CodeAnalysis – Static Code Analysis

Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a technology, using lexical analysis, syntax analysis, control-flow analysis, data-flowRead More

Codecat v0.56 – An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules.  Current rules for C,C++,GO,Python,javascript,Swift,PHP,Ruby,ASP,Kotlin,Dart and Java.(you can create your rules) video How too install, step by step: Go to CodeCat directory, install backend and frontend libs: $ apt install python3-pip$ cdRead More

Mininode – A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis

Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction (1) coarse, (2) fine. Mininode constructs the dependency graph (modules and functions used) of the application starting from main file, i.e. entry point of the application. Mininode initializesRead More

Mariana Trench – Security Focused Static Analysis Tool For Android And Java Applications

Mariana Trench is a security focused static analysis platform targeting Android. This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app. These instructions are also available at our website. Prerequisites Mariana Trench requires a recent versionRead More

Whispers – Identify Hardcoded Secrets In Static Structured Text

“My little birds are everywhere, even in the North, they whisper to me the strangest stories.” – Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI/CDRead More

Stacs – Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of nested archives, composable rulesets and ignore lists, and SARIF reporting. What does STACS support? Currently, STACS supports recursive unpacking of tarballs, gzips, bzips, zips, and xz files. As STACS works on detectedRead More

Shisho – Lightweight Static Analyzer For Several Programming Languages

Shisho is a lightweight static analyzer for developers. Please see the usage documentation for further information. Try at Playground You can try Shisho at our playground. Try with Docker You can try shisho in your machine as follows: echo “func test(v []string) int { return len(v) + 1; }” | docker run -i findRead More

Qu1cksc0pe – All-in-One Static Malware Analysis Tool

This tool allows you to statically analyze Windows, Linux, OSX executables and APK files. You can get: What DLL files are used. Functions and APIs. Sections and segments. URLs, IP addresses and emails. Android permissions. File extensions and their names. And so on… Qu1cksc0pe aims to get even more information about suspicious files and helpsRead More

Gokart – A Static Analysis Tool For Securing Go Code

GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. ForRead More