Ninja

Ninja is a high-performance vulnerability detection tool written in C++. It integrates with the Z3 Theorem Prover for symbolic execution and cURL for fetching vulnerability data from APIs like the National Vulnerability Database (NVD).

---

Features

• Static Analysis:

  • Detects memory leaks, buffer overflows, SQL injection, XSS, and CSRF vulnerabilities.

• Dynamic Analysis:

  • Monitors for runtime errors and resource leaks.

• API Integration:

  • Fetches real-time vulnerability data from trusted sources like NVD.

---

Table of Contents

1. Installation
2. Usage
3. Configuration
4. API Integration
5. Development
6. Licensing

---

Installation

Before using Ninja, you need to install several dependencies. Follow these steps to set up your environment.

Dependencies

1. Z3 Theorem Prover
   • Installation:

     sudo apt-get install z3

   • Alternatively, you can download and install Z3 from GitHub.

Note

Make sure Z3 is properly installed and accessible in your system's PATH.

2. cURL Library

   • Installation:

     sudo apt-get install libcurl4-openssl-dev

3. JSON for Modern C++ (nlohmann/json)

   • Installation: Add this to your CMakeLists.txt:

     include(FetchContent)
     FetchContent_Declare(
       json
       GIT_REPOSITORY https://github.com/nlohmann/json.git
       GIT_TAG v3.9.1
     )
     FetchContent_MakeAvailable(json)
     target_link_libraries(Ninja PRIVATE nlohmann_json::nlohmann_json)

4. CMake

   • Installation:

     sudo apt-get install cmake

Full Setup

1. Clone the repository:

   git clone https://github.com/zeusssz/Ninja.git
   cd Ninja

2. Build the project:

   mkdir build
   cd build
   cmake ..
   make

Warning

Ensure that Z3 and cURL are correctly installed and configured. Missing dependencies will result in build failure.

---

Usage

Once Ninja is installed, you can run the application by executing the following command in the build directory:

./Ninja

You can specify options like file paths or APIs for vulnerability detection:

./Ninja --file <source-code-path> --api <nvd-api-url>

[!INFORMATION]
By default, Ninja performs static analysis. You can extend it to dynamic analysis by using the --dynamic flag.

---

Configuration

To configure Ninja for different vulnerability databases, update the configuration file at config.json.

Example Configuration:

{
  "api_url": "https://services.nvd.nist.gov/rest/json/cves/1.0",
  "api_key": "your_api_key_here"
}

Note

Make sure to keep your API keys secure and avoid committing them to public repositories.

---

API Integration

Ninja fetches real-time vulnerability data using the cURL library. By default, it integrates with the National Vulnerability Database (NVD).

NVD Integration

1. Ensure you have an NVD API key.
2. Update the main.cpp file with your API URL and key.
3. Run Ninja to fetch and analyze the latest vulnerabilities.

Warning

Excessive API requests might result in rate limiting. Use caching mechanisms or avoid frequent calls in production environments.

---

Development

Feel free to contribute to Ninja. Before submitting a pull request, ensure that:

• Your code follows the project’s coding standards.
• The project builds and runs correctly with no errors.
• You write tests for any new functionality.

---

License

Ninja is licensed under the MIT License. See the LICENSE file for more details.