Dawnscanner - Dawn Is A Static Analysis Safety Scanner For Cherry-Red Written Spider Web Applications (Sinatra, Padrino In Addition To Ror Frameworks)
dawnscanner is a source code scanner designed to review your ruby code for safety issues.
dawnscanner is able to scan manifestly ruby scripts (e.g. command trace applications) but all its features are unleashed when dealing amongst spider web applications source code. dawnscanner is able to scan major MVC (Model View Controller) frameworks, out of the box:
Quick update from November, 2018
As yous tin run into dawnscanner is on concord since to a greater extent than together with thus an year. Sorry for that. It's life. I was overwhelmed past times tons of materials together with I dedicated gratis fourth dimension to Offensive Security certifications. True to hold out told, I'm starting OSCE journeying truly soon.
The dawnscanner projection volition hold out updated shortly amongst novel safety checks together with kickstarted again.
Paolo
dawnscanner version 1.6.6 has 235 safety checks loaded inwards its cognition base. Most of them are CVE bulletins applying to gems or the ruby interpreter itself. There are also approximately cheque coming from Owasp Ruby on Rails cheatsheet.
An overall introduction
When yous run dawnscanner on your code it parses your projection Gemfile.lock looking for the gems used together with it tries to discovery the ruby interpreter version yous are using or yous declared inwards your ruby version administration tool yous similar most (RVM, rbenv, ...).
Then the tool tries to discovery the MVC framework your spider web application uses together with it applies the safety cheque accordingly. There checks designed to jibe rails application or checks that are appliable to whatsoever ruby code.
dawnscanner tin also sympathize the code inwards your views together with to backtrack sinks to spot cross site scripting together with sql injections introduced past times the code yous truly wrote. In the projection roadmap this is the code most of the futurity evolution attempt volition hold out focused on.
dawnscanner safety scan upshot is a listing of vulnerabilities amongst approximately mitigation actions yous desire to follow inwards companionship to cook a stronger spider web application.
Installation
You tin install latest dawnscanner version, fetching it from Rubygems past times typing:
$ precious rock install dawnscanner group :development exercise precious rock 'dawnscanner', :require=>false end$ package install$ git clone https://github.com/thesp0nge/dawnscanner.git $ cd dawnscanner $ package install $ rake installUsage
You tin start your code review amongst dawnscanner real easily. Simply say the tool where the projection root directory.
Underlying MVC framework is autodetected past times dawnscanner using target Gemfile.lock file. If autodetect fails for approximately reason, the tool volition complain nigh it together with yous bring to specify if it's a rails, sinatra or padrino spider web application past times hand.
Basic usage is to specify approximately optional command trace selection to fit best your needs, together with to specify the target directory where your code is stored.
$ dawn [options] targetdawn -h at your OS prompt.$ dawn -h Usage: dawn [options] target_directory Examples: $ dawn a_sinatra_webapp_directory $ dawn -C the_rails_blog_engine $ dawn -C --json a_sinatra_webapp_directory $ dawn --ascii-tabular-report my_rails_blog_ecommerce $ dawn --html -F my_report.html my_rails_blog_ecommerce -G, --gem-lock forcefulness dawn to scan exclusively for vulnerabilities affecting dependencies inwards Gemfile.lock (DEPRECATED) -d, --dependencies forcefulness dawn to scan exclusively for vulnerabilities affecting dependencies inwards Gemfile.lock Reporting -a, --ascii-tabular-report elbow grease dawn to format findings using tables inwards ascii fine art (DEPRECATED) -j, --json elbow grease dawn to format findings using json -K, --console elbow grease dawn to format findings using manifestly ascii text -C, --count-only dawn volition exclusively count vulnerabilities (useful for scripts) -z, --exit-on-warn dawn volition provide number of establish vulnerabilities every bit move out code -F, --file filename tells dawn to write output to filename -c, --config-file filename tells dawn to charge configuration from filename Disable safety cheque trace of piece of job solid unit of measurement --disable-cve-bulletins disable all CVE safety checks --disable-code-quality disable all code character checks --disable-code-style disable all code trend checks --disable-owasp-ror-cheatsheet disable all Owasp Ruby on Rails cheatsheet checks --disable-owasp-top-10 disable all Owasp Top 10 checks Flags useful to enquiry Dawn -S, --search-knowledge-base [check_name] search check_name inwards the cognition base of operations --list-knowledge-base listing knowledge-base content --list-known-families listing safety cheque families contained inwards dawn's cognition base of operations --list-known-framework listing ruby MVC frameworks supported past times dawn --list-scan-registry listing past times scan informations stored inwards scan registry Service flags -D, --debug enters dawn debug trend -V, --verbose the output volition hold out to a greater extent than verbose -v, --version present version information -h, --help present this helpRake task
To include dawnscanner inwards your rake chore list, yous only bring to position this trace inwards your
Rakefilerequire 'dawn/tasks'$ rake -T yous volition bring a dawn:run chore yous desire to execute.$ rake -T ... rake dawn:run # Execute dawnscanner on the electrical flow directory ...Interacting amongst the cognition base
You tin dump all safety checks inwards the cognition base of operations this way
$ dawn --list-knowledge-base--search-knowledge-base or -S amongst every bit parameter the cheque advert yous desire to run into if it's implemented every bit a safety command or not.$ dawn -S CVE-2013-6421 07:59:30 [*] dawn v1.1.0 is starting upward CVE-2013-6421 establish inwards knowledgebase. $ dawn -S this_test_does_not_exist 08:02:17 [*] dawn v1.1.0 is starting upward this_test_does_not_exist non establish inwards knowledgebasedawnscanner safety scan inwards action
As output, dawnscanner volition position all safety checks that are failed during the scan.
This the upshot of Codedake::dawnscanner running against a Sinatra 1.4.2 spider web application wrote for a utter I delivered inwards 2013 at Railsberry conference.
As yous may see, dawnscanner origin detects MVC running the application past times looking at Gemfile.lock, than it discards all safety checks non appliable to Sinatra (49 safety checks, inwards version 1.0, specially designed for Ruby on Rails) together with it applies them.
$ dawn /src/hacking/railsberry2013 18:40:27 [*] dawn v1.1.0 is starting upward 18:40:27 [$] dawn: scanning /Users/thesp0nge/src/hacking/railsberry2013 18:40:27 [$] dawn: sinatra v1.4.2 detected 18:40:27 [$] dawn: applying all safety checks 18:40:27 [$] dawn: 109 safety checks applied - 0 safety checks skipped 18:40:27 [$] dawn: 1 vulnerabilities establish 18:40:27 [!] dawn: CVE-2013-1800 cheque failed 18:40:27 [$] dawn: Severity: high 18:40:27 [$] dawn: Priority: unknown 18:40:27 [$] dawn: Description: The fissure precious rock 0.3.1 together with before for Ruby does non properly limit casts of string values, which mightiness allow remote attackers to acquit object-injection attacks together with execute arbitrary code, or elbow grease a denial of service (memory together with CPU consumption) past times leveraging Action Pack back upward for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. 18:40:27 [$] dawn: Solution: Please role fissure precious rock version 0.3.2 or above. Correct your gemfile 18:40:27 [$] dawn: Evidence: 18:40:27 [$] dawn: Vulnerable fissure precious rock version found: 0.3.1 18:40:27 [*] dawn is leavingWhen yous run dawnscanner on a spider web application amongst upward to engagement dependencies, it's probable to provide a friendly no vulnerabilities found message. Keep it upward working that way!
This is dawnscanner running against a Padrino spider web application I wrote for a scorecard quiz game nigh application security. Italian linguistic communication only. Sorry.
18:42:39 [*] dawn v1.1.0 is starting upward 18:42:39 [$] dawn: scanning /Users/thesp0nge/src/CORE_PROJECTS/scorecard 18:42:39 [$] dawn: padrino v0.11.2 detected 18:42:39 [$] dawn: applying all safety checks 18:42:39 [$] dawn: 109 safety checks applied - 0 safety checks skipped 18:42:39 [*] dawn: no vulnerabilities found. 18:42:39 [*] dawn is leaving--html flag used amongst the --file since I wanto to salvage the HTML to disk.$ dawn /Users/thesp0nge/src/hacking/rt_first_app --html --file report.html 09:00:54 [*] dawn v1.1.0 is starting upward 09:00:54 [*] dawn: report.html created (2952 bytes) 09:00:54 [*] dawn is leavingUseful links
Project homepage: http://dawnscanner.org
Twitter profile: @dawnscanner
Github repository: https://github.com/thesp0nge/dawnscanner
Mailing list: https://groups.google.com/forum/#!forum/dawnscanner
Thanks to
saten: origin number posted nigh a typo inwards the README
presidentbeef: for his outstanding run that inspired me creating dawn together with for double cheque comparing matrix. Issue #2 is yours :)
marinerJB: for misc põrnikas reports together with farther ideas
Matteo: for ideas on API together with their usage amongst github.com hooks
