Welcome to the Nuclei Mona Code Scanner repository! This project contains Nuclei templates designed for source code analysis. Our templates help you detect hardcoded secrets, configuration leaks, and debug endpoints. They also assist in identifying OWASP Top 10 issues within your code. This makes the Nuclei Mona Code Scanner ideal for Static Application Security Testing (SAST) and Continuous Integration/Continuous Deployment (CI/CD) integration.
- Hardcoded Secrets Detection: Identify sensitive information embedded in your source code.
- Configuration Leak Detection: Find configurations that should not be publicly accessible.
- Debug Endpoint Detection: Spot endpoints that may expose sensitive data during development.
- OWASP Top 10 Issues: Help your team address the most critical security vulnerabilities.
- SAST and CI/CD Integration: Seamlessly integrate with your existing workflows for enhanced security.
To get started with the Nuclei Mona Code Scanner, you can download the latest release from our Releases page. Follow the instructions below to set it up.
- You need to have Nuclei installed on your machine.
- Ensure you have a working knowledge of how to use Nuclei.
- Visit the Releases page to download the latest version.
- Extract the downloaded file.
- Place the templates in your Nuclei templates directory.
To use the Nuclei Mona Code Scanner, run the following command in your terminal:
nuclei -t /path/to/your/templatesReplace /path/to/your/templates with the actual path where you saved the Nuclei templates.
Here’s an example command to run the scanner:
nuclei -t ~/nuclei-templates/nuclei-MonaCodeScannerThis command will execute the templates contained in the Nuclei Mona Code Scanner against your codebase.
The Nuclei Mona Code Scanner includes several templates tailored for different security checks. Here’s a brief overview of what each template does:
These templates search for hardcoded API keys, passwords, and other sensitive information in your source code. They help ensure that no secrets are exposed in public repositories.
Configuration leak templates check for files that should not be publicly accessible, such as .env files or configuration files containing sensitive data.
These templates identify endpoints that may be left open during development, which could expose sensitive information or functionality.
The OWASP Top 10 templates focus on the most common vulnerabilities in web applications, helping developers to proactively address security issues.
We welcome contributions to the Nuclei Mona Code Scanner. If you would like to contribute, please follow these steps:
- Fork the repository.
- Create a new branch for your feature or fix.
- Make your changes and commit them.
- Push your changes to your fork.
- Submit a pull request detailing your changes.
This project is licensed under the MIT License. See the LICENSE file for more details.
For any questions or issues, please feel free to reach out via GitHub issues or contact the repository owner directly.
We encourage you to explore the Nuclei Mona Code Scanner and integrate it into your security practices. For the latest updates and releases, visit our Releases page.
Happy coding!