-
Notifications
You must be signed in to change notification settings - Fork 8
Tool Usage
$ python3 dakshscra.py -h // To view avaialble options and arguments
usage: dakshscra.py [-h] [-r RULE_FILE] [-f FILE_TYPES] [-v] [-t TARGET_DIR] [-l {R,RF}] [-recon] [-estimate]
options:
-h, --help show this help message and exit
-r RULE_FILE Specify platform specific rule name
-f FILE_TYPES Specify file types to scan
-v Specify verbosity level {'-v', '-vv', '-vvv'}
-t TARGET_DIR Specify target directory path
-l {R,RF}, --list {R,RF} List rules [R] OR rules and filetypes [RF]
-recon Detects platform, framework and programming language used
-estimate Estimate efforts required for code review
The script accepts several command line arguments to customize the scan. Here are the available options:
-
-r <rule_file>: Specify the platform-specific rule name. -
-f <file_types>: Specify file types to scan. -
-v: Increase verbosity level (use-v,-vv, or-vvv). -
-t <target_dir>: Specify the target directory path for scanning. -
-l <rules_filetypes>: List rules (R) or rules and file types (RF). -
-recon: Detect platform, framework, and programming language used. -
-estimate: Estimate efforts required for code review.
usage: dakshscra.py [-h] [-r RULE_FILE] [-f FILE_TYPES] [-v] [-t TARGET_DIR] [-l {R,RF}] [-recon] [-estimate]
-
Specify platforms with '-r' (single or multiple) for platform-specific rules:
-
Single platform: dakshsca.py -r php -t /source_dir_path
-
Multiple platforms: dakshsca.py -r php,java,cpp -t /source_dir_path
Only the selected platform-specific rules will be applied to the corresponding project files.
-
-
'-f' is optional and defaults to the filetypes of the selected rule:
- Example: dakshsca.py -r php -t /source_dir_path
-
To override the default, specify filetypes with '-f':
- Example: dakshsca.py -r php -f dotnet -t /path_to_source_dir
-
Perform reconnaissance and rule-based scanning with '-recon' and '-r':
- Example: dakshsca.py -recon -r php -t /path_to_source_dir
-
Perform reconnaissance only without '-r':
- Example: dakshsca.py -recon -t /path_to_source_dir
-
Verbosity levels:
- '-v' is default; '-vvv' displays all rule checks within each category.
- Example: dakshsca.py -r php -vv -t /path_to_source_dir
Note: Ensure to run the tool in the correct Python environment. Example: python3 dakshsca.py -r php -t /source_dir_path
The tool generates reports in three formats: HTML, PDF, and TEXT. Although the HTML and PDF reports are still being improved, they are currently in a reasonably good state. With each subsequent iteration, these reports will continue to be refined and improved even further.
- DakshSCRA/reports/html/report.html
- DakshSCRA/reports/html/report.pdf
- Areas of Interest - Identified Patterns : DakshSCRA/reports/text/areas_of_interest.txt
- Areas of Interest - Project Files: DakshSCRA/reports/text/filepaths_aoi.txt
- Identified Project Files: DakshSCRA/runtime/filepaths.txt
- Reconnaissance Summary: /reports/text/recon.txt
Note: Currently, the reconnaissance report is created in a text format. However, in upcoming releases, the plan is to incorporate it into the vulnerability scanning report, which will be available in both HTML and PDF formats.
- Effort estimation report: /reports/html/estimation.html
Note: At present, the effort estimation for the source code review is in its early stages. It is considered experimental and will be developed and refined through several iterations. Improvements will be made over multiple releases, as the formula and the concept are new and require time to be honed to achieve accuracy or reasonable estimation.
Currently, the report is generated in HTML format. However, in future releases, there are plans to also provide it in PDF format.