scary-strings
scary-strings copied to clipboard
johnsaigle
Collection of wordlists containing dangerous function calls in many languages
- [x] PHP - [x] Python - [ ] JS - [ ] Go - [ ] Rust - [ ] Perl - [ ] C - [ ] Java
e.g. `strcopy` `gets` See also the Secure Development Lifecycle banned functions: https://www.forward.com.au/pfod/ArduinoProgramming/ArduinoStrings/Security%20Development%20Lifecycle%20(SDL)%20Banned%20Function%20Calls%20_%20Microsoft%20Docs.pdf
aka steal this list: https://github.com/Puliczek/awesome-list-of-secrets-in-environment-variables/
- [ ] Solium/Ethlint https://github.com/duaraghav8/Ethlint
Add examples for taking the list and using them in a clever way with grep or rg. Linking to the [gf repo](https://github.com/tomnomnom/gf/blob/master/examples/sec.json) would be a good idea too because it...
e.g. https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
Create a `Makefile` to: - Concatenate the wordlists into the `all` lists for each folder - Update the `tree` output in the README (this could be a Git pre-commit hook...
For example, this seems... risky https://www.php.net/manual/en/wrappers.ssh2.php
the WAHH book woefully does not include a wordlist for python. I've added some functions based on some blog posts I've read but the list is very small. It would...
Metadata
Owner
Metadata
Collection of wordlists containing dangerous function calls in many languages