May 9, 2021

Pentest Tools

Retire.js – Command line Scanner and Chrome plugin

This topic contains 2 replies, has 3 voices, and was last updated by  strake davis 5 years, 6 months ago.

  • Author
  • #9481


    Retire.js identify JavaScript libraries with known vulnerabilities in your application

    Retire.js is a command line scanner that helps you identify dependencies with known vulnerabilites in your application. Using the provided Grunt plugin you can easily include Retire.js into your build process. Retire.js also provides a chrome extension allowing you to detect libraries while surfing your website.

    To detect a given version of a given component, Retire.js uses filename or URL. If that fails, it will download/open the file and look for specific comments within the file. If that also fails, there is the possibility to use hashes for minified files. And if that fails as well, the Chrome plugin will run code in a sandbox to try to detect the component and version. This last detection mechanims is not available in the command line scanner, as running arbitrary JavaScript-files in the node-process could have unwanted consequences. If anybody knows of a good way to sandbox the code on node, feel free to register and issue or contribute.

    It’s important to note that even though your site is using a vulnerable library, that does not necessarily mean your site is vulnerable. It depends on whether and how your site exercises the vulnerable code. That said, it’s better to be safe than sorry.

    More Info and Download:

  • #9482


    Where is the best place to get security in Calgary? I have been wanting to get some for my house but I didn’t know where to go.

  • #9483

    strake davis

    Interesting post. I have seen how important security is in Calgary and how much of a difference it makes on a day to day basis.

You must be logged in to reply to this topic.