Dawnscanner v1.6.5 – Ruby Code Auditing Tool

Dawnscanner v1.6.5 – Ruby Code Auditing Tool

Dawnscanner is a source code scanner designed to review your ruby code for security issues. Dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code.

It supports major MVC (Model View Controller) frameworks, out of the box:

  • Ruby on Rails
  • Sinatra
  • Padrino

Dawnscanner is built with security in mind to provide you:

A solid vulnerability knowledge base: version 1.5.0 contains 209 security checks and mailing list and website talking about security are continuously polled to include new checks

An easy to use tool: dawnscanner provides report in both text and HTML format, it has a json output to be consumed in a script and it provides rake tests to be included in your development workout

Vulnerabilty mitigation: dawnscanner has mitigation suggestions in its knowledge base. You won’t be alone dealing with security bugs.


Changelog v1.6.5 – codename: Tow Mater (2016-09-30)

  • Issue #212 – CVE-2014-2538 is marked as being vulnerable to rack-ssl 1.3.4.
  • The check was triggered for rack-ssl version < 1.4.0. However 1.3.4 is marked as safe, so the check has to be changed as well.

Changelog v1.6.4 – codename: Tow Mater (2016-09-27)

  • Issue #199 – CVE-2015-4020 seems to give the wrong Solution
  • Issue #168 – Dawn fails for many CVEs that rails 3.2.22 is not vulnerable to

Changelog v1.6.3 – codename: Tow Mater (2016-09-06)

  • Issue #107 – Applying PULL REQUEST from @MKgridSec about CVE-2013-0334 check
  • Issue #196 – Applying PULL REQUEST from @MKgridSec about CVE 2016 0751 incorrectly flagged
  • Issue #197 – Applying PULL REQUEST from @MKgridSec about CVE-2016-2098 incorrectly flagged

More Information: here

[button size=large style=round color=red align=none url=https://github.com/thesp0nge/dawnscanner]Download Dawnscanner v1.6.5[/button]

Thanks to Paolo Perego, for sharing this tool with us.


www.artssec.com @maxisoler