This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

Overview

PackageDNA

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, if currently supported, possible backdoors (malicious embedded code), typosquatting analysis, the history of versions and reported vulnerabilities (CVEs) of the package.


Installation

Clone this repository with:

git clone https://github.com/ElevenPaths/packagedna

PackageDNA uses python-magic which is a simple wrapper around the libmagic C library, and that MUST be installed as well:

Debian/Ubuntu
$ sudo apt-get install libmagic1

Windows
You will need DLLs for libmagic. @julian-r has uploaded a version of this project that includes binaries 
to PyPI: https://pypi.python.org/pypi/python-magic-bin/0.4.14
Other sources of the libraries in the past have been File for Windows. 
You will need to copy the file magic out of [binary-zip]\share\misc, and pass its location to Magic(magic_file=...).

If you are using a 64-bit build of python, you will need 64-bit libmagic binaries which can be found here: https://github.com/pidydx/libmagicwin64.
Newer version can be found here: https://github.com/nscaife/file-windows.

OSX
When using Homebrew: brew install libmagic
When using macports: port install file


More details: https://pypi.org/project/python-magic/

Run setup for installation:

python3 setup.py install --user

External Modules

PackageDNA uses external modules for its analysis that you should install previously:

Microsoft AppInpsector

https://github.com/microsoft/ApplicationInspector

Virus Total API

https://www.virustotal.com/

LibrariesIO API

https://libraries.io/

Rubocop

https://github.com/rubocop/rubocop

After installation you should configure the external modules, in the option [7] Configuration of the main menu.

[1] VirusTotal API Key: Your API KEY
[2] AppInspector absolute path: /Local/Path/MSAppInpsectorInstallation
[3] Libraries.io API Key: Your API KEY
[4] Github Token: Your Token
[B] Back
[X] Exit

NOTE: External modules are not mandatory. PackageDNA will continue its execution, however we recommend making all the configurations of these modules so that the tool performs a complete analysis

Running PackageDNA

Inside the PackageDNA directory:

./packagedna.py
_____              _                          ____     __     _  _______ 
|  __ \            | |                        |  __ \  |   \  | ||  ___  |
| |__) |__ __ ____ | | __   __ __  ____   ___ | |  \ \ | |\ \ | || |___| |
|  ___// _` |/  __)| |/ /  / _` | / _  | / _ \| |   | || | \ \| ||  ___  |
| |   | (_| || (__ | |\ \ | (_| || (_| ||  __/| |__/ / | |  \   || |   | |
|_|    \__,_|\____)|_| \_\ \__,_| \__  | \___||_____/  |_|   \__||_|   |_|
                                   __| |
                                  (____|

Modular Packages Analyzer Framework
By ElevenPaths https://www.elevenpaths.com/
Usage: python3 ./packagedna.py

[*] -------------------------------------------------------------------------------------------------------------- [*]
[!] Select from the menu:
[*] -------------------------------------------------------------------------------------------------------------- [*]
	[1] Analyze Package (Last Version)
	[2] Analyze Package (All Versions)
	[3] Analyze local package
	[4] Information gathering
	[5] Upload file and analyze all Packages
	[6] List previously analyzed packages
	[7] Configurations
	[X] Exit
[*] -------------------------------------------------------------------------------------------------------------- [*]
[!] Enter your selection: 
You might also like...
Osint-Tool - Information collection tool in python

Osint-Tool Herramienta para la recolección de información Pronto más opciones In

An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.

TMOHS1 Root Utility Description An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several

IDA Pro Python plugin to analyze and annotate Linux kernel alternatives
IDA Pro Python plugin to analyze and annotate Linux kernel alternatives

About This is an IDA Pro (Interactive Disassembler) plugin allowing to automatically analyze and annotate Linux kernel alternatives (content of .altin

Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

Security tool to test different bypass of forbidden
Security tool to test different bypass of forbidden

notForbidden Security tool to test different bypass of forbidden Usage python3 notForbidden.py URL Features Bypass with different methods (POST, OPT

Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source
Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source

Infoga - Email OSINT Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pg

CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

CamOver is a camera exploitation tool that allows to disclosure network camera admin password. Features Exploits vulnerabilities in most popul

This tool allows to automatically test for Content Security Policy bypass payloads.
This tool allows to automatically test for Content Security Policy bypass payloads.

CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

Comments
  • User Manual

    User Manual

    can u please provide a User manual to packagedna what do we need to select the scan , make me confused

    [*] -------------------------------------------------------------------------------------------------------------- [*]
    [!] Select from the menu:
    [*] -------------------------------------------------------------------------------------------------------------- [*]
    	[1] Analyze Package (Last Version)
    	[2] Analyze Package (All Versions)
    	[3] Analyze local Package
    	[4] Information Gathering
    	[5] Upload file and analyze all Packages
    	[6] List previously analyzed Packages
    	[7] Configurations
    	[X] Exit
    [*] -------------------------------------------------------------------------------------------------------------- [*]
    
    
    opened by chanduaki 3
Owner
Telefónica
Telefónica official source code platform
Telefónica
Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

We are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch them

Mitiga 13 Jan 4, 2022
A python tool capable of creating HUGE wordlists. Has the ability to add custom words for concatenation in any way you see fit.

A python tool capable of creating HUGE wordlists. Has the ability to add custom words for concatenation in any way you see fit.

Codex 9 Oct 5, 2022
Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses 🕵️

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for the found emails.

null 1.1k Aug 24, 2021
adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

null 136 Jan 2, 2023
This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

null 1 Jan 23, 2022
GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

Mathew Payne 121 Dec 14, 2022
If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

If you are worried about being found perhaps try taking cover under a blanket. Pure Python PowerShell Obfuscator

Ph0tonz 3 Jun 7, 2022
LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

Parental Control Application LittleBrother Overview LittleBrother is a simple parental control application monitoring specific processes (read "games"

null 40 Dec 21, 2022
Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本,扫描主机上所有java进程,检测是否引入了有漏洞的log4j-core jar包,是否可能遭到远程代码执行攻击(CVE-2021-45046)。上传扫描报告到指定的服

null 86 Dec 9, 2022