- π€ Why enygmah?
- π How can I use it?
- π Learn more
- π«Ά Support enygmah Development
- π‘ Feature requests
- π Contributing to enygmah
- β¨ Inspiration
- π Thank You
enygmah is a Free and Open Source Software (FOSS), created to streamline and simplify security and code quality processes through static code analyses (SAST) and dynamic code analyses (DAST). Its goal is to be user-friendly and easy to use even by those who do not want to be an expert in security.
Enygmah was created to consolidate many processes into a single solution. It offers:
- Local source security and quality analysis
- Remote source security and quality analysis
- Web Applications security analysis
- Docker images security analysis
- Mobile app analysis (in development)
- Binaries analysis (in development)
And the best part? It's completely free and open source!
To start using enygmah, simply go to our releases page and download the latest version of enygmah (we offer different versions for Linux (or Windows WSL), macOS).
NOTE: This tool is strictly integrated into Docker, so to use it you need to have Docker installed. For Windows machines, make sure to execute it from inside the WSL. You can use it as a standalone application, running it right from the binary/executable folder, or you can add it to the path of your system.
That's it! You can now start using the enygmah to ensure the security and quality of your projects! We are sure that it will be really helpful to you π
To see the full list of commands you can run enygmah --help.
We currently have two main commands:
enygmah scan <target>: Scans a folder, repository (remote or local), a web application or a docker image (it depend's on what you pass as the<target>parameter).- Example:
enygmah scan .(current folder) - Example:
enygmah scan https://github.com/hotaydev/enygmah.git(remote repository) - Example:
enygmah scan deian(Docker image)
- Example:
enygmah install: It downloads all the nedded Docker images. If not runned, it will automatically download the images when runningenygmah scan.
- Documentation: Wiki
- Discussions: Github Discussions
If you find enygmah useful and want to help us keep the project growing, please consider supporting our project with Github Sponsors. Your support shows our contributors that their efforts are appreciated and motivates them to continue their excellent work. Every contribution, no matter how small, helps us keep improving enygmah.
We value your input on improving enygmah and making it more useful for you. If you have any ideas or feature requests, please share them in the enygmah discussions: Ideas section or by opening an Issue here on Github.
Your feedback helps us understand our users' needs and prioritize the features that matter most to you. We appreciate your time and effort in sharing your thoughts with us.
We appreciate your support, and we look forward to hearing your ideas!
Also, if you've liked someone's Feature request, upvote it! It helps us prioritize our work π
To start contributing to enygmah, please read CONTRIBUTING.md. There are ways to contribute with code and without code. We welcome all contributions, big or small, and we appreciate your time and effort in helping us improve enygmah. We look forward to your contributions π
To set up a development environment for the enygmah cli tool, you just need to have Rust installed. The environment is the same for macOS/Linux and for Windows (but for Windows it will require WSL, since we interact a lot with Docker).
To test it locally against enygmah itself, you can run it like this: cargo run -- scan .
enygmah is inspired by several unique tools and projects, including Snyk, Sonarqube, Trivy and ZAP Proxy.
We owe a huge debt of gratitude to the developers and creators of these projects, and we hope that enygmah can continue to build on their innovative ideas and make them accessible to a broader audience.
Thank you to all those who inspire us, and we look forward to seeing what the enygmah community will create with this tool!
- Rust - The base of our CLI
- clap - CLI Framework for Rust
- bollard - Rust bindings for Docker interaction
- Trivy - Detect secrets, code vulnerabilities and vulnerable dependencies locally and in Docker images.
- Sonarqube - Detect Code issues and Hotspots for possible vulnerable code.
- OsvScanner - Detect vulnerable dependencies.
- GoSec - Scan for vulnerabilities in Go Lang.
- WpScan - Scan for vulnerabilities in Wordpress.
- OwaspZapProxy - Dinamically scan for vulnerabilities in web applications.
- Nikto - Dinamically scan for vulnerabilities in web applications.
- Nuclei - Dinamically scan for vulnerabilities in web applications.
- Semgrep - Scan for code vulnerabilities and vulnerable dependencies in static code.
- SpotBugs - Scan for code vulnerabilities and vulnerable dependencies in Java static code.
- Grype - Scan for vulnerabilities in Docker images.
- CppCheck - Scan for code vulnerabilities and vulnerable dependencies in static C/C++ code.
- Docker Bench Security - Benchmark Docker Security.
- Docker Scout - Scan for vulnerabilities in Docker Images.
- Snyk - Scan for code vulnerabilities, vulnerable dependencies and vulnerabilities in Docker images.
- MobSF - Search for vulnerabilities in Mobile Apps
- OSS-Fuzz - Fuzzer for web applications.
- Secret Scanner - Scan for secrets in Containers and File Systems.
- Threat Mapper - Threat Management and Path Enumeration for Cloud Environments.
- Wapiti - Waiting to be stable with python 3.13 to add to this tool.
- Inspec - Vulnerability analisis in infrastructure.
- Kubebench - Benchmark Kubernetes Security.
- binskim - Binary static analysis tool
- Clair - Docker Security Scanner.
- radare2 - Binary static analysis tool
We want to express our sincere gratitude to our Github Sponsors and the contributors of the project. Your support and contributions allow us to continue developing and improving enygmah. Thank you for being a part of our community and helping us make enygmah the best it can be!
