원클릭으로
sc-rce
Remote Code Execution detection via eval, exec, dynamic code loading, and code injection vectors
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Remote Code Execution detection via eval, exec, dynamic code loading, and code injection vectors
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-rce |
| description | Remote Code Execution detection via eval, exec, dynamic code loading, and code injection vectors |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects remote code execution vulnerabilities where user-controlled input reaches functions that evaluate or execute code dynamically. Covers eval-based injection, dynamic function construction, script engine execution, template code execution, and code loading from untrusted sources. This skill focuses on code evaluation mechanisms beyond command injection (covered by sc-cmdi) and deserialization (covered by sc-deserialization).
Called by sc-orchestrator during Phase 2. Runs against all detected languages.
# Python
"eval(", "exec(", "compile(", "__import__(", "importlib.import_module(",
"builtins.__import__", "code.InteractiveInterpreter", "ast.literal_eval"
# JavaScript/Node.js
"eval(", "Function(", "setTimeout(.*string", "setInterval(.*string",
"vm.runInNewContext(", "vm.runInThisContext(", "vm.createContext(",
"require(.*variable", "import(.*variable", "new Function("
# PHP
"eval(", "assert(", "create_function(", "preg_replace(.*/e",
"call_user_func(", "call_user_func_array(", "array_map(",
"usort(.*\\$", "include(.*\\$", "require(.*\\$"
# Java
"ScriptEngine", "ScriptEngineManager", "Nashorn", "GraalVM",
"GroovyShell", "GroovyClassLoader", "javax.script",
"MethodHandle", "ClassLoader.loadClass"
# C#
"CSharpCodeProvider", "Roslyn", "Microsoft.CodeAnalysis",
"Assembly.Load(", "Activator.CreateInstance(",
"Type.GetType(.*variable", "DynamicMethod"
# Go
"plugin.Open(", "yaegi", "go/ast"
# Ruby
"eval(", "instance_eval(", "class_eval(", "module_eval(",
"send(.*variable", "public_send(", "method("
Trace user input to any dynamic code evaluation function. Key patterns:
# VULNERABLE: eval with user input
result = eval(request.GET['expression'])
# VULNERABLE: exec with user input
exec(request.POST['code'])
# SAFE: ast.literal_eval for safe subset
import ast
result = ast.literal_eval(request.GET['data']) # Only parses literals
# SAFE: Restricted evaluation with custom namespace
allowed_names = {"abs": abs, "min": min, "max": max}
result = eval(expression, {"__builtins__": {}}, allowed_names)
# Note: Still risky — sandbox escapes are possible
// VULNERABLE: eval with user input
const result = eval(req.body.expression);
// VULNERABLE: Function constructor
const fn = new Function('return ' + req.body.code);
// VULNERABLE: vm module (escapable sandbox)
const vm = require('vm');
vm.runInNewContext(req.body.code, sandbox);
// SAFE: Use a math parser library instead
const mathjs = require('mathjs');
const result = mathjs.evaluate(req.body.expression);
// VULNERABLE: eval
eval($_POST['code']);
// VULNERABLE: Dynamic function call
$func = $_GET['action'];
$func(); // Calls arbitrary function
// SAFE: Allowlist of functions
$allowed = ['view', 'edit', 'delete'];
if (in_array($_GET['action'], $allowed)) {
$func = $_GET['action'];
$func();
}
eval("1+2") with no user input is not exploitable