Security Plugins Hub

Bring your software development workflows to security


Shell injection

Signals & Triggers

On command execution
If user inputs are matched in the command


  • Block the HTTP request Block the HTTP request
  • Log request stack trace Log request stack trace
  • Log the malicious request Log the malicious request
  • Report an incident Report an incident


  • Send an email to all team members Send an email to all team members
  • Send a Slack notification. Send a Slack notification.
  • POST to your Webhook. POST to your Webhook.
  • Send to New Relic Insights. Send to New Relic Insights.
  • Create an incident on PagerDuty (coming soon) Create an incident on PagerDuty (coming soon)


When an application relies on shell commands to perform transactions, it can lead to critical vulnerabilities, giving an attacker a way to access the underlying OS.

Let’s take a simple example: ls -l $directory_name. Assuming directory_name comes from the user input. Sending .; cat /etc/passwd will result in: ls .; cat /etc/passwd. The attacker just managed to extract highly sensitive server data through a simple injection.

Sqreen can detect and block HTTP requests vulnerable to command injections, without false positive by acting in-app.

Advanced details

On every command execution triggered by an HTTP request, Sqreen parses locally the shellcode about to be executed. It will look for non-sanitized commands - ls, touch, cat, rm, … - coming from user inputs that inject executable commands. They would allow attackers to perform arbitrary operations on the server.

No traffic redirection is performed. The analysis of the script happens inside the application thanks to Sqreen’s dynamic instrumentation of the system libraries.

By being in-app and running just before the Shell script is sent to the OS - the very last step in your app - we can guarantee zero false positives in the detection and protection of command injections.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen


No data collected

On attack
  • Request payload
  • Attacker IP
  • Attacker account (Sqreen SDK)
  • Stack trace

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java
  • Go
  • .net
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" > config/sqreen.yml

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

$ curl -s > && bash your token

$ pip install sqreen

$ echo -e "[sqreen]\ntoken: your token" > sqreen.ini

$ curl -o sqreen.jar

Request your beta access for the Go agent Request beta
Get notified when the .net agent releases Notify me

Build amazing products. Keep them safe.

5 min installation · Try all features for 14 days · No credit card required Sign up Request demo