GuardDog
#Security Testing#Malware Analysis
A tool for reading Portable Executable (PE) files with detailed information about the file structure.
GuardDog: A CLI Tool for Identifying Malicious PyPI and npm Packages
GuardDog is a command-line interface (CLI) tool designed to help users identify malicious packages from PyPI and npm.
It runs a set of heuristics on package source code and metadata
It executes a series of heuristics on the package source code using Semgrep rules, as well as on the package metadata. GuardDog can be utilized to scan both local and remote PyPI and npm packages by applying any of the available heuristics.
Installation Instructions
To install Guarddog, you can use the following command: pip install guarddog
- Alternatively, you can use the Docker image by running: docker pull ghcr.io/datadog/guarddog
- You can create an alias for easier usage with: alias guarddog='docker run --rm ghcr.io/datadog/guarddog'
Note: For Windows users, the only supported installation method is via Docker.
Sample usage:
- To scan the most recent version of the 'requests' package, use: guarddog pypi scan requests
- To scan a specific version of the 'requests' package, run: guarddog pypi scan requests --version 2.28.1
- To scan the 'requests' package using two specific heuristics, execute: guarddog pypi scan requests --rules exec-base64 --rules code-execution
- To scan the 'requests' package while excluding one rule, type: guarddog pypi scan requests --exclude-rules exec-base64
- To scan a local package, you can use: guarddog pypi scan /tmp/triage.tar.gz
- To scan a local directory, ensure that the packages are located in the root of that directory.
For example, you have multiple PyPI packages in
/samples/, such as: ./samples/package
