
In this post, we are going to see about the detailed notes & usage of CRASS (grep-it.sh), an all-in-one shell script for secure code inspection.
Short Description:
- CRASS – Code Review Audit Script Scanner.
Description:
- CRASS is a simple source code grep-er tool that will search for the high-potential strings in the provided code repository/directory.
- It will try to find the IT security and privacy-related information from the provided code.
- CRASS deals the secure code scanning for programming languages like Java, JSP, Spring, Struts, Flex, .NET, PHP, HTML, Javascript, Python, Ruby, C, and mobile platforms like Android and iOS.
- CRASS can work in *nix and Mac OSX (with gnu-grep from mac ports)
Language:
- The application was developed using Shell Script.
License:
- THE BEER-WARE LICENSE (Revision 42)
Author(s) / Contributor(s):
Icon/Image:
N/A
Screenshot demo:

Requirements:
- GNU grep
- rm command
- mkdir command
- jobs, wait and wc command
Features:
- Simple and easy to use(in CLI).
- Not a replacement for static code analysis tool but a kind of language-independent.
- Easy integration with any automation tools as it is based on CLI.
- Fully based on grep(Global regular expression print) command.
- Open-source and easily customizable based on the need (by editing the grep-it.sh file).
Source(Link):
https://github.com/floyd-fuh/crass
Github(Link):
https://github.com/floyd-fuh/crass
Usage Command(s) / Syntax:
./grep-it.sh [directory to be analyzed]
./main.sh [directory to be analyzed]
Usage Tutorials:
Download(Link):
https://github.com/floyd-fuh/crass