Skip to content

n7on/dllspy

BranchesTags

Repository files navigation

DllSpy

CI NuGet Version PowerShell Gallery Version License

Scans compiled .NET assemblies to discover input surfaces (HTTP endpoints, SignalR hubs, WCF services, gRPC services, Razor Pages, Blazor components, Azure Functions, OData endpoints), check authorization configuration, and flag security issues — all without running the application.

Available as a CLI tool and a PowerShell module.

DllSpy demo

Installation

CLI

dotnet tool install -g DllSpy

PowerShell

Install-Module -Name DllSpy

Usage

CLI

# List all surfaces
dllspy ./MyApi.dll

# Scan for security vulnerabilities
dllspy ./MyApi.dll -s

# Filter by surface type (HttpEndpoint, SignalRMethod, WcfOperation, GrpcOperation, RazorPage, BlazorComponent, AzureFunction, ODataEndpoint)
dllspy ./MyApi.dll -t HttpEndpoint

# Filter by HTTP method and class name
dllspy ./MyApi.dll -m DELETE -c User*

# Only authenticated / anonymous surfaces
dllspy ./MyApi.dll --auth
dllspy ./MyApi.dll --anon

# Only scan host (runnable) assemblies, skip class libraries
dllspy ./MyApi.dll --host-only

# Scan with minimum severity
dllspy ./MyApi.dll -s --min-severity High

# Output format: table (default), tsv, json
dllspy ./MyApi.dll -o json
dllspy ./MyApi.dll -o tsv

JSON + jq

# List all unprotected routes
dllspy ./MyApi.dll -o json | jq '[.[] | select(.requiresAuthorization == false) | .displayRoute]'

# Count surfaces by type
dllspy ./MyApi.dll -o json | jq 'group_by(.surfaceType) | map({type: .[0].surfaceType, count: length})'

# Security issues as compact table
dllspy ./MyApi.dll -s -o json | jq -r '.[] | [.severity, .surfaceRoute, .title] | @tsv'

PowerShell

# All surfaces
Search-DllSpy -Path .\MyApi.dll

# Filter by surface type
Search-DllSpy -Path .\MyApi.dll -Type HttpEndpoint
Search-DllSpy -Path .\MyApi.dll -Type SignalRMethod
Search-DllSpy -Path .\MyApi.dll -Type WcfOperation
Search-DllSpy -Path .\MyApi.dll -Type GrpcOperation
Search-DllSpy -Path .\MyApi.dll -Type RazorPage
Search-DllSpy -Path .\MyApi.dll -Type BlazorComponent
Search-DllSpy -Path .\MyApi.dll -Type AzureFunction
Search-DllSpy -Path .\MyApi.dll -Type ODataEndpoint

# Filter by HTTP method
Search-DllSpy -Path .\MyApi.dll -HttpMethod DELETE

# Filter by class name (supports wildcards)
Search-DllSpy -Path .\MyApi.dll -Class User*

# Only authenticated / anonymous surfaces
Search-DllSpy -Path .\MyApi.dll -RequiresAuth
Search-DllSpy -Path .\MyApi.dll -AllowAnonymous

# Only scan host (runnable) assemblies, skip class libraries
Search-DllSpy -Path .\bin\*.dll -HostOnly

# Find security issues
Test-DllSpy -Path .\MyApi.dll

# Only high-severity issues
Test-DllSpy -Path .\MyApi.dll -MinimumSeverity High

# Only scan host assemblies for security issues
Test-DllSpy -Path .\bin\*.dll -HostOnly

# Detailed view
Test-DllSpy -Path .\MyApi.dll | Format-List

Supported Frameworks

Framework Detection Method Surface Type
ASP.NET Core / Web API Controller base class, [ApiController], naming convention HttpEndpoint
SignalR Hub / Hub<T> inheritance SignalRMethod
WCF [ServiceContract] interfaces + [OperationContract] methods WcfOperation
gRPC Generated base class with BindService GrpcOperation
Razor Pages PageModel inheritance, On{Verb}[Handler][Async] methods RazorPage
Blazor ComponentBase inheritance + [Route] attribute BlazorComponent
Azure Functions [FunctionName] / [Function] + [HttpTrigger] parameter AzureFunction
OData ODataController inheritance ODataEndpoint

Security Rules

HTTP Endpoints

Severity Rule Description
High Unauthenticated state-changing endpoint DELETE, POST, PUT, or PATCH without [Authorize]
Medium Missing authorization declaration Endpoint has neither [Authorize] nor [AllowAnonymous]
Low Authorize without role/policy [Authorize] present but no Roles or Policy specified

SignalR Hub Methods

Severity Rule Description
High Unauthenticated hub method Hub method without [Authorize] (directly invocable by clients)
Low Authorize without role/policy [Authorize] present but no Roles or Policy specified

WCF Operations

Severity Rule Description
High Unauthenticated WCF operation Operation without [PrincipalPermission] or [Authorize]
Low Authorize without role [PrincipalPermission] present but no Role specified

gRPC Operations

Severity Rule Description
High Unauthenticated gRPC operation Service method without [Authorize]
Low Authorize without role/policy [Authorize] present but no Roles or Policy specified

Razor Page Handlers

Severity Rule Description
High Unauthenticated state-changing handler POST, PUT, DELETE, or PATCH handler without [Authorize]
Medium Missing authorization declaration Handler has neither [Authorize] nor [AllowAnonymous]
Low Authorize without role/policy [Authorize] present but no Roles or Policy specified

Blazor Routable Components

Severity Rule Description
High Unauthenticated routable component Component with [Route] but without [Authorize]
Low Authorize without role/policy [Authorize] present but no Roles or Policy specified

Azure Functions

Severity Rule Description
High Unauthenticated Azure Function AuthorizationLevel.Anonymous and no [Authorize] attribute
Low Authorize without role/policy [Authorize] present but no Roles or Policy specified

OData Endpoints

Severity Rule Description
High Unauthenticated state-changing endpoint DELETE, POST, PUT, or PATCH without [Authorize]
Medium Missing authorization declaration Endpoint has neither [Authorize] nor [AllowAnonymous]
Low Authorize without role/policy [Authorize] present but no Roles or Policy specified

License

See LICENSE.

About

Discover input surfaces and security issues in compiled .NET assemblies — without running them.

Topics

cli security security-audit dotnet powershell static-analysis wcf grpc azure-functions signalr asp-net odata razor-pages dotnet-tool blazor

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

39 stars

Watchers

0 watching

Forks

6 forks
Report repository

Releases 8

v0.2.8 Latest
Mar 4, 2026
+ 7 releases

Packages

 
 
 

Contributors

Languages