Hawkeye is a project security, vulnerability and general risk highlighting tool. It has a few goals:
+ Designed to be entirely extensible by just adding new modules with the correct signature to lib/modules
+ Modules return results via a common interface, which permits consolidated reporting and artefact generation
+ Should be easy to run, be it via NPM, or Docker, on your Host, or in a CI Server
Modules are basically little bits of code that either implement their own logic, or wrap a third party tool and standardise the output. They only run if the required criteria are met, for example; the nsp module would only run if a package.json is detected in the scan target – as a result, you don’t need to tell Hawkeye what type of project you are scanning. The modules implemented so far are:
+ File Names (files): Scan the file list recursively, looking for patterns as defined in data.js, taken from gitrob. We’re looking for things like id_rsa, things that end in pem, etc.
+ File Content Patterns (contents): Looks for patterns as defined in data.js within the contents of files, things like ‘password: ‘, and ‘BEGIN RSA PRIVATE KEY’ will pop up here.
+ File Content Entropy (entropy): Scan files for strings with high (Shannon) entropy, which could indicate passwords or secrets stored in the files, for example: ‘kwaKM@£rFKAM3(a2klma2d’
+ Node Security Project (nsp): Wraps Node Security Project to check your package.json for known vulnerabilities.
+ NPM Check Updates (ncu): Wraps NPM Check Updates to check your package.json for outdated modules.
+ Bundler Audit (bundlerAudit): Wraps Bundler Audit to check your Gemfile/Gemfile.lock for known vulnerabilities.
Usage and Install:
git clone https://github.com/Stono/hawkeye && cd hawkeye
npm install -g hawkeye-scanner
docker run --rm -v $PWD:/target stono/hawkeye
docker-compose run --rm --no-deps hawkeye