GITBOOK-4415: No subject

network-services-pentesting/pentesting-web/code-review-tools.md

@@ -1,8 +1,8 @@
 # Source code Review / SAST Tools
 
 {% hint style="success" %}
-Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
-Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>
 
@@ -273,7 +273,7 @@ $ chmod +x insider
 $ ./insider --tech javascript  --target <projectfolder>
 ```
 
-### [**DeepSource**](https://deepsource.com/pricing)&#x20;
+### [**DeepSource**](https://deepsource.com/pricing)
 
 Free for **public repos**.
 
@@ -286,7 +286,10 @@ Free for **public repos**.
 brew install yarn
 # Run
 cd /path/to/repo
-yarn audit
+yarn install
+yarn audit # In lower versions
+yarn npm audit # In 2+ versions
+
 npm audit
 ```
 
@@ -297,6 +300,7 @@ npm audit
 npm install -g pnpm
 # Run
 cd /path/to/repo
+pnpm install
 pnpm audit
 ```
 
@@ -447,17 +451,17 @@ https://github.com/securego/gosec
    * Tips:
      * If using jsnice.org, click on the options button next to the "Nicify JavaScript" button, and de-select "Infer types" to reduce cluttering the code with comments.
      * Ensure you do not leave any empty lines before the script, as it may affect the deobfuscation process and give inaccurate results.
-4. For some more modern alternatives to JSNice, you might like to look at the following:
-  * [https://github.com/pionxzh/wakaru](https://github.com/pionxzh/wakaru)
-    * > Javascript decompiler, unpacker and unminify toolkit
-      > Wakaru is the Javascript decompiler for modern frontend. It brings back the original code from a bundled and transpiled source.
-  * [https://github.com/j4k0xb/webcrack](https://github.com/j4k0xb/webcrack)
-    * > Deobfuscate obfuscator.io, unminify and unpack bundled javascript
-  * [https://github.com/jehna/humanify](https://github.com/jehna/humanify)
-    * > Un-minify Javascript code using ChatGPT
-      > This tool uses large language modeles (like ChatGPT & llama2) and other tools to un-minify Javascript code. Note that LLMs don't perform any structural changes – they only provide hints to rename variables and functions. The heavy lifting is done by Babel on AST level to ensure code stays 1-1 equivalent.
-    * [https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification.html](https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification.html)
-      * > Using LLMs to reverse JavaScript variable name minification
+3. For some more modern alternatives to JSNice, you might like to look at the following:
+
+* [https://github.com/pionxzh/wakaru](https://github.com/pionxzh/wakaru)
+  * > Javascript decompiler, unpacker and unminify toolkit Wakaru is the Javascript decompiler for modern frontend. It brings back the original code from a bundled and transpiled source.
+* [https://github.com/j4k0xb/webcrack](https://github.com/j4k0xb/webcrack)
+  * > Deobfuscate obfuscator.io, unminify and unpack bundled javascript
+* [https://github.com/jehna/humanify](https://github.com/jehna/humanify)
+  * > Un-minify Javascript code using ChatGPT This tool uses large language modeles (like ChatGPT & llama2) and other tools to un-minify Javascript code. Note that LLMs don't perform any structural changes – they only provide hints to rename variables and functions. The heavy lifting is done by Babel on AST level to ensure code stays 1-1 equivalent.
+  * [https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification.html](https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification.html)
+    * > Using LLMs to reverse JavaScript variable name minification
+
 3. Use `console.log()`;
    * Find the return value at the end and change it to `console.log(<packerReturnVariable>);` so the deobfuscated js is printed instead of being executing.
    * Then, paste the modified (and still obfuscated) js into [https://jsconsole.com/](https://jsconsole.com/) to see the deobfuscated js logged to the console.
@@ -466,10 +470,10 @@ https://github.com/securego/gosec
 
 #### References
 
-* [YouTube: DAST - Javascript Dynamic Analysis](https://www.youtube.com/watch?v=_v8r_t4v6hQ)
+* [YouTube: DAST - Javascript Dynamic Analysis](https://www.youtube.com/watch?v=\_v8r\_t4v6hQ)
 * [https://blog.nvisium.com/angular-for-pentesters-part-1](https://web.archive.org/web/20221226054137/https://blog.nvisium.com/angular-for-pentesters-part-1)
 * [https://blog.nvisium.com/angular-for-pentesters-part-2](https://web.archive.org/web/20230204012439/https://blog.nvisium.com/angular-for-pentesters-part-2)
-* [devalias](https://twitter.com/_devalias)'s [GitHub Gists](https://gist.github.com/0xdevalias):
+* [devalias](https://twitter.com/\_devalias)'s [GitHub Gists](https://gist.github.com/0xdevalias):
   * [Deobfuscating / Unminifying Obfuscated Web App Code](https://gist.github.com/0xdevalias/d8b743efb82c0e9406fc69da0d6c6581#deobfuscating--unminifying-obfuscated-web-app-code)
   * [Reverse Engineering Webpack Apps](https://gist.github.com/0xdevalias/8c621c5d09d780b1d321bfdb86d67cdd#reverse-engineering-webpack-apps)
   * [etc](https://gist.github.com/search?q=user:0xdevalias+javascript)
@@ -486,8 +490,8 @@ https://github.com/securego/gosec
 * [https://github.com/jshint/jshint/](https://github.com/jshint/jshint/)
 
 {% hint style="success" %}
-Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
-Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
 
 <details>