Open CharLemAznable opened 4 years ago
支持mac OS
和Linux
安装
brew install grep findutils flex phantomjs
安装phantomjs
时:
brew tap homebrew/cask
brew cask install phantomjs
apt-get install flex bison phantomjs
yum install flex bison phantomjs
安装phantomjs
时, 可使用安装包, 下载地址:
# 下载
wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2
# 解压
tar -jxvf phantomjs-2.1.1-linux-x86_64.tar.bz2
# 如果解压报错,可能系统没有安装bzip2
yum install bzip2.x86_64
# 配置环境变量
sudo vi /etc/profile
# 添加环境变量
export PATH=$PATH:/root/phantomjs-2.1.1-linux-x86_64/bin
# 使环境变量生效
source /etc/profile
# 验证安装成功
phantomjs --version
# 如果运行报错, 可能系统没有安装fontconfig
yum install fontconfig-devel
git clone https://github.com/WhaleShark-Team/cobra.git && cd cobra
pip install -r requirements.txt
python cobra.py --help
pip安装方法
sudo easy_install pip
pip --version
如果执行pip install -r requirements.txt
时, 报错:
ERROR: Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: ...
则使用如下命令安装:
pip install -r requirements.txt --user
验证安装成功
$ python cobra.py --help
usage: cobra [-h] [-t <target>] [-f <format>] [-o <output>] [-r <rule_id>]
[-d] [-sid SID] [-dels] [-rp] [-m] [-H <host>] [-P <port>]
cobra: error: unrecognized arguments: --version
ChardeMacBook-Pro:cobra Char$ python cobra.py --help
usage: cobra [-h] [-t <target>] [-f <format>] [-o <output>] [-r <rule_id>]
[-d] [-sid SID] [-dels] [-rp] [-m] [-H <host>] [-P <port>]
,---. |
| ,---.|---.,---.,---.
| | || || ,---|
`---``---``---`` `---^ v2.0.0-alpha.5
GitHub: https://github.com/WhaleShark-Team/cobra
Cobra is a static code analysis system that automates the detecting vulnerabilities and security issue.
optional arguments:
-h, --help show this help message and exit
Scan:
-t <target>, --target <target>
file, folder, compress, or repository address
-f <format>, --format <format>
vulnerability output format (formats: json, csv, xml)
-o <output>, --output <output>
vulnerability output STREAM, FILE, HTTP API URL, MAIL
-r <rule_id>, --rule <rule_id>
specifies rules e.g: CVI-100001,cvi-190001
-d, --debug open debug mode
-sid SID, --sid SID scan id(API)
-dels, --dels del target directory True or False
-rp, --report automation report Cobra data
-m, --md5 Create projects file md5
RESTful:
-H <host>, --host <host>
REST-JSON API Service Host
-P <port>, --port <port>
REST-JSON API Service Port
Usage:
python cobra.py -t tests/vulnerabilities
python cobra.py -t tests/vulnerabilities -r cvi-190001,cvi-190002
python cobra.py -t tests/vulnerabilities -f json -o /tmp/report.json
python cobra.py -t https://github.com/ethicalhack3r/DVWA -f json -o feei@feei.cn
python cobra.py -t https://github.com/ethicalhack3r/DVWA -f json -o http://push.to.com/api
python cobra.py -H 127.0.0.1 -P 8888
WhaleShark-Team/cobra
Source Code Security Audit (源代码安全审计)
官网地址: http://cobra.feei.cn
什么是"源代码安全审计(白盒扫描)"?
Cobra为什么能从源代码中扫描到漏洞?