Skip to content

Instantly share code, notes, and snippets.

Last active January 25, 2023 05:44
  • Star 9 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Node.js Security Vulnerability Grep
# this command will return instances where the child_process module is loaded.
# that module is generally a good signal that the application is shelling out
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "require(\s*)\((\s*)'child_process'(\s*))" .
# this command will return instances where code is dynamically executed.
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "eval(\s*)\(" .
# this command will check common dangerous functions and report when strings are arguments
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)\".*\"" .
# same as above but will catch variables passed as arguments
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)" .
# this command can be used to gauge whether or not CSRF protections are in place in libraries such as express
# if no results are returned, that can mean no CSRF protections exist at the framework level.
# will vary based on application framework.
grep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "csrf" .
# NODE-ORM, Sequelize: find places where potential unsafe SQL queries are executed:
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "\.(execQuery|query)(\s*)\((\s*)\".*\".*\+" .
# mongoose: database connect functions (look for hard-coded credentials)
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "\.(createConnection|connect)(\s*)\(" .
# hard coded port values in JSON documents:
egrep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "\"port\.*\"(\s*):(\s*)\d+" .
# look for username / password strings for json keys:
egrep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "\"(username|user|password|pass)\"(\s*):(\s*)\".*\"" .
# look for places with possible dom-based XSS
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(window.)?location((\s*)|\.)(href)?\=" .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment