Python Scanner

ID: python-scanner

Severity: info

Author: majidmc2

Tags: python,file,sast

Description

Indicators for dangerous Python functions

YAML Source

id: python-scanner

info:
  name: Python Scanner
  author: majidmc2
  severity: info
  description: Indicators for dangerous Python functions
  reference:
    - https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html
    - https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html
  tags: python,file,sast
file:
  - extensions:
      - py

    extractors:
      - type: regex
        name: code-injection
        regex:
          - 'exec'
          - 'eval'
          - '__import__'
          - 'execfile'

      - type: regex
        name: command-injection
        regex:
          - 'subprocess.call\(.*shell=True.*\)'
          - 'os.system'
          - 'os.popen\d?'
          - 'subprocess.run'
          - 'commands.getoutput'

      - type: regex
        name: untrusted-source
        regex:
          - 'pickle\.loads'
          - 'c?Pickle\.loads?'
          - 'marshal\.loads'
          - 'pickle\.Unpickler'

      - type: regex
        name: dangerous-yaml
        regex:
          - 'yaml\.load'
          - 'yaml\.safe_load'

      - type: regex
        name: sqli
        regex:
          - 'cursor\.execute'
          - 'sqlite3\.execute'
          - 'MySQLdb\.execute'
          - 'psycopg2\.execute'
          - 'cx_Oracle\.execute'
# digest: 490a004630440220593fa88162bfb1a804486e725699a36f268819acb41cee9ca56cf921c27c9c400220245ed9c81efd9eccdd9afd2229c342e0714570125a8528ae371b86e5757df33f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "file/python/python-scanner.yaml"

View on Github