TrojanSourceFinder – Help Find Trojan Source Vulnerability In Code

TrojanSourceFinder helps developers detect “Trojan Source”

 

Homoglyph

 

Alternative

As mentioned by @ioah86 here, trojan source could also been detected w/ a one liner using grep.

The big difference is the output format and the exitstatus code (tsfinder exit with status code 0 if no Trojan source has been found, 1 otherwise; the opposite for grep)

Also, this one-liner does not resolve the homoglyph issue

Goal tsfinder grep one-liner
Scan all files + show lines tsfinder -v . grep -arE $'(u2066|u2067|u2068|u202A|u202B|u202D|u202E|u202C|u2069|u200E|u200F|u061C|u2066|u2067|u2068)'
Scan only on human-readable files tsfinder -t . grep -IrE $'(u2066|u2067|u2068|u202A|u202B|u202D|u202E|u202C|u2069|u200E|u200F|u061C|u2066|u2067|u2068)'
Exit with status code 1 if found default [one-liner] && exit 1 || exit 0
Download TrojanSourceFinder

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source