TrojanSourceFinder – Help Find Trojan Source Vulnerability In Code
TrojanSourceFinder helps developers detect “Trojan Source”
Homoglyph
Alternative
As mentioned by @ioah86 here, trojan source could also been detected w/ a one liner using grep.
The big difference is the output format and the exitstatus code (tsfinder exit with status code 0 if no Trojan source has been found, 1 otherwise; the opposite for grep)
Also, this one-liner does not resolve the homoglyph issue
| Goal | tsfinder |
grep one-liner |
|---|---|---|
| Scan all files + show lines | tsfinder -v . |
grep -arE $'(u2066|u2067|u2068|u202A|u202B|u202D|u202E|u202C|u2069|u200E|u200F|u061C|u2066|u2067|u2068)' |
| Scan only on human-readable files | tsfinder -t . |
grep -IrE $'(u2066|u2067|u2068|u202A|u202B|u202D|u202E|u202C|u2069|u200E|u200F|u061C|u2066|u2067|u2068)' |
| Exit with status code 1 if found | default | [one-liner] && exit 1 || exit 0 |
Download TrojanSourceFinder
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
