hacktricks/network-services-pentesting/pentesting-web/code-review-tools.md

# Code Review Tools

<details>

<summary><strong>Support HackTricks and get benefits!</strong></summary>

Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**

</details>

## General

[**https://owasp.org/www-community/Source\_Code\_Analysis\_Tools**](https://owasp.org/www-community/Source\_Code\_Analysis\_Tools#)

```bash
https://www.sonarqube.org/downloads/
https://deepsource.io/signup/
https://github.com/pyupio/safety
https://github.com/returntocorp/semgrep
https://github.com/WhaleShark-Team/cobra
https://github.com/insidersec/insider

# Find interesting strings
https://github.com/s0md3v/hardcodes
https://github.com/micha3lb3n/SourceWolf
https://libraries.io/pypi/detect-secrets
```

## JavaScript

```
https://jshint.com/
https://github.com/jshint/jshint/
```

## NodeJS

```
https://github.com/ajinabraham/nodejsscan
```

## Electron

```
https://github.com/doyensec/electronegativity
```

## Python

```bash
# bandit
https://github.com/PyCQA/bandit
# pyt
https://github.com/python-security/pyt
```

## .NET

```bash
# dnSpy
https://github.com/0xd4d/dnSpy

# .NET compilation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe test.cs
```

## Java

```bash
# JD-Gui
https://github.com/java-decompiler/jd-gui

# Java compilation step-by-step
javac -source 1.8 -target 1.8 test.java
mkdir META-INF
echo "Main-Class: test" > META-INF/MANIFEST.MF
jar cmvf META-INF/MANIFEST.MF test.jar test.class
```

| Task            | Command                                                   |
| --------------- | --------------------------------------------------------- |
| Execute Jar     | java -jar \[jar]                                          |
| Unzip Jar       | unzip -d \[output directory] \[jar]                       |
| Create Jar      | jar -cmf META-INF/MANIFEST.MF \[output jar] \*            |
| Base64 SHA256   | sha256sum \[file] \| cut -d' ' -f1 \| xxd -r -p \| base64 |
| Remove Signing  | rm META-INF/_.SF META-INF/_.RSA META-INF/\*.DSA           |
| Delete from Jar | zip -d \[jar] \[file to remove]                           |
| Decompile class | procyon -o . \[path to class]                             |
| Decompile Jar   | procyon -jar \[jar] -o \[output directory]                |
| Compile class   | javac \[path to .java file]                               |

## Go

```bash
https://github.com/securego/gosec
```

## PHP

[Psalm](https://phpmagazine.net/2018/12/find-errors-in-your-php-applications-with-psalm.html) and [PHPStan](https://phpmagazine.net/2020/09/phpstan-pro-edition-launched.html).

### Wordpress Plugins

[https://www.pluginvulnerabilities.com/plugin-security-checker/](https://www.pluginvulnerabilities.com/plugin-security-checker/)

## Solidity

* [https://www.npmjs.com/package/solium](https://www.npmjs.com/package/solium)

<details>

<summary><strong>Support HackTricks and get benefits!</strong></summary>

Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**

</details>
GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`# Code Review Tools`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

			`<summary><strong>Support HackTricks and get benefits!</strong></summary>`

			`Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`

			`Discover [The PEASS Family](https://opensea.io/collection/the-peass-family), our collection of exclusive [NFTs](https://opensea.io/collection/the-peass-family)`

			`Get the [official PEASS & HackTricks swag](https://peass.creator-spring.com)`

			`Join the [💬](https://emojipedia.org/speech-balloon/) [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow me on Twitter [🐦](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[@carlospolopm](https://twitter.com/carlospolopm).`

			`Share your hacking tricks submitting PRs to the [hacktricks github repo](https://github.com/carlospolop/hacktricks).`

			`</details>`

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## General`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
GitBook: [#3095] No subject 2022-04-11 00:18:13 +00:00			`[https://owasp.org/www-community/Source\_Code\_Analysis\_Tools](https://owasp.org/www-community/Source\_Code\_Analysis\_Tools#)`
GitBook: [master] 2 pages modified 2021-09-25 13:27:46 +00:00
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00			```bash
			`https://www.sonarqube.org/downloads/`
			`https://deepsource.io/signup/`
			`https://github.com/pyupio/safety`
			`https://github.com/returntocorp/semgrep`
			`https://github.com/WhaleShark-Team/cobra`
GitBook: [master] 2 pages modified 2021-09-25 13:27:46 +00:00			`https://github.com/insidersec/insider`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
			`# Find interesting strings`
			`https://github.com/s0md3v/hardcodes`
			`https://github.com/micha3lb3n/SourceWolf`
			`https://libraries.io/pypi/detect-secrets`
			```

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## JavaScript`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
GitBook: [#3095] No subject 2022-04-11 00:18:13 +00:00			```
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00			`https://jshint.com/`
			`https://github.com/jshint/jshint/`
			```

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## NodeJS`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
GitBook: [#3095] No subject 2022-04-11 00:18:13 +00:00			```
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00			`https://github.com/ajinabraham/nodejsscan`
			```

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## Electron`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
GitBook: [#3095] No subject 2022-04-11 00:18:13 +00:00			```
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00			`https://github.com/doyensec/electronegativity`
			```

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## Python`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
			```bash
			`# bandit`
			`https://github.com/PyCQA/bandit`
			`# pyt`
			`https://github.com/python-security/pyt`
			```

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## .NET`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
			```bash
			`# dnSpy`
			`https://github.com/0xd4d/dnSpy`

			`# .NET compilation`
			`C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe test.cs`
			```

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## Java`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
			```bash
			`# JD-Gui`
			`https://github.com/java-decompiler/jd-gui`

			`# Java compilation step-by-step`
			`javac -source 1.8 -target 1.8 test.java`
			`mkdir META-INF`
			`echo "Main-Class: test" > META-INF/MANIFEST.MF`
			`jar cmvf META-INF/MANIFEST.MF test.jar test.class`
			```

GitBook: [#3095] No subject 2022-04-11 00:18:13 +00:00			`\| Task \| Command \|`
			`\| --------------- \| --------------------------------------------------------- \|`
			`\| Execute Jar \| java -jar \[jar] \|`
			`\| Unzip Jar \| unzip -d \[output directory] \[jar] \|`
			`\| Create Jar \| jar -cmf META-INF/MANIFEST.MF \[output jar] \* \|`
			`\| Base64 SHA256 \| sha256sum \[file] \\| cut -d' ' -f1 \\| xxd -r -p \\| base64 \|`
			`\| Remove Signing \| rm META-INF/_.SF META-INF/_.RSA META-INF/\*.DSA \|`
			`\| Delete from Jar \| zip -d \[jar] \[file to remove] \|`
			`\| Decompile class \| procyon -o . \[path to class] \|`
			`\| Decompile Jar \| procyon -jar \[jar] -o \[output directory] \|`
			`\| Compile class \| javac \[path to .java file] \|`
GitBook: [master] 386 pages modified 2020-11-10 09:27:45 +00:00
GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## Go`
GitBook: [master] one page modified 2021-05-26 11:18:48 +00:00
			```bash
			`https://github.com/securego/gosec`
			```

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## PHP`
GitBook: [master] 3 pages and 4 assets modified 2021-09-27 13:46:44 +00:00
			`[Psalm](https://phpmagazine.net/2018/12/find-errors-in-your-php-applications-with-psalm.html) and [PHPStan](https://phpmagazine.net/2020/09/phpstan-pro-edition-launched.html).`

GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`### Wordpress Plugins`
GitBook: [#3095] No subject 2022-04-11 00:18:13 +00:00
GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`[https://www.pluginvulnerabilities.com/plugin-security-checker/](https://www.pluginvulnerabilities.com/plugin-security-checker/)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
GitBook: [#3182] No subject 2022-05-07 10:35:17 +00:00			`## Solidity`

			`* [https://www.npmjs.com/package/solium](https://www.npmjs.com/package/solium)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

			`<summary><strong>Support HackTricks and get benefits!</strong></summary>`

			`Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`

			`Discover [The PEASS Family](https://opensea.io/collection/the-peass-family), our collection of exclusive [NFTs](https://opensea.io/collection/the-peass-family)`

			`Get the [official PEASS & HackTricks swag](https://peass.creator-spring.com)`

			`Join the [💬](https://emojipedia.org/speech-balloon/) [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow me on Twitter [🐦](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[@carlospolopm](https://twitter.com/carlospolopm).`

			`Share your hacking tricks submitting PRs to the [hacktricks github repo](https://github.com/carlospolop/hacktricks).`

			`</details>`