Skip to content

Instantly share code, notes, and snippets.

@nstarke
Last active December 26, 2018 19:43
Show Gist options
  • Save nstarke/623dd247248ad985c701 to your computer and use it in GitHub Desktop.
Save nstarke/623dd247248ad985c701 to your computer and use it in GitHub Desktop.
Python Security Vulnerability Egrep
# this command will return places where the application shells out or dynamically executes code:
egrep -r --include "*.py" -e "exec\(|eval\(|subprocess|popen" .
# DJANGO: find places where HTML encoding is turned off via the "safe" attribute:
grep -r --include "*.py" --include "*.html" -e "|safe" .
# DJANGO: find places where unsafe SQL queries are executed:
egrep -r --include "*.py" -e "\.(raw|execute)\(" .
# Non zero values indicate that some sort of CSRF protection is probably enabled.
# run without "| wc -l" to check CSRF-enabled endpoints and compare that list
# against all endpoints
egrep -r "(?i)csrf" . | wc -l
# returns database connection objects. look for hardcoded credentials
egrep -r --include "*.py" -e "(MySQLdb\.connect|MySQLDatabase|psycopg2\.connect|sqlalchemy\.create_engine|MongoClient|connect)\(" .
# returns hardcoded credentials
egrep -r --include "*.py" -e "(user|username|pass|password)\s*\=\s*\".*\"" .
# returns hardcoded port
egrep -r --include "*.py" -e "port\s*\=\s*\d+" .
# returns crypto operations
egrep -r --include "*.py" -e "(DES|AES|Crypto|Cipher|hashlib|Random|md5|sha1|sha256|sha512)" .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment