Static Analysis

SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

A static analysis tool that detects Common Weakness Enumerations (CWEs) in ELF binaries across multiple CPU architectures using Ghidra-based disassembly and various analysis techniques.

UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.

An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.

A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.

A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.

FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.

Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.

A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.

Argus-SAF is a static analysis framework for security vetting Android applications.

A static analysis framework for extracting key characteristics from various file formats

A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.

A collection of setup scripts for various security research tools with installers for tools like afl, angr, barf, and more.

A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.

A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.

CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.

Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.

A comprehensive repository documenting security vulnerabilities in regular expressions used by Web Application Firewalls, including bypass examples and SAST tools for vulnerability identification.

A command-line Android APK vulnerability analyzer written in Rust that decompresses and scans APK files using rule-based detection to identify security issues.

A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.

FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.

Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.