https://github.com/zeusssz/ninja

A high-performance vulnerability detection tool written in C++.
https://github.com/zeusssz/ninja

cpp vulnerability-detection vulnerability-scanners

Last synced: 12 months ago
JSON representation

A high-performance vulnerability detection tool written in C++.

• Host: GitHub
• URL: https://github.com/zeusssz/ninja
• Owner: zeusssz
• Created: 2024-09-14T11:16:45.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-09-16T11:49:10.000Z (almost 2 years ago)
• Last Synced: 2025-02-22T12:29:35.344Z (over 1 year ago)
• Topics: cpp, vulnerability-detection, vulnerability-scanners
• Language: C++
• Homepage:
• Size: 207 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
### ![image](https://github.com/user-attachments/assets/c3945f79-b331-4914-85b5-0d434af3a00d) 

# Ninja

Ninja is a high-performance vulnerability detection tool written in C++. It integrates with the Z3 Theorem Prover for symbolic execution and cURL for fetching vulnerability data from APIs like the National Vulnerability Database (NVD).

---

### Features

- **Static Analysis**:

  - Detects memory leaks, buffer overflows, SQL injection, XSS, and CSRF vulnerabilities.

  

- **Dynamic Analysis**:

  - Monitors for runtime errors and resource leaks.

- **API Integration**:

  - Fetches real-time vulnerability data from trusted sources like NVD.

---

### Table of Contents

1. [Installation](#installation)

2. [Usage](#usage)

3. [Configuration](#configuration)

4. [API Integration](#api-integration)

5. [Development](#development)

6. [Licensing](#license)

---

### Installation

Before using Ninja, you need to install several dependencies. Follow these steps to set up your environment.

#### Dependencies

1. **Z3 Theorem Prover**

   - **Installation**:

     ```bash

     sudo apt-get install z3

     ```

   - Alternatively, you can [download and install Z3 from GitHub](https://github.com/Z3Prover/z3).

>[!NOTE]  

>Make sure Z3 is properly installed and accessible in your system's `PATH`.

2. **cURL Library**

   - **Installation**:

     ```bash

     sudo apt-get install libcurl4-openssl-dev

     ```

3. **JSON for Modern C++ (nlohmann/json)**

   - **Installation**:

     Add this to your `CMakeLists.txt`:

     ```cmake

     include(FetchContent)

     FetchContent_Declare(

       json

       GIT_REPOSITORY https://github.com/nlohmann/json.git

       GIT_TAG v3.9.1

     )

     FetchContent_MakeAvailable(json)

     target_link_libraries(Ninja PRIVATE nlohmann_json::nlohmann_json)

     ```

4. **CMake**

   - **Installation**:

     ```bash

     sudo apt-get install cmake

     ```

#### Full Setup

1. Clone the repository:

   ```bash

   git clone https://github.com/zeusssz/Ninja.git

   cd Ninja

   ```

2. Build the project:

   ```bash

   mkdir build

   cd build

   cmake ..

   make

   ```

> [!WARNING]  

> Ensure that Z3 and cURL are correctly installed and configured. Missing dependencies will result in build failure.

---

### Usage

Once Ninja is installed, you can run the application by executing the following command in the build directory:

```bash

./Ninja

```

You can specify options like file paths or APIs for vulnerability detection:

```bash

./Ninja --file  --api 

```

> [!INFORMATION]  

> By default, Ninja performs static analysis. You can extend it to dynamic analysis by using the `--dynamic` flag.

---

### Configuration

To configure Ninja for different vulnerability databases, update the configuration file at `config.json`.

#### Example Configuration:

```json

{

  "api_url": "https://services.nvd.nist.gov/rest/json/cves/1.0",

  "api_key": "your_api_key_here"

}

```

> [!NOTE]  

> Make sure to keep your API keys secure and avoid committing them to public repositories.

---

### API Integration

Ninja fetches real-time vulnerability data using the **cURL** library. By default, it integrates with the National Vulnerability Database (NVD).

#### NVD Integration

1. Ensure you have an NVD API key.

2. Update the `main.cpp` file with your API URL and key.

3. Run Ninja to fetch and analyze the latest vulnerabilities.

> [!WARNING]  

> Excessive API requests might result in rate limiting. Use caching mechanisms or avoid frequent calls in production environments.

---

### Development

Feel free to contribute to Ninja. Before submitting a pull request, ensure that:

- Your code follows the project’s coding standards.

- The project builds and runs correctly with no errors.

- You write tests for any new functionality.

---

### License

Ninja is licensed under the MIT License. See the [LICENSE](LICENSE) file for more details.