mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-21 20:23:18 +00:00
GITBOOK-4415: No subject
This commit is contained in:
parent
b29dabf605
commit
dbf1c970b3
1 changed files with 23 additions and 19 deletions
|
@ -1,8 +1,8 @@
|
|||
# Source code Review / SAST Tools
|
||||
|
||||
{% hint style="success" %}
|
||||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||||
Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
|
||||
Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||||
|
||||
<details>
|
||||
|
||||
|
@ -273,7 +273,7 @@ $ chmod +x insider
|
|||
$ ./insider --tech javascript --target <projectfolder>
|
||||
```
|
||||
|
||||
### [**DeepSource**](https://deepsource.com/pricing) 
|
||||
### [**DeepSource**](https://deepsource.com/pricing)
|
||||
|
||||
Free for **public repos**.
|
||||
|
||||
|
@ -286,7 +286,10 @@ Free for **public repos**.
|
|||
brew install yarn
|
||||
# Run
|
||||
cd /path/to/repo
|
||||
yarn audit
|
||||
yarn install
|
||||
yarn audit # In lower versions
|
||||
yarn npm audit # In 2+ versions
|
||||
|
||||
npm audit
|
||||
```
|
||||
|
||||
|
@ -297,6 +300,7 @@ npm audit
|
|||
npm install -g pnpm
|
||||
# Run
|
||||
cd /path/to/repo
|
||||
pnpm install
|
||||
pnpm audit
|
||||
```
|
||||
|
||||
|
@ -447,17 +451,17 @@ https://github.com/securego/gosec
|
|||
* Tips:
|
||||
* If using jsnice.org, click on the options button next to the "Nicify JavaScript" button, and de-select "Infer types" to reduce cluttering the code with comments.
|
||||
* Ensure you do not leave any empty lines before the script, as it may affect the deobfuscation process and give inaccurate results.
|
||||
4. For some more modern alternatives to JSNice, you might like to look at the following:
|
||||
3. For some more modern alternatives to JSNice, you might like to look at the following:
|
||||
|
||||
* [https://github.com/pionxzh/wakaru](https://github.com/pionxzh/wakaru)
|
||||
* > Javascript decompiler, unpacker and unminify toolkit
|
||||
> Wakaru is the Javascript decompiler for modern frontend. It brings back the original code from a bundled and transpiled source.
|
||||
* > Javascript decompiler, unpacker and unminify toolkit Wakaru is the Javascript decompiler for modern frontend. It brings back the original code from a bundled and transpiled source.
|
||||
* [https://github.com/j4k0xb/webcrack](https://github.com/j4k0xb/webcrack)
|
||||
* > Deobfuscate obfuscator.io, unminify and unpack bundled javascript
|
||||
* [https://github.com/jehna/humanify](https://github.com/jehna/humanify)
|
||||
* > Un-minify Javascript code using ChatGPT
|
||||
> This tool uses large language modeles (like ChatGPT & llama2) and other tools to un-minify Javascript code. Note that LLMs don't perform any structural changes – they only provide hints to rename variables and functions. The heavy lifting is done by Babel on AST level to ensure code stays 1-1 equivalent.
|
||||
* > Un-minify Javascript code using ChatGPT This tool uses large language modeles (like ChatGPT & llama2) and other tools to un-minify Javascript code. Note that LLMs don't perform any structural changes – they only provide hints to rename variables and functions. The heavy lifting is done by Babel on AST level to ensure code stays 1-1 equivalent.
|
||||
* [https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification.html](https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification.html)
|
||||
* > Using LLMs to reverse JavaScript variable name minification
|
||||
|
||||
3. Use `console.log()`;
|
||||
* Find the return value at the end and change it to `console.log(<packerReturnVariable>);` so the deobfuscated js is printed instead of being executing.
|
||||
* Then, paste the modified (and still obfuscated) js into [https://jsconsole.com/](https://jsconsole.com/) to see the deobfuscated js logged to the console.
|
||||
|
@ -466,10 +470,10 @@ https://github.com/securego/gosec
|
|||
|
||||
#### References
|
||||
|
||||
* [YouTube: DAST - Javascript Dynamic Analysis](https://www.youtube.com/watch?v=_v8r_t4v6hQ)
|
||||
* [YouTube: DAST - Javascript Dynamic Analysis](https://www.youtube.com/watch?v=\_v8r\_t4v6hQ)
|
||||
* [https://blog.nvisium.com/angular-for-pentesters-part-1](https://web.archive.org/web/20221226054137/https://blog.nvisium.com/angular-for-pentesters-part-1)
|
||||
* [https://blog.nvisium.com/angular-for-pentesters-part-2](https://web.archive.org/web/20230204012439/https://blog.nvisium.com/angular-for-pentesters-part-2)
|
||||
* [devalias](https://twitter.com/_devalias)'s [GitHub Gists](https://gist.github.com/0xdevalias):
|
||||
* [devalias](https://twitter.com/\_devalias)'s [GitHub Gists](https://gist.github.com/0xdevalias):
|
||||
* [Deobfuscating / Unminifying Obfuscated Web App Code](https://gist.github.com/0xdevalias/d8b743efb82c0e9406fc69da0d6c6581#deobfuscating--unminifying-obfuscated-web-app-code)
|
||||
* [Reverse Engineering Webpack Apps](https://gist.github.com/0xdevalias/8c621c5d09d780b1d321bfdb86d67cdd#reverse-engineering-webpack-apps)
|
||||
* [etc](https://gist.github.com/search?q=user:0xdevalias+javascript)
|
||||
|
@ -486,8 +490,8 @@ https://github.com/securego/gosec
|
|||
* [https://github.com/jshint/jshint/](https://github.com/jshint/jshint/)
|
||||
|
||||
{% hint style="success" %}
|
||||
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
||||
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||||
Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
|
||||
Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
||||
|
||||
<details>
|
||||
|
||||
|
|
Loading…
Reference in a new issue