Flawfinder – A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code

This is “flawfinder” by David A. Wheeler. Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws. It can be a useful tool for examining software for vulnerabilities, and it can also serve as a simple introduction to static source code analysis tools more generally. It is designed to beRead More

Aura – Python Source Code Auditing And Static Analysis On A Large Scale

Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code enable an organization to conductRead More

E9Patch – A Powerful Static Binary Rewriting Tool

E9Patch is a powerful static binary rewriting tool for x86_64 Linux ELF binaries. E9Patch is: Scalable: E9Patch can reliably rewrite large/complex binaries including web browsers (>100MB in size). Compatible: The rewritten binary is a drop-in replacement of the original, with no additional dependencies. Fast: E9Patch can rewrite most binaries in a few seconds. Low Overheads:Read More

Js-X-Ray – JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)

JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting the results of this tool will still require you to have aRead More

Iblessing – An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis

[*] [***] iblessing iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. iblessing is based on unicorn engine and capstone engine. Features Cross-platform: Tested on macOS and Ubuntu. iOS App static info extract, including metadata, deeplinks, urls, etc. Mach-O parser and dyld symbol bind simulator Objective-CRead More

INTERCEPT – Policy As Code Static Analysis Auditing

Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works on Mac, Linux and Windows.How it worksRead More

RiskAssessmentFramework – Static Application Security Testing

The OWASP Risk Assessment Framework consist of Static application security testing and Risk Assessment tools, Eventhough there are many SAST tools available for testers, but the compatibility and the Environement setup process is complex. By using OWASP Risk Assessment Framework’s Static Appilication Security Testing tool Testers will be able to analyse and review their codeRead More

ApplicationInspector – A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question ‘What’S In It’ Using Static Analysis With A Json Based Rules Engine

Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does.Application Inspector is different from traditional static analysis tools in that it doesn’t attempt to identify “good” or “bad” patterns;Read More

X