Examples • Installation • Usage
poc.mp4
sastsweep
is a tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such as popularity and project size, enabling targeted vulnerability research. It automatically detects potential vulnerabilities using semgrep and provides a streamlined HTML report, allowing researchers to quickly drill down to the affected portion of the codebase.
Oneliner to scrape every HackerOne open source target and run semgrep on it
bbscope h1 -b -u '<HACKERONE_USERNAME>' -t '<HACKERONE_TOKEN>' -o tdu | grep -E 'https?://github.com/[A-Za-z0-9-]{1,}/[A-Za-z0-9-]{1,}' -o | sastsweep -threads 10 -desc -stars -files
Scrape flask applications from github search using github-search.py and filter on repositories with 500-3000 stars. Display the number of stars, the repository description, and number of files.
python3 github-search.py --token '<GITHUB TOKEN>' --query '"import Flask" AND ".route("' | sastsweep -stars -desc -files -filter-stars 500-3000
Scan a single repository, display the number of stars, number of security issues, and date of the last commit
sastsweep -repo https://github.com/chebuya/SASTsweep -stars -security-issues -last-commit
Scan a list of targets, display the star count, language composition, number of forks and number of contributors. Filter on repositories with a last commit date after 2024/01/01, less than 5000 stars, and 0 security issues
sastsweep -repos targets.txt -stars -lang -forks -contributors -filter-last-commit 2024/01/01- -filter-stars -5000 -filter-security-issues 0
Run with p/python config
sastsweep -config-path sastsweep.conf ...
sastsweep.conf
FLAGS=--config p/python
Linux is currently the only supported and tested platform
sastsweep
requires go >= 1.23 to install successfully. Run the following command to install sastsweep
go install github.com/chebuya/sastsweep/cmd/sastsweep@latest
sastsweep -h
This will display help for the tool. Here are all the switches it supports.
Usage of ./sastsweep:
-branch
Display the default branch of a repository
-commits
Display the number of commits to the repository
-config-path string
Path to semgrep.conf file
-contributors
Display the number of contributors in a repository
-debug
Enable debug messages
-desc
Display repo description
-files
Display number of files in repo
-filter-commits string
Filter the number of commits to the repository (500-700, -300, 500-, 3000)
-filter-contributors string
Filter the number of contributors in a repository (500-700, -300, 500-, 3000)
-filter-files string
Filter number of files in repo (500-700, -300, 500-, 3000)
-filter-first-commit string
Filter the date of the first commit to the repository (yyyy/mm/dd-yyyy/mm/dd, -yyyy/mm/dd, yyyy/mm/dd-, yyyy/mm/dd)
-filter-forks string
Filter the number of forks of repository (500-700, -300, 500-, 3000)
-filter-issues string
Filter the number of issues in a repository (500-700, -300, 500-, 3000)
-filter-last-commit string
Filter the date of the last commit to the repository (yyyy/mm/dd-yyyy/mm/dd, -yyyy/mm/dd, yyyy/mm/dd-, yyyy/mm/dd)
-filter-last-release string
Filter the date of the latest release (yyyy/mm/dd-yyyy/mm/dd, -yyyy/mm/dd, yyyy/mm/dd-, yyyy/mm/dd)
-filter-pull-requests string
Filter the number of pull requests in a repository (500-700, -300, 500-, 3000)
-filter-security-issues string
Filter the number of security issues in the repository (500-700, -300, 500-, 3000)
-filter-stars string
Filter repos stars in output (500-700, -300, 500-, 3000)
-filter-watchers string
Filter the number of watchers in a repository (500-700, -300, 500-, 3000)
-fireprox string
Use fireprox for reasons... relates to rate limiting on a certain platform (ex: https://abcdefghi.execute-api.us-east-1.amazonaws.com/fireprox/)
-first-commit
Display the date of the first commit to the repository
-forks
Display the number of forks of repository
-full-desc
Display the full repo description
-github1s
Generate links for the web-based vscode browser at github1s.com rather than github.com
-issues
Display the number of issues in a repository
-lang
Display GitHub repo language
-last-commit
Display the date of the last commit to the repository
-last-release
Display the date of the latest release
-no-emoji
Disable this if you are a boring person (or use a weird terminal)
-no-semgrep
Do not perform a semgrep scan on the repos
-out-dir string
Directory to clone repositories to
-pull-requests
Display the number of pull requests in a repository
-raw-links
Print raw links for semgrep report rather than hyperlink with name, good if you want to save output
-repo string
GitHub repository to scan
-repo-link
Display the link associated with the repository
-repos string
File of GitHub repositories to scan
-save-repo
Save the cloned repository
-security-issues
Display the number of security issues in the repository
-semgrep-path string
Custom path to the semgrep binary
-stars
Display repos stars in output
-threads int
Number of threads to start (default 3)
-topics
Display GitHub repo topics
-watchers
Display the number of watchers in a repository
- Write more docs
- Cross-platform support
- More matchers/filters
- More testing
- Write to output/database
- CodeQL, trufflehog support
Thanks to everyone @semgrep/semgrep, this tool would be impossible without it
Inspired by @projectdiscovery/httpx 🩷
sastsweep
is made with 💙 by @_chebuya and distributed under the GPL-3.0 license.