Security-focused command line tool to scan Git repositories for potentially malicious code patterns
Project description
Insect Security Scanner
Insect is a security-focused command line tool designed to scan Git repositories for potentially malicious code patterns before execution. It uses a combination of static analysis, configuration checks, and metadata examination to identify security risks in code.
🎉 Now in Beta! v0.1.5 brings a beautiful, responsive CLI interface with enhanced configurability.
✨ Features
- 🎨 Beautiful CLI Interface: Rich, colorful, responsive design that adapts to any terminal size
- 🔍 Multi-language Support: Python, JavaScript, Shell scripts, and more
- 🛡️ Deep Static Analysis: Detects suspicious patterns and security vulnerabilities
- 🔧 External Tool Integration: Works with Bandit, Semgrep, ShellCheck, and other security tools
- 📊 Detailed Reporting: Text, JSON, and interactive HTML outputs with professional styling
- ⚡ Performance Optimization: Smart caching for faster re-scanning
- 🎛️ Flexible Configuration: Customize analysis sensitivity and rules based on project needs
- 🐳 Containerized Scanning: Safe analysis of untrusted repositories in Docker containers
Installation
pip install insect
Or using pipenv:
pipenv install insect
🚀 Quick Start
Basic Scanning
# Scan current directory with beautiful UI
insect scan .
# Scan with high sensitivity for comprehensive analysis
insect scan . --sensitivity high
# Generate HTML report with detailed findings
insect scan . --format html --output security-report.html
New in v0.1.5: Responsive CLI
The CLI automatically adapts to your terminal size:
- Wide terminals: Rich side-by-side layout with detailed information
- Narrow terminals: Stacked layout with smart text truncation
- Progress bars: Dynamic width adjustment for optimal viewing
Sensitivity Levels
insect scan . --sensitivity low # Only obvious security threats
insect scan . --sensitivity normal # Standard detection (default)
insect scan . --sensitivity high # Include speculative findings
insect scan . --sensitivity very_high # All patterns (unusual commits, etc.)
Check status of external dependencies:
insect deps
Generate a detailed HTML report:
insect scan /path/to/repository -f html -o report.html
Safely scan a repository in a container before cloning:
insect clone https://github.com/example/repository
Development
Setup
# Clone the repository
git clone https://github.com/yourusername/insect.git
cd insect
# Setup development environment
pipenv install --dev
pipenv shell
# Install pre-commit hooks
pre-commit install
Testing
# Run tests
pytest
# Run tests with coverage
pytest --cov=insect
# Run tox to test across different Python versions
tox
Code Quality
# Format code
black .
isort .
# Lint code
ruff .
# Type checking
mypy .
Documentation
For comprehensive documentation, see our documentation index or explore:
- Usage Guide - Detailed instructions on using Insect
- Security Examples - Examples of security issues Insect can detect
- Advanced Usage - Advanced usage and customization options
- Container Scanning - Running Insect in Docker containers
- Use Cases - Real-world use cases and applications
- Contributing - Guide for contributing to Insect
Security Issues Insect Can Detect
Insect can detect a wide range of security issues, including:
- Command Injection: Unsafe command execution in Python, JavaScript, and Shell scripts
- Cross-Site Scripting (XSS): DOM manipulation vulnerabilities in JavaScript
- SQL Injection: Unsafe SQL query construction
- Hardcoded Secrets: API keys, tokens, and credentials in code
- Insecure Deserialization: Unsafe deserialization of untrusted data
- Path Traversal: Directory traversal vulnerabilities
- Obfuscated Code: Base64 encoded payloads and suspicious patterns
- Configuration Issues: Insecure default settings and misconfigurations
- Browser Data Theft: Malicious code that attempts to steal browser data including:
- Browser history and cookies access
- Browser storage manipulation (localStorage, sessionStorage, indexedDB)
- Browser session hijacking and cookie theft
- Browser password extraction from password managers
- Browser form data and autofill theft
- Browser extension manipulation and injection
- Browser cache access and data exfiltration
- Cryptocurrency Wallet Theft: Malicious code that attempts to steal cryptocurrency assets including:
- Wallet file access patterns (wallet.dat, keystore files)
- Private key extraction attempts
- Seed phrase harvesting code
- Suspicious crypto API interactions
- Wallet address enumeration and scanning
- Hardware wallet access attempts
- Cryptocurrency stealer behavior (clipboard hijacking)
- Exchange API abuse for unauthorized withdrawals
- Unauthorized cryptocurrency mining
For examples of each type, see the Security Examples documentation.
Development
Insect uses tox for managing development environments and running tests. The project uses pipenv for dependency management.
Setup
-
Clone the repository:
git clone https://github.com/somasays/insect.git cd insect
-
Install pipenv and dependencies:
pip install pipenv pipenv install --dev
Available Tox Environments
tox -e all- Run all checks and tests (used in CI/CD)tox -e lint- Run only linting checks (ruff, black, isort)tox -e typecheck- Run only type checking (mypy)tox -e test- Run only tests with coveragetox -e dev- Quick development checks (lint + tests with fast failure)tox -e format- Auto-format code (black, isort)
Development Workflow
-
Quick feedback during development:
pipenv run tox -e dev
-
Format code:
pipenv run tox -e format
-
Run full test suite before committing:
pipenv run tox -e all
-
Run specific tests:
pipenv run tox -e test -- tests/unit/test_specific.py
Manual Commands (if needed)
If you prefer to run individual commands:
# Install dependencies
pipenv install --dev
# Run tests
pipenv run pytest tests/ --cov=insect
# Run linting
pipenv run ruff check src tests
pipenv run black --check src tests
pipenv run isort --check-only src tests
# Type checking
pipenv run mypy src tests
# Format code
pipenv run black src tests
pipenv run isort src tests
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file insect-0.1.5.tar.gz.
File metadata
- Download URL: insect-0.1.5.tar.gz
- Upload date:
- Size: 123.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5a9ad5f8301a09ac49809cd32a5b7a65104a94b8a305315430ed2ea7341ddd84
|
|
| MD5 |
ac24404b755d7ee63cfbbe27e6a85a32
|
|
| BLAKE2b-256 |
2bf4dfa82b5d925b13a7fc81cbf698eb1d58b7c8f085455904e23925857ecc74
|
File details
Details for the file insect-0.1.5-py3-none-any.whl.
File metadata
- Download URL: insect-0.1.5-py3-none-any.whl
- Upload date:
- Size: 136.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7b980a7108384ad5423c9ffa1cbdd8d7b9d5772d5d08dbba31b6b47c40e47089
|
|
| MD5 |
f7f82e9759705bcf0865dc7593e7fd7d
|
|
| BLAKE2b-256 |
40fea9050f67b24dcdd481ba01f9a6ee9e7f433ebd2fece272d6fa43f9a7fb97
|
