Code review

General

https://www.sonarqube.org/downloads/
https://deepsource.io/signup/
https://github.com/pyupio/safety
https://github.com/returntocorp/semgrep
https://github.com/WhaleShark-Team/cobra

# Find interesting strings
https://github.com/s0md3v/hardcodes
https://github.com/micha3lb3n/SourceWolf
https://libraries.io/pypi/detect-secrets

# Tips
1.Important functions first
2.Follow user input
3.Hardcoded secrets and credentials
4.Use of dangerous functions and outdated dependencies
5.Developer comments, hidden debug functionalities, configuration files, and the .git directory
6.Hidden paths, deprecated endpoints, and endpoints in development
7.Weak cryptography or hashing algorithms
8.Missing security checks on user input and regex strength
9.Missing cookie flags
10.Unexpected behavior, conditionals, unnecessarily complex and verbose functions

JavaScript

https://jshint.com/
https://github.com/jshint/jshint/

NodeJS

https://github.com/ajinabraham/nodejsscan

Electron

https://github.com/doyensec/electronegativity
https://github.com/doyensec/awesome-electronjs-hacking

Python

# bandit
https://github.com/PyCQA/bandit
# pyt
https://github.com/python-security/pyt
# atheris
https://github.com/google/atheris
# aura
https://github.com/SourceCode-AI/aura

.NET

# dnSpy
https://github.com/0xd4d/dnSpy

# .NET compilation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe test.cs

PHP

# phpvuln
https://github.com/ecriminal/phpvuln

C/C++

# flawfinder
https://github.com/david-a-wheeler/flawfinder

Java

# JD-Gui
https://github.com/java-decompiler/jd-gui

# Java compilation step-by-step
javac -source 1.8 -target 1.8 test.java
mkdir META-INF
echo "Main-Class: test" > META-INF/MANIFEST.MF
jar cmvf META-INF/MANIFEST.MF test.jar test.class
TaskCommand
Execute Jarjava -jar [jar]
Unzip Jarunzip -d [output directory] [jar]
Create Jarjar -cmf META-INF/MANIFEST.MF [output jar] *
Base64 SHA256sha256sum [file] | cut -d’ ‘ -f1 | xxd -r -p | base64
Remove Signingrm META-INF/.SF META-INF/.RSA META-INF/*.DSA
Delete from Jarzip -d [jar] [file to remove]
Decompile classprocyon -o . [path to class]
Decompile Jarprocyon -jar [jar] -o [output directory]
Compile classjavac [path to .java file]