View on GitHub

nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

NodeJsScan

Static security code scanner (SAST) for Node.js applications.

platform License python Build Status Requirements Status

Configure & Run NodeJsScan

Install Postgres and configure SQLALCHEMY_DATABASE_URI in core/settings.py

pip3 install -r requirements.txt
python3 migrate.py # Run once to create database entries required
python3 app.py # Testing Environment
gunicorn -b 0.0.0.0:9090 app:app --workers 3 --timeout 10000 # Production Environment

This will run NodeJsScan on http://0.0.0.0:9090

If you need to debug, set DEBUG = True in core/settings.py

Command Line Interface and Python API

Docker

NodeJsScan Docker images can be built for both the Web UI and CLI version.

docker build -t nodejsscan .
docker run -it -p 9090:9090 nodejsscan

DockerHub

Prebuilt Docker images are available from DockerHub.

docker pull opensecurity/nodejsscan
docker run -it -p 9090:9090 opensecurity/nodejsscan:latest

Learn Node.js Security: Pentesting and Exploitation

OpSecX Video Course

NodeJsScan Web UI

NodeJsScan

Static Analysis

NodeJsScan Static Scan Results NodeJsScan Static Scan Vulnerability Details NodeJsScan CLI