World Serpant Search is a command-line tool for vulnerability detection. It allows you to scan directories for various types of vulnerabilities, including XSS vulnerabilities, authentication bypass vulnerabilities, and package vulnerabilities using the National Vulnerability Database (NVD).
To install World Serpant Search, you can use pip:
pip install serpantTo use the CLI, follow the instructions below:
-
Install the CLI using pip:
pip install serpant
-
Run the CLI using the following command:
serpant
-
Use the available commands to perform vulnerability scans. For example:
serpant scan /path/to/directory
-
For scan local repo:
serpant scan /path/to/directory
-
For SQL injection detection:
serpant sqlinjection /path/to/directory
-
For search authentication bypass in local repo:
serpant abypass /path/to/directory
-
For detect xss vulnerabilities repo:
serpant xss /path/to/directory
-
For search vulnerabilities in national vulnerability databae:
serpant nvd package name
-
For check sensitive data exposure in local repo:
serpant sensetive /path/to/directory
-
For check unsecure deserialization:
serpant deserialization /path/to/directory
-
For detect access control vulnerabilities:
serpant accesscontrol /path/to/directoryThe CommandLineInterface class represents the command-line interface for the CLI tool. It provides methods for initializing the CLI, printing the banner, and running the interface.
__new__(cls): This method ensures that only one instance of theCommandLineInterfaceclass is created using the Singleton design pattern.__init__(self): Initializes the command-line interface and prints the banner._print_banner(self): Prints the banner when the CLI initializes.run(self): Runs the command-line interface by parsing arguments and executing corresponding commands.
The ScannerController class is responsible for controlling scanning operations and interacting with the underlying data and business logic.
scan_local_directory(self, directory): Scans a local directory for vulnerabilities.scan_xss_directory(self, directory): Scans a local directory for XSS vulnerabilities.scan_authentication_bypass_directory(self, directory): Scans a directory for authentication bypass vulnerabilities.scan_package_vulnerabilities_nvd(self, package): Checks package vulnerabilities using the National Vulnerability Database (NVD).check_sensitive_files_exposure(self, directory): Checks for sensitive file exposure in a directory.detect_insecure_deserialization(self, directory): Detects insecure deserialization vulnerabilities.detect_access_control_vulnerabilities(self, directory): Detects access control vulnerabilities.
Implement a feature to scan a local directory or project for common vulnerabilities such as exposed secrets, hardcoded credentials, or sensitive data.
Extend the application to support scanning remote repositories by providing a URL. This could involve fetching the repository contents and analyzing them for vulnerabilities.
Implement a feature to detect SQL injection vulnerabilities in code files or database configurations.
Develop functionality to detect cross-site scripting vulnerabilities in web applications or scripts.
Implement a feature to identify instances where sensitive data such as API keys, passwords, or personal information is exposed in the codebase.
Integrate with package vulnerability databases (e.g., NVD) to check for known vulnerabilities in project dependencies.
Implement checks to identify potential authentication bypass vulnerabilities in the application.
Develop functionality to detect insecure deserialization vulnerabilities in the codebase.
Implement checks to identify sensitive files (e.g., configuration files, log files) that may be exposed to unauthorized access.
Develop checks to identify access control vulnerabilities, such as insecure direct object references or missing authorization checks.
This project is licensed under the MIT License. See the LICENSE file for details.