Zen Internals is a library that can be used via FFI in different languages. Contains algorithms to detect:
- Shell Injections (WIP)
- SQL Injections
import ctypes
zen_internals = ctypes.CDLL("target/release/libzen_internals.so")
if __name__ == "__main__":
command = "whoami | shell".encode("utf-8")
userinput = "whoami".encode("utf-8")
result = zen_internals.detect_shell_injection(command, userinput)
print("Result", bool(result))
$ npm install @aikidosec/zen-internals
$ yarn add @aikidosec/zen-internals
const { wasm_detect_sql_injection } = require("@aikidosec/zen-internals");
const detected = wasm_detect_sql_injection(
`SELECT * FROM users WHERE id = '' OR 1=1 -- '`, // query
`' OR 1=1 -- `, // user input
9 // MySQL dialect
);
console.log(detected); // 1
See list of dialects