0

Retire.js (Burp plugin)

Burp/ZAP/Maven 扩展可集成 Retire.js 资源库以查找易受攻击的 Javascript 库。「Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.」

Github 資源庫
主要指標

Github星跟蹤圖

Retire.js (Burp plugin) Build Status

Burp / ZAP extension that integrate Retire.js repository to find vulnerable JavaScript libraries. It passively look at JavaScript files loaded and identify those vulnerable based on various signature types (URL, filename, file content or specific hash).

License

This software is release under Apache 2.0.

Downloads

Last updated : December 10th, 2019

Burp Suite plugin : Download (also available on the BApp Store)

ZAP plugin : Download

Burp plugin

Retire.js Burp plugin

Retire.js Burp plugin

ZAP plugin

Retire.js ZAP plugin

Maven plugin Maven Central

Run the Maven plugin with the goal scan:

$ cd myproject
$ mvn com.h3xstream.retirejs:retirejs-maven-plugin:scan
   [...]
[INFO] --- retirejs-maven-plugin:1.0.0-SNAPSHOT:scan (default-cli) @ myproject ---
[WARNING] jquery.js contains a vulnerable JavaScript library.
[INFO] Path: C:\Code\myproject\src\main\webapp\js\jquery.js
[INFO] jquery version 1.8.1 is vulnerable.
[INFO] + http://bugs.jquery.com/ticket/11290
[INFO] + http://research.insecurelabs.org/jquery/test/
   [...]

The additional parameter -DretireJsBreakOnFailure can be use to break the build when at least one vulnerability is found.

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.450 s
[INFO] Finished at: 2015-02-19T13:37:00-05:00
[INFO] Final Memory: 11M/245M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.h3xstream.retirejs:retirejs-maven-plugin:1.0.0:scan (default-cli) on project
my-web-app: 6 known vulnerabilities were identified in the JavaScript librairies. -> [Help 1]
[ERROR]

Run the Maven plugin as part of your build

Use the following configuration to run the Maven plugin as part of your build. Only one <repoUrl> may be specified at a time.
To scan / iterate earlier in your build cycle, you can bind the plugin to the validate phase.

  <plugin>    
    <groupId>com.h3xstream.retirejs</groupId>
    <artifactId>retirejs-maven-plugin</artifactId>
    <version>3.0.1</version>
    <configuration>
      <repoUrl>https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/jsrepository.json</repoUrl>
      <!--<repoUrl>https://raw.githubusercontent.com/RetireJS/retire.js/master/repository/npmrepository.json</repoUrl>-->
    </configuration>
    <executions>
      <execution>
        <id>scanProjectJavascript</id>
        <goals>
          <goal>scan</goal>
        </goals>
        <phase>install</phase>
      </execution>
    </executions>
  </plugin>

主要指標

概覽
名稱與所有者h3xstream/burp-retire-js
主編程語言JavaScript
編程語言Java (語言數: 4)
平台
許可證Apache License 2.0
所有者活动
創建於2014-11-26 23:39:42
推送於2024-06-14 06:19:56
最后一次提交2023-05-11 16:02:56
發布數1
最新版本名稱version-3.0.3 (發布於 )
第一版名稱version-3.0.3 (發布於 )
用户参与
星數209
關注者數21
派生數52
提交數169
已啟用問題?
問題數49
打開的問題數5
拉請求數26
打開的拉請求數2
關閉的拉請求數5
项目设置
已啟用Wiki?
已存檔?
是復刻?
已鎖定?
是鏡像?
是私有?