Python port of RetireJS - A tool to scan for vulnerabilities in JavaScript libraries
Project description
UnretiredJS
A Python port of RetireJS - A tool to scan for vulnerabilities in JavaScript libraries.
Description
UnretiredJS is a Python library that helps you identify known vulnerabilities in JavaScript libraries used in your web applications. It's a port of the popular RetireJS tool, bringing the same powerful vulnerability scanning capabilities to Python projects.
Note: This is a fork of FallibleInc/retirejslib, maintained and updated with additional features and improvements.
Installation
pip install unretiredjs
Usage
Basic Usage
import unretiredjs
# Scan a remote JavaScript file
results = unretiredjs.scan_endpoint("http://code.jquery.com/jquery-1.6.min.js")
Sample Output
[
{
'detection': 'filecontent',
'vulnerabilities': [
{
'info': [
'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969',
'http://research.insecurelabs.org/jquery/test/'
],
'identifiers': {
'CVE': ['CVE-2011-4969']
},
'severity': 'medium'
},
{
'info': [
'http://bugs.jquery.com/ticket/11290',
'http://research.insecurelabs.org/jquery/test/'
],
'identifiers': {
'bug': '11290',
'summary': 'Selector interpreted as HTML'
},
'severity': 'medium'
},
{
'info': [
'https://github.com/jquery/jquery/issues/2432',
'http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/'
],
'identifiers': {
'summary': '3rd party CORS request may execute'
},
'severity': 'medium'
}
],
'version': '1.6.0',
'component': 'jquery'
}
]
Features
- Scan remote JavaScript files for known vulnerabilities
- Detect vulnerable versions of popular JavaScript libraries
- Comprehensive vulnerability database
- Easy to integrate into Python projects
Requirements
- Python 3.6 or higher
- requests>=2.25.0
License
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Author
Anand Kumar - GitHub
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file unretiredjs-1.4.2.tar.gz.
File metadata
- Download URL: unretiredjs-1.4.2.tar.gz
- Upload date:
- Size: 18.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
543b7f4b250c4725fe7a04f8f2ca4b6b861fcc40f59545d441e8aa546e23c954
|
|
| MD5 |
388868ac84f8d9965b5b14b67995e125
|
|
| BLAKE2b-256 |
697abf7c6b0d3a6f941f939c4ccb2c0646684ddd9f176f1e9c3ddd424e2216e2
|
File details
Details for the file unretiredjs-1.4.2-py3-none-any.whl.
File metadata
- Download URL: unretiredjs-1.4.2-py3-none-any.whl
- Upload date:
- Size: 18.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
842d18749946869a5c8fae600745453bb629bd9da0f9e48ea9c3d666d88b2108
|
|
| MD5 |
f2ef6f7e0c1e5198c5525fff76cd612a
|
|
| BLAKE2b-256 |
94f09b90102c784badea6c55c075f442d4ad579b29639180a622fbaf389300ea
|
