge binne VSCode te kry. Jy sal steeds 'n databasis handmatig moet skep, maar dan kan jy enige lêers kies en op `Regsklik` -> `CodeQL: Run Queries in Selected Files` klik.
 
@@ -269,9 +269,9 @@ $ tar -xf insider_2.1.0_linux_x86_64.tar.gz
 $ chmod +x insider
 $ ./insider --tech javascript  --target <projectfolder>
 ```
-### [**DeepSource**](https://deepsource.com/pricing)&#x20;
+### [**DeepSource**](https://deepsource.com/pricing)
 
-Gratis vir **openbare repos**.
+Gratis vir **publieke repos**.
 
 ## NodeJS
 
@@ -281,7 +281,10 @@ Gratis vir **openbare repos**.
 brew install yarn
 # Run
 cd /path/to/repo
-yarn audit
+yarn install
+yarn audit # In lower versions
+yarn npm audit # In 2+ versions
+
 npm audit
 ```
 * **`pnpm`**
@@ -290,6 +293,7 @@ npm audit
 npm install -g pnpm
 # Run
 cd /path/to/repo
+pnpm install
 pnpm audit
 ```
 * [**nodejsscan**](https://github.com/ajinabraham/nodejsscan)**:** Statiese sekuriteitskode skandeerder (SAST) vir Node.js toepassings aangedryf deur [libsast](https://github.com/ajinabraham/libsast) en [semgrep](https://github.com/returntocorp/semgrep).
@@ -421,19 +425,19 @@ https://github.com/securego/gosec
 2. Sonder .map lêers, probeer JSnice:
 * Verwysings: [http://jsnice.org/](http://jsnice.org/) & [https://www.npmjs.com/package/jsnice](https://www.npmjs.com/package/jsnice)
 * Wenke:
-* As jy jsnice.org gebruik, klik op die opsiesknoppie langs die "Nicify JavaScript" knoppie, en deselect "Infer types" om rommel in die kode met kommentaar te verminder.
-* Verseker dat jy geen leë lyne voor die skrip laat nie, aangesien dit die deobfuscation proses kan beïnvloed en onakkurate resultate kan gee.
-4. Vir 'n paar meer moderne alternatiewe tot JSNice, kan jy die volgende oorweeg:
+* As jy jsnice.org gebruik, klik op die opsiesknoppie langs die "Nicify JavaScript" knoppie, en deselecteer "Infer types" om rommel in die kode te verminder.
+* Verseker dat jy nie enige leë lyne voor die skrip laat nie, aangesien dit die deobfuscation proses kan beïnvloed en onakkurate resultate kan gee.
+3. Vir 'n paar meer moderne alternatiewe tot JSNice, kan jy die volgende oorweeg:
+
 * [https://github.com/pionxzh/wakaru](https://github.com/pionxzh/wakaru)
-* > Javascript decompiler, unpacker en unminify toolkit
-> Wakaru is die Javascript decompiler vir moderne frontend. Dit bring die oorspronklike kode terug van 'n gebundelde en getranspileerde bron.
+* > Javascript decompiler, unpacker en unminify toolkit Wakaru is die Javascript decompiler vir moderne frontend. Dit bring die oorspronklike kode terug van 'n gebundelde en getranspileerde bron.
 * [https://github.com/j4k0xb/webcrack](https://github.com/j4k0xb/webcrack)
 * > Deobfuscate obfuscator.io, unminify en unpack gebundelde javascript
 * [https://github.com/jehna/humanify](https://github.com/jehna/humanify)
-* > Un-minify Javascript kode met behulp van ChatGPT
-> Hierdie gereedskap gebruik groot taalmodelle (soos ChatGPT & llama2) en ander gereedskap om Javascript kode te un-minify. Let daarop dat LLMs geen strukturele veranderinge maak nie – hulle bied net leidrade om veranderlikes en funksies te hernoem. Die swaar werk word deur Babel op AST vlak gedoen om te verseker dat die kode 1-1 ekwivalent bly.
+* > Un-minify Javascript kode met behulp van ChatGPT Hierdie gereedskap gebruik groot taalmodelle (soos ChatGPT & llama2) en ander gereedskap om Javascript kode te un-minify. Let daarop dat LLMs geen strukturele veranderinge aanbring nie – hulle bied net leidrade om veranderlikes en funksies te hernoem. Die swaar werk word deur Babel op AST vlak gedoen om te verseker dat die kode 1-1 ekwivalent bly.
 * [https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification.html](https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification.html)
 * > Gebruik LLMs om JavaScript veranderlike naam minification te keer
+
 3. Gebruik `console.log()`;
 * Vind die terugkeerwaarde aan die einde en verander dit na `console.log(<packerReturnVariable>);` sodat die deobfuscated js gedruk word in plaas van uitgevoer te word.
 * Plak dan die gewysigde (en steeds obfuscated) js in [https://jsconsole.com/](https://jsconsole.com/) om die deobfuscated js in die konsole te sien.
@@ -442,10 +446,10 @@ https://github.com/securego/gosec
 
 #### References
 
-* [YouTube: DAST - Javascript Dynamic Analysis](https://www.youtube.com/watch?v=_v8r_t4v6hQ)
+* [YouTube: DAST - Javascript Dynamic Analysis](https://www.youtube.com/watch?v=\_v8r\_t4v6hQ)
 * [https://blog.nvisium.com/angular-for-pentesters-part-1](https://web.archive.org/web/20221226054137/https://blog.nvisium.com/angular-for-pentesters-part-1)
 * [https://blog.nvisium.com/angular-for-pentesters-part-2](https://web.archive.org/web/20230204012439/https://blog.nvisium.com/angular-for-pentesters-part-2)
-* [devalias](https://twitter.com/_devalias)'s [GitHub Gists](https://gist.github.com/0xdevalias):
+* [devalias](https://twitter.com/\_devalias)'s [GitHub Gists](https://gist.github.com/0xdevalias):
 * [Deobfuscating / Unminifying Obfuscated Web App Code](https://gist.github.com/0xdevalias/d8b743efb82c0e9406fc69da0d6c6581#deobfuscating--unminifying-obfuscated-web-app-code)
 * [Reverse Engineering Webpack Apps](https://gist.github.com/0xdevalias/8c621c5d09d780b1d321bfdb86d67cdd#reverse-engineering-webpack-apps)
 * [etc](https://gist.github.com/search?q=user:0xdevalias+javascript)
@@ -462,8 +466,8 @@ https://github.com/securego/gosec
 * [https://github.com/jshint/jshint/](https://github.com/jshint/jshint/)
 
 {% hint style="success" %}
-Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
-Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Leer & oefen AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
+Leer & oefen GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>