Published on September 30th, 2016 | by MaxiSoler1
Dawnscanner v1.6.5 – Ruby Code Auditing Tool
Dawnscanner is a source code scanner designed to review your ruby code for security issues. Dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code.
It supports major MVC (Model View Controller) frameworks, out of the box:
- Ruby on Rails
Dawnscanner is built with security in mind to provide you:
A solid vulnerability knowledge base: version 1.5.0 contains 209 security checks and mailing list and website talking about security are continuously polled to include new checks
An easy to use tool: dawnscanner provides report in both text and HTML format, it has a json output to be consumed in a script and it provides rake tests to be included in your development workout
Vulnerabilty mitigation: dawnscanner has mitigation suggestions in its knowledge base. You won’t be alone dealing with security bugs.
Changelog v1.6.5 – codename: Tow Mater (2016-09-30)
- Issue #212 – CVE-2014-2538 is marked as being vulnerable to rack-ssl 1.3.4.
- The check was triggered for rack-ssl version < 1.4.0. However 1.3.4 is marked as safe, so the check has to be changed as well.
Changelog v1.6.4 – codename: Tow Mater (2016-09-27)
- Issue #199 – CVE-2015-4020 seems to give the wrong Solution
- Issue #168 – Dawn fails for many CVEs that rails 3.2.22 is not vulnerable to
Changelog v1.6.3 – codename: Tow Mater (2016-09-06)
- Issue #107 – Applying PULL REQUEST from @MKgridSec about CVE-2013-0334 check
- Issue #196 – Applying PULL REQUEST from @MKgridSec about CVE 2016 0751 incorrectly flagged
- Issue #197 – Applying PULL REQUEST from @MKgridSec about CVE-2016-2098 incorrectly flagged
More Information: here
Thanks to Paolo Perego, for sharing this tool with us.