{"id":13436627,"url":"https://github.com/olacabs/jackhammer","last_synced_at":"2026-02-05T23:03:13.682Z","repository":{"id":20719787,"uuid":"89223604","full_name":"olacabs/jackhammer","owner":"olacabs","description":"Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.","archived":false,"fork":false,"pushed_at":"2024-03-18T20:24:14.000Z","size":66841,"stargazers_count":728,"open_issues_count":74,"forks_count":164,"subscribers_count":59,"default_branch":"master","last_synced_at":"2025-03-18T21:50:29.940Z","etag":null,"topics":["application-security","dynamic-analysis","mobile-security","network-security","penetration-testing","penetration-testing-framework","security","security-scanner","security-vulnerability-assessment","source-code-analysis","static-code-analysis","vulnerability-assessment","vulnerability-management","vulnerability-scanners","vulnerability-scanning","webappsec","wordpress-security"],"latest_commit_sha":null,"homepage":"https://jch.olacabs.com/userguide","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/olacabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-24T09:44:04.000Z","updated_at":"2025-03-14T04:49:32.000Z","dependencies_parsed_at":"2022-09-02T13:12:08.538Z","dependency_job_id":"d57910f8-b6bf-438c-9c22-732b78d7e792","html_url":"https://github.com/olacabs/jackhammer","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/olacabs/jackhammer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olacabs%2Fjackhammer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olacabs%2Fjackhammer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olacabs%2Fjackhammer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olacabs%2Fjackhammer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/olacabs","download_url":"https://codeload.github.com/olacabs/jackhammer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olacabs%2Fjackhammer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29137754,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T23:02:30.544Z","status":"ssl_error","status_checked_at":"2026-02-05T23:02:24.945Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-security","dynamic-analysis","mobile-security","network-security","penetration-testing","penetration-testing-framework","security","security-scanner","security-vulnerability-assessment","source-code-analysis","static-code-analysis","vulnerability-assessment","vulnerability-management","vulnerability-scanners","vulnerability-scanning","webappsec","wordpress-security"],"created_at":"2024-07-31T03:00:50.819Z","updated_at":"2026-02-05T23:03:13.666Z","avatar_url":"https://github.com/olacabs.png","language":"Java","funding_links":[],"categories":["Java","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Java (504)","测试","vulnerability-scanners"],"sub_categories":["\u003ca id=\"9d1ce4a40c660c0ce15aec6daf7f56dd\"\u003e\u003c/a\u003e未分类-Vul"],"readme":"## Jackhammer: \nOne Security vulnerability assessment/management tool to solve all the security team problems.\n\n## What is Jackhammer?\n\nJackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capability. It finds security vulnerabilities in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.\n\nIt completely works on RBAC (Role Based Access Control). There are cool dashboards for individual scans and team scans giving ample flexibility to collaborate with different teams. It is totally built on pluggable architecture which can be integrated with any open source/commercial tool.\n\n\nJackhammer uses the OWASP pipeline project to run multiple open source and commercial tools against your code,web app, mobile app, cms (wordpress), network.\n\n\n## Key Features:\n\n* Provides unified interface to collaborate on findings\n* Scanning (code) can be done for all code management repositories\n* Scheduling of scans based on intervals # daily, weekly, monthly\n* Advanced false positive filtering\n* Publish vulnerabilities to bug tracking systems\n* Keep a tab on statistics and vulnerability trends in your applications\n* Integrates with majority of open source and commercial scanning tools\n* Users and Roles management giving greater control\n* Configurable severity levels on list of findings across the applications\n* Built-in vulnerability status progression\n* Easy to use filters to review targeted sets from tons of vulnerabilities\n* Asynchronous scanning (via sidekiq) that scale\n* Seamless Vulnerability Management\n* Track statistics and graph security trends in your applications\n* Easily integrates with a variety of open source, commercial and custom scanning tools\n\n\n\n## Supported Vulnerability Scanners:\n\n### Static Analysis:\n\n * [Brakeman][]\n * [Bundler-Audit][] \n * [Dawnscanner][]\n * [FindSecurityBugs][]\n * [Xanitizer*][]\n * [NodeSecurityProject][]\n * [Retire.js][]\n\n\n \u0026nbsp;\u0026nbsp; * license required\n \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; ** commercial license required\n\n\n## Finding hard coded secrets/tokens/creds:\n\n  * [Trufflehog][] (Slightly modified/extended for better result and integration as of May 2017)\n\n## Webapp:\n\n  * [Arachni][] \n\n## Mobile App:\n\n  * [Androbugs][] (Slightly modified/extended for better result and integration as of May 2017)\n  * [Androguard][] (Slightly modified/extended for better result and integration as of May 2017)\n\n## Wordpress:\n\n   * [WPScan][] (Slightly modified/extended for better result and integration as of May 2017)\n\n## Network:\n\n  * [Nmap][] \n\n## Adding Custom (other open source/commercial /personal) Scanners:\n\n   You can add any scanner to jackhammer within 10-30 minutes. [Check the links/video ](https://jch.olacabs.com/userguide/adding_new_tool) \n\n## Quick Start and Installation\n\nSee our [Quick Start/Installation Guide][] if you want to try out Jackhammer as quickly as possible using Docker Compose.\n\n##### Run the following commands for local setup (corporate mode):\n\n```\n git clone https://github.com/olacabs/jackhammer\n sh ./docker-build.sh\n\n```\n##### Default credentials for local setup:\n\nusername: jackhammer@olacabs.com\n\npassword: j4ckh4mm3r\n\n##### (For single user mode)\n``` \nsh ./docker-build.sh SingleUser\n\n```\n\ndo signup for access\n\n## Restarting Jackhammer\n\n```\ndocker-compose stop\ndocker-compose rm\ndocker-compose up -d\n```\n## User Guide\n\n   The [User Guide][] will give you an overview of how to use Jackhammer once you have things up and running.\n\n## Demo\n\n##### Demo Environment Link: \nhttps://jch.olacabs.com/\n\n##### Default credentials:\n\nusername: admin@admin.com\n\npassword: admin@admin.com\n\n[Brakeman]: http://brakemanscanner.org/\n[Bundler-Audit]: https://github.com/rubysec/bundler-audit\n[Dawnscanner]: https://github.com/thesp0nge/dawnscanner\n[FindSecurityBugs]: https://find-sec-bugs.github.io/\n[Xanitizer*]: https://www.rigs-it.net/index.php/get-xanitizer.html\n[NodeSecurityProject]: https://nodesecurity.io/\n[Retire.js]: https://retirejs.github.io/retire.js/\n[Trufflehog]: https://github.com/dxa4481/truffleHog\n[Arachni]: http://www.arachni-scanner.com/\n[Androbugs]: https://github.com/AndroBugs/AndroBugs_Framework\n[Androguard]: https://github.com/androguard/androguard\n[Nmap]: https://nmap.org/\n[WPScan]: https://github.com/wpscanteam/wpscan\n[User Guide]: https://jch.olacabs.com/userguide\n[Quick Start/Installation Guide]: http://jch.olacabs.com/userguide/installation\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Folacabs%2Fjackhammer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Folacabs%2Fjackhammer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Folacabs%2Fjackhammer/lists"}