Giter Site home page Giter Site logo

royram22 / is-website-vulnerable Goto Github PK

View Code? Open in Web Editor NEW

This project forked from lirantal/is-website-vulnerable

0.0 0.0 0.0 700 KB

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

License: Apache License 2.0

Shell 0.45% JavaScript 95.46% Dockerfile 4.09%

is-website-vulnerable's Introduction

is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

npm version license downloads build codecov Known Vulnerabilities Responsible Disclosure Policy

Screenshot of npm module called is website vulnerable that detects security vulnerabilities in websites based on Snyk database

Many thanks to for supporting open source security

About

Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Usage

Command line

Using Node.js's npx to run a one-off scan of a website:

npx is-website-vulnerable https://example.com [--json] [--js-lib] [--mobile|--desktop] [--chromePath] [--cookie] [--token]

The CLI will gracefully handle cases where the URL to scan is missing by prompting you to enter it:

$ npx is-website-vulnerable
Woops! You forgot to provide a URL of a website to scan.
? Please provide a URL to scan: › https://example.com
...

Exit codes

If the CLI detects an error, it will terminate with an exit code different from 0.

Exit Code 0: Everything is fine. No vulnerabilities found.

Exit Code 1: An error happened during the execution. Check the logs for details.

Exit Code 2: Vulnerabilities were found. Check the logs for details.

Docker

To build and run the container locally:

# Clone Repo:
git clone https://github.com/lirantal/is-website-vulnerable.git

# Change to repo's cloned directory:
cd is-website-vulnerable

# Build Image locally:
docker build --no-cache -t lirantal/is-website-vulnerable:latest .

# Run container:
docker run --rm -e SCAN_URL="https://www.google.com/" lirantal/is-website-vulnerable:latest

SCAN_URL is an environment variable and its value must be replaced with the desired URL during Docker run. Docker container will exit once the scan has been completed.

If you wish to provide command line arguments to is-website-vulnerable and customize the run, such as providing --json or other supported arguments, you should omit the environment variable and provide the full command. Here is an example:

docker run --rm lirantal/is-website-vulnerable:latest https://www.google.com --json

⚠️ A modern version of Chrome is assumed to be available when using is-website-vulnerable. It may not be safe to assume that this is satisfied automatically on some CI services. For example, additional configuration is necessary for Travis CI.

GitHub Action

Create .github/workflows/is-website-vulnerable.yml with the url that you want scanned:

name: Test site for publicly known js vulnerabilities

on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Test for public javascript library vulnerabilities 
        uses: lirantal/is-website-vulnerable@main
        with:
          scan-url: "https://yoursite.com"

Install

You can install globally via:

npm install -g is-website-vulnerable

Contributing

Please consult CONTRIBUTING for guidelines on contributing to this project.

Author

is-website-vulnerable © Liran Tal, Released under the Apache-2.0 License.

is-website-vulnerable's People

Contributors

lirantal avatar zivkaziv avatar rajkumaar23 avatar danielruf avatar itaisteinherz avatar samarpanda avatar ulisesgascon avatar snyk-bot avatar victorzubr avatar cardoso222 avatar ofekashery avatar nicolascarpi avatar mixth avatar travi avatar mattorb avatar lp-francois avatar soldiercorp avatar coliff avatar ryuno-ki avatar darkwizard242 avatar ahmedkrmn avatar aamirshahx avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.