PyT- Python Taint: Static Analysis of Python Web Applications Security Software
PyT - Python Taint Static Analysis of Python Web Applications Security Software
For Static analysis of Python web applications based on theoretical foundations (Control flow graphs, fixed point, dataflow analysis)
Features:
- Detect Command injection
- Detect SQL injection
- Detect XSS
- Detect directory traversal
- Get a control flow graph
- Get a def-use and/or a use-def chain
- Search GitHub and analyse hits with PyT
- Scan intraprocedural or interprocedural
- A lot of customisation possible
Install
- git clone https://github.com/python-security/pyt.git
- python setup.py install
- pyt -h
Usage from source
- Using it like a user: python -m pyt -f example/vulnerable_code/XSS_call.py save -du
- Running the tests: python -m tests
- Running an individual test file: python -m unittest tests.import_test
- Running an individual test: python -m unittest tests.import_test.ImportTest.test_import
Virtual env setup guide
Create a directory to hold the virtual env and projectmkdir ~/a_folder
cd ~/a_folder
Clone the project into the directory
git clone https://github.com/python-security/pyt.git
Create the virtual environment
python3 -m venv ~/a_folder/
Check that you have the right versions
python --version sample output Python 3.6.0
pip --version sample output pip 9.0.1 from /Users/kevinhock/a_folder/lib/python3.6/site-packages (python 3.6)
Change to project directory
cd pyt
Install dependencies
pip install -r requirements.txt
pip list sample output
gitdb (0.6.4)
GitPython (2.0.8)
graphviz (0.4.10)
pip (9.0.1)
requests (2.10.0)
setuptools (28.8.0)
smmap (0.9.0)
Download PyT
Source: blog.hackersonlineclub.com
PyT- Python Taint: Static Analysis of Python Web Applications Security Software
Reviewed by Anonymous
on
10:41 AM
Rating: