• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2021
  • February
  • 22
  • Horusec – An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command

Horusec – An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command

February 22, 2021 Comments Off on Horusec – An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command
Horusec - An Open Source Tool That Improves Identification Of Vulnerabilities In Your Project With Just One Command cybersecurity ethical hacking hack android hack app hack wordpress hacker news hacking hacking tools for windows keylogger kit kitploit password brute force penetration testing pentest pentest android pentest linux pentest toolkit pentest tools spy tool kit spyware tools

Horusec is an open source tool that performs static code analysis to identify security flaws during the development process. Currently, the languages for analysis are: C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart. The tool has options to search for key leaks and security flaws in all files of your project, as well as in Git history. Horusec can be used by the developer through the CLI and by the DevSecOps team on CI /CD mats. See in our DOCUMENTATION the complete list of tools and languages that we perform analysis

Project roadmap 2021

We started the project to aggregate within our company, but as the search grew more and more we chose to apply good practices and open it up for everyone to collaborate with this incredible project.

In order to achieve our goals, we separated in some delivery phases:

  • Phase 0: Support for all horusec-cli features into horusec-vscode (Q1)
  • Phase 1: Support for the Theia(VsCode Web) (Q1)
  • Phase 2: Support to Flutter, Dart, Bash, Shell, Elixir, Cloujure e Scala in analysis (Q1)
  • Phase 3: New service to manager vulnerabilities founds (Q2)
  • Phase 4: Dependency analysis for all supported languages (Q3)
  • Phase 5: SAST with MVP Semantic Analysis (Q4)
  • Phase 6: DAST with MVP symbolic analysis (Q4)

Getting started

Installing

To see more details how install go to HERE

Check the installation

horusec version

Usage

For use horusec-cli and check your vulnerabilities

horusec start

or send with the authorization token to view the content analytically in the horusec admin panel.

horusec start -a="<YOUR_TOKEN_AUTHORIZATION>"

To acquire the authorization token and you can see your vulnerabilities analytically on our panel see more details HERE

WARN: When horusec starts an analysis it creates a folder called .horusec. This folder serves as the basis for not changing your code. So we recommend that you add the line .horusec into your .gitignore file so that this folder does not need to be sent to your git server!

Requirements for usage horusec-cli

  • docker
  • git(Mandatory if you are using search throughout the project’s git history)

Usage locally

For usage the horusec locally clone horusec in your local machine and run

make install

and run the HORUSEC-CLI to start the analysis

Default Development account

For usage complete feature of the horusec you can see enter using this default user generated by horusec for you usage.

WARN: We do dns validation for account creation, so remember to use a valid email. For tests accounts we accept …@example.com as a valid dns.

  email: [email protected]
password: Devpass0*

Requirements for use complete horusec locally

  • docker
  • git
  • docker-compose/helm
  • golang
  • rabbitmq
  • postgres
  • account-of-email (optional)

Horusec manager

  • Separate repositories by companies
  • Manage users who have access to your company (users must be pre-registered on horusec to be invited to a pre-existing company)
  • Manage the repositories available in your company for analysis
  • Manage users who have access to company repositories
  • Manage your access tokens for the specific repository (required to identify which repository this analysis belongs to and save to our system)
  • Visually view all existing vulnerabilities in your company and/or its repository

Contributing

Read our contributing guide to learn about our development process, how to propose bugfixes and improvements, and how to build and test your changes to horusec.

Communication

We have a few channels for contact, feel free to reach out to us at:

  • GitHub Issues


Download Horusec

Post navigation

Privescker: dumping all your common Windows enum, privesc and post exploitation scripts
Enlightn: Boost Your App’s Performance & Security

Related Articles

Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

Fake-Sms – A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

- Hack Tools
March 2, 2021
OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security Scanner

OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner

- Hack Tools
March 2, 2021
URLs Deduplication Tool

uddup: URLs Deduplication Tool

- Hack Tools
March 2, 2021
hacker gadgets
hacker phone covers

Recent Posts

Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

Fake-Sms – A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

March 2, 2021
OWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security Scanner

OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner

March 2, 2021
CVE-2020-1938: Apache Tomcat AJP Connector Remote Code Execution Vulnerability Alert

CVE-2021-25329: Apache Tomcat session code execution vulnerability alert

March 2, 2021
URLs Deduplication Tool

uddup: URLs Deduplication Tool

March 2, 2021
SnitchDNS

SnitchDNS: Database Driven DNS Server

March 2, 2021
Halogen - Automatically Create YARA Rules From Malicious Documents

Halogen – Automatically Create YARA Rules From Malicious Documents

March 1, 2021

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW