Flawnter Custom Data Finder Extension

Flawnter Custom Data Finder extension lets you define your own custom regex rules to find the data you need. Simply add one regex statement per line in a file called custom-data-finder-rules. This file needs to be in same path as the custom data finder jar file.

The Format of the rule for Custom Data Finder is as follows: title:severity:type:regex rule. Each column is separated by colon (:).
Title - This is the title of the finding you want to show in the report if it finds a match.
Severity - This is the finding severity you want to show in the report. It can be one of the following values (info,low,medium,high,critical).
Type - This is the finding type. Can be security or quality.
Regex - This is the regex rule to match the pattern in the file it is scanning. If a match is found, a finding is created.

Example rules to find hard-coded usernames and passwords:
Hard-coded Username:low:security:(?i)(username|userid|user[-_]?name|user[-_]?id)\s*=\s*['"].+['"]
Hard-coded Password:high:security:(?i)(password|pwd)\s*[=:]\s*(.{0,32})



Download