scary-strings icon indicating copy to clipboard operation
scary-strings copied to clipboard

Published 20 hours ago verified publisher icon johnsaigle

Add more scary strings based on useful blog posts

Open johnsaigle opened this issue 3 years ago • 10 comments

e.g. https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words

johnsaigle avatar Oct 25 '20 23:10 johnsaigle

Added some python function calls based on https://medium.com/swlh/hacking-python-applications-5d4cd541b3f1

johnsaigle avatar Oct 26 '20 19:10 johnsaigle

Could add JS functionality and use well known sources and sinks for DOM based XSS, at minimum

johnsaigle avatar Dec 13 '20 04:12 johnsaigle

https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html

johnsaigle avatar Feb 14 '21 15:02 johnsaigle

https://portswigger.net/web-security/cross-site-scripting/dom-based, sources and sinks

UPDATE: added the sinks from the bottom of this page edefc67a08da094f71bd91e0c235f5df00cce69e

johnsaigle avatar Feb 19 '21 02:02 johnsaigle

https://cwe.mitre.org/data/definitions/546.html --> more suspicious comment values to search for

johnsaigle avatar May 07 '21 17:05 johnsaigle

http://blog.blueclosure.com/2017/10/javascript-dangerous-functions-part-2_29.html --> JS functions

johnsaigle avatar Oct 25 '21 13:10 johnsaigle

Compare also with existing work from here: https://github.com/danielmiessler/SecLists/tree/master/Pattern-Matching

johnsaigle avatar Nov 12 '21 15:11 johnsaigle

Some calls to dangerous C functions https://github.com/joernio/joern/blob/master/querydb/src/main/scala/io/joern/scanners/c/DangerousFunctions.scala

johnsaigle avatar Sep 28 '22 13:09 johnsaigle

Go unsafe functions https://github.com/jlauinger/go-geiger

johnsaigle avatar Sep 29 '22 14:09 johnsaigle

https://github.com/nbs-system/php-malware-finder/blob/master/php-malware-finder/php.yar

Extra PHP dangerous functions plus some other common tricks used by malware

johnsaigle avatar Oct 02 '22 04:10 johnsaigle