Insider tool is secure code reviewer, which exclusively focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code. Currently support the following technologies:
-
Java (Maven and Android),
-
Kotlin (Android),
-
Swift (iOS),
-
.NET Full Framework,
-
C#,
-
and Javascript (Node.js)
Demo
Installation :
It has two options for installation
Precompiled binaries available for Linux, Windows and macOS operational systems. It is easy way to use the insider tool.
You can download binaries from here:
Or compile it yourself, you'll need at least Go version 1.13.3.and GNU Make >= 4.2.1; After downloading / checking if your version is compatible, you just have to:
go get github.com/insidersec/insider
$ cd $GOPATH/src/github.com/insidersec/insider
$ make linux64 # We support: linux32, linux64, win32, win64, macos
Usage :
Example of use :
insider -tech javascript -target
insider -tech=android -target=
insider -tech android -target -no-html
Android project : Example for running a android source code project.
Results will be save in the tool directory and can view the .html or .json files. Currently tool is in early stage.
For more details : https://github.com/m4ll0k/SecretFinder