Electronegativity - Tool To Pose Misconfigurations In Addition To Safety Anti-Patterns Inward Electron Applications
Electronegativity is a tool to position misconfigurations together with safety anti-patterns inward Electron-based applications.
It leverages AST together with DOM parsing to hold off for security-relevant configurations, every bit described inward the "Electron Security Checklist - Influenza A virus subtype H5N1 Guide for Developers together with Auditors" whitepaper.
Software developers together with safety auditors tin role this tool to disclose together with mitigate potential weaknesses together with implementation bugs when developing applications using Electron. Influenza A virus subtype H5N1 proficient agreement of Electron (in)security is all the same required when using Electronegativity, every bit approximately of the potential issues detected past times the tool request manual investigation.
If you're interested inward Electron Security, convey a hold off at our BlackHat 2017 query Electronegativity - Influenza A virus subtype H5N1 Study of Electron Security together with kicking the bucket on an oculus on the Doyensec's blog.
Installation
Major releases are pushed to NPM together with tin last but installed using:
$ npm install @doyensec/electronegativity -gUsage
$ electronegativity -h| Option | Description |
|---|---|
| -V | output the version number |
| -i, --input | input (directory, .js, .htm, .asar) |
| -o, --output | save the results to a file inward csv or sarif format |
| -h, --help | output utilization information |
$ electronegativity -i /path/to/electron/appasar archive together with saving the results inward a csv file:$ electronegativity -i /path/to/asar/archive -o result.csvnode --max-old-space-size=4096 electronegativity -i /path/to/asar/archive -o result.csvCredits
Electronegativity was made possible thank yous to the run of Claudio Merloni, Ibram Marzouk, Jaroslav Lobačevski together with many other contributors.
This run has been sponsored past times Doyensec LLC.
