Code Sentinel is a Python application that analyzes code files for vulnerabilities. It helps identify potential security issues such as code injection, cross-site scripting (XSS), SQL injection, CSRF (Cross-Site Request Forgery), SSRF (Server-Side Request Forgery), LFI (Local File Inclusion) and RFI (Remote File Inclusion).
- Supports various programming languages including Python, Java, JavaScript, C, C++, Ruby, HTML, and PHP.
- Analyzes code files for vulnerabilities.
- Displays vulnerability details including type, pattern, and line number.
- Provides a user-friendly graphical interface for file selection and displaying results.
To use Code Sentinel, follow the steps below:
- Clone the repository:
git clone https://github.com/boloto1979/Code-Sentinel.git
- Install the required dependencies:
pip install -r requirements.txt
pip install re
pip install tkinter
pip install Pillow
pip install ttkthemes
To run Code Sentinel, execute the following command:
python3 CodeSentinel.py
The Code Sentinel window will appear, allowing you to perform the following actions:
- Click the "Anexar Arquivo" (Attach File) button to select a code file for analysis.
- Once the file is selected, Code Sentinel will analyze it for vulnerabilities.
- If vulnerabilities are found, they will be displayed in the application window, showing the type, pattern, and line number of each vulnerability.
- If no vulnerabilities are found, a message indicating this will be displayed.
Please note that Code Sentinel supports the following file extensions: .py, .java, .js, .c, .cpp, .html, and .php.
Code Sentinel detects the following types of vulnerabilities:
- Code Injection: It searches for patterns such as eval(, exec(, os.system(, subprocess.run(, $(, and
.*in the code. - XSS (Cross-Site Scripting): It looks for patterns like <script>...</script> and <img...src=...onerror=...>.
- SQL Injection: It identifies patterns such as SELECT *, DROP TABLE, and DELETE FROM in the code (case-insensitive).
- CSRF (Cross-Site Request Forgery).
- SSRF (Server-Side Request Forgery).
- LFI (Local File Inclusion) and RFI (Remote File Inclusion).
Please note that the CSRF and SSRF vulnerability detections are not yet implemented in the current version of Code Sentinel.
Contributions to Code Sentinel are welcome! If you would like to contribute, please follow these steps:
- Fork the repository.
- Create a new branch for your feature or bug fix.
- Develop and test your changes.
- Commit your changes and push them to your fork.
- Submit a pull request explaining your changes.
Also, if you want to be part of the project and organization, please contact me: pedro.lima1979@hotmail.com