Static Analysis

Proton Pass

Commercial

Data Protection

NordVPN

Commercial

Network Security

Mandos

Commercial

Consulting

Checkmarx SCA

Commercial

Application Security

Orca Security

Commercial

Cloud Security

DryRun

Commercial

Application Security

LATEST ADDITIONS

• 

  Symbiotic Security

  An IDE-integrated AI security solution that detects, remediates, and educates about code vulnerabilities in real-time as developers write code.

  0

  Commercial

  Application Security

  Ai

  Application Security

  Code Security

  Security Automation

  Devsecops

  Security Analysis

  Vulnerability Detection

  Security Education

  Ide

  Static Analysis

  Share

  

  Symbiotic Security

  An IDE-integrated AI security solution that detects, remediates, and educates about code vulnerabilities in real-time as developers write code.

  0

  Commercial

  Application Security

  Ai

  Application Security

  Code Security

  +7
• 

  ImmuniWeb® MobileSuite

  ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.

  0

  Commercial

  Application Security

  Mobile Security

  Penetration Testing

  Application Security

  Api Security

  Owasp

  Compliance

  Vulnerability Assessment

  Static Analysis

  Dynamic Analysis

  Android Security

  Ios

  Devsecops

  Security Testing

  Appsec

  Share

  

  ImmuniWeb® MobileSuite

  ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.

  0

  Commercial

  Application Security

  Mobile Security

  Penetration Testing

  Application Security

  +11
• 

  ReversingLabs Spectra Assure

  A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.

  0

  Commercial

  Application Security

  Software Supply Chain

  Binary Analysis

  Vulnerability Detection

  Malware Detection

  Security Scanning

  Devsecops

  Threat Intelligence

  Static Analysis

  Dynamic Analysis

  Secret Detection

  Share

  

  ReversingLabs Spectra Assure

  A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.

  0

  Commercial

  Application Security

  Software Supply Chain

  Binary Analysis

  Vulnerability Detection

  +7
• 

  Offensive 360

  A static application security testing (SAST) platform that performs comprehensive source code analysis to identify vulnerabilities, malware, and security issues in application code and dependencies.

  0

  Commercial

  Application Security

  Application Security

  Static Analysis

  Source Code Analysis

  Vulnerability Detection

  Security Scanning

  Devsecops

  Malware Detection

  Dependency Scanning

  Ci Cd

  Code Security

  Share

  

  Offensive 360

  A static application security testing (SAST) platform that performs comprehensive source code analysis to identify vulnerabilities, malware, and security issues in application code and dependencies.

  0

  Commercial

  Application Security

  Application Security

  Static Analysis

  Source Code Analysis

  +7
• 

  OpenText Fortify Aviator

  An AI-powered code security tool that analyzes code for vulnerabilities and provides automated fix suggestions to accelerate remediation.

  0

  Commercial

  Application Security

  Ai

  Application Security

  Code Security

  Security Automation

  Static Analysis

  Vulnerability Management

  Sast

  Devsecops

  Security Testing

  Large Language Models

  Share

  

  OpenText Fortify Aviator

  An AI-powered code security tool that analyzes code for vulnerabilities and provides automated fix suggestions to accelerate remediation.

  0

  Commercial

  Application Security

  Ai

  Application Security

  Code Security

  +7
• 

  Qwiet

  Qwiet AI is an application security platform that combines SAST, SCA, container security, secrets detection, and SBOM scanning with AI-powered vulnerability prioritization and automated fix generation.

  0

  Commercial

  Application Security

  Application Security

  Ai

  Sast

  Static Analysis

  Vulnerability Management

  Devsecops

  Security Automation

  Code Security

  Sbom

  Secrets

  Share

  

  Qwiet

  Qwiet AI is an application security platform that combines SAST, SCA, container security, secrets detection, and SBOM scanning with AI-powered vulnerability prioritization and automated fix generation.

  0

  Commercial

  Application Security

  Application Security

  Ai

  Sast

  +7
• 

  SonarQube Server

  A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.

  0

  Commercial

  Application Security

  Application Security

  Static Analysis

  Security Scanning

  Vulnerability Detection

  Code Security

  Ci Cd

  Security Testing

  Sast

  Devsecops

  Source Code Analysis

  Share

  

  SonarQube Server

  A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.

  0

  Commercial

  Application Security

  Application Security

  Static Analysis

  Security Scanning

  +7
• 

  Flyingduck

  A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.

  0

  Commercial

  Application Security

  Application Security

  Static Analysis

  Devsecops

  Ci Cd

  Vulnerability Detection

  Dependency Scanning

  Sbom

  Ai

  Security Automation

  Github

  Share

  

  Flyingduck

  A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.

  0

  Commercial

  Application Security

  Application Security

  Static Analysis

  Devsecops

  +7
• 

  DryRun

  A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

  0

  Commercial

  Application Security

  Application Security

  Github

  Code Security

  Static Analysis

  Security Automation

  Devsecops

  Share

  

  DryRun

  A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

  0

  Commercial

  Application Security

  Application Security

  Github

  Code Security

  +3
• 

  Octoscan

  Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.

  0

  Free

  Application Security

  Github

  Ci Cd

  Static Analysis

  Vulnerability Scanning

  Workflow

  Security Automation

  Share

  

  Octoscan

  Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.

  0

  Free

  Application Security

  Github

  Ci Cd

  Static Analysis

  +3
• 

  DOMdig

  DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.

  0

  Free

  Application Security

  Xss

  Xss Scanner

  Application Security

  Web Application Security

  Vulnerability Scanner

  Static Analysis

  Dynamic Analysis

  Fuzzing

  Penetration Testing

  Share

  

  DOMdig

  DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.

  0

  Free

  Application Security

  Xss

  Xss Scanner

  Application Security

  +6
• 

  BurpJSLinkFinder

  A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.

  0

  Free

  Application Security

  Burp Suite

  Javascript

  Endpoint Security

  Web Application Security

  Vulnerability Assessment

  Static Analysis

  Dynamic Analysis

  Api Security

  Penetration Testing

  Share

  

  BurpJSLinkFinder

  A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.

  0

  Free

  Application Security

  Burp Suite

  Javascript

  Endpoint Security

  +6
• 

  Nosey Parker

  A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.

  0

  Free

  Application Security

  Secret Detection

  Git

  Command Line Tool

  Application Security

  Static Analysis

  Source Code Analysis

  Security Scanning

  Api

  Passwords

  Devsecops

  Share

  

  Nosey Parker

  A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.

  0

  Free

  Application Security

  Secret Detection

  Git

  Command Line Tool

  +7
• 

  aemscan

  A tool for scanning Adobe Experience Manager instances for potential security vulnerabilities

  0

  Free

  Vulnerability Management

  Vulnerability Scanner

  Security Scanning

  Static Analysis

  Dynamic Analysis

  Share

  

  aemscan

  A tool for scanning Adobe Experience Manager instances for potential security vulnerabilities

  0

  Free

  Vulnerability Management

  Vulnerability Scanner

  Security Scanning

  Static Analysis

  +1
• 

  detect-secrets

  A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.

  0

  Free

  Application Security

  Application Security

  Secret Detection

  Devsecops

  Ci Cd

  Source Code Analysis

  Static Analysis

  Security Scanning

  Git

  Python

  Command Line Tool

  Share

  

  detect-secrets

  A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.

  0

  Free

  Application Security

  Application Security

  Secret Detection

  Devsecops

  +7
• 

  Insider

  Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.

  0

  Free

  Application Security

  Application Security

  Static Analysis

  Source Code Analysis

  Owasp

  Vulnerability Detection

  Sast

  Cli

  Devsecops

  Java

  Javascript

  Share

  

  Insider

  Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.

  0

  Free

  Application Security

  Application Security

  Static Analysis

  Source Code Analysis

  +7
• 

  StaCoAn

  StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.

  0

  Free

  Application Security

  Mobile Security

  Static Analysis

  Code Analysis

  Share

  

  StaCoAn

  StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.

  0

  Free

  Application Security

  Mobile Security

  Static Analysis

  Code Analysis
• 

  Binsequencer

  Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.

  0

  Free

  Malware Analysis

  Malware Analysis

  Yara

  Yara Rules

  X86

  Binary Analysis

  Malware Detection

  Rule Generation

  Signature Generation

  Pe File

  Static Analysis

  Share

  

  Binsequencer

  Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.

  0

  Free

  Malware Analysis

  Malware Analysis

  Yara

  Yara Rules

  +7
• 

  Android Application Analyzer

  A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.

  0

  Free

  Application Security

  Android

  Mobile Security

  Application Security

  Apktool

  Frida

  Static Analysis

  Dynamic Analysis

  Malware Analysis

  Reverse Engineering

  Forensics

  Share

  

  Android Application Analyzer

  A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.

  0

  Free

  Application Security

  Android

  Mobile Security

  Application Security

  +7
• 

  APKLeaks

  APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.

  0

  Free

  Application Security

  Android

  Mobile Security

  Application Security

  Apk

  Static Analysis

  Security Scanning

  Command Line Tool

  Vulnerability Assessment

  Security Audit

  Penetration Testing

  Share

  

  APKLeaks

  APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.

  0

  Free

  Application Security

  Android

  Mobile Security

  Application Security

  +7
• 

  AMDH - Android Mobile Device Hardening

  AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.

  0

  Free

  Endpoint Security

  Android

  Mobile Security

  Endpoint Security

  Malware Detection

  Static Analysis

  Security Hardening

  Privacy

  Cis

  Permissions

  Python

  Share

  

  AMDH - Android Mobile Device Hardening

  AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.

  0

  Free

  Endpoint Security

  Android

  Mobile Security

  Endpoint Security

  +7
• 

  angr

  angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.

  0

  Free

  Malware Analysis

  Binary Analysis

  Malware Analysis

  Reverse Engineering

  Python

  Disassembler

  Symbolic Execution

  Static Analysis

  Dynamic Analysis

  Decompiler

  Framework

  Share

  

  angr

  angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.

  0

  Free

  Malware Analysis

  Binary Analysis

  Malware Analysis

  Reverse Engineering

  +7
• 

  Betterscan

  Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.

  0

  Free

  Application Security

  Application Security

  Source Code Analysis

  Static Analysis

  Security Scanning

  Infrastructure

  Cloud Security

  Secret Detection

  Dependency Scanning

  Compliance

  Orchestration

  Share

  

  Betterscan

  Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.

  0

  Free

  Application Security

  Application Security

  Source Code Analysis

  Static Analysis

  +7
• 

  Bearer CLI

  Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.

  0

  Free

  Application Security

  Sast

  Static Analysis

  Application Security

  Source Code Analysis

  Vulnerability Detection

  Owasp

  Cli

  Security Scanning

  Code Security

  Appsec

  Share

  

  Bearer CLI

  Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.

  0

  Free

  Application Security

  Sast

  Static Analysis

  Application Security

  +7
• 

  AndroPyTool

  A tool for extracting static and dynamic features from Android APKs.

  0

  Free

  Specialized Security

  Apks

  Static Analysis

  Dynamic Analysis

  Androguard

  Virus Total

  Mongodb

  Json

  Csv

  Share

  

  AndroPyTool

  A tool for extracting static and dynamic features from Android APKs.

  0

  Free

  Specialized Security

  Apks

  Static Analysis

  Dynamic Analysis

  +5
• 

  Ghidra Software Reverse Engineering Framework

  Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.

  0

  Free

  Malware Analysis

  Reverse Engineering

  Malware Analysis

  Disassembler

  Decompiler

  Binary Analysis

  Static Analysis

  Java

  Python

  Scripting

  Open Source

  Share

  

  Ghidra Software Reverse Engineering Framework

  Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.

  0

  Free

  Malware Analysis

  Reverse Engineering

  Malware Analysis

  Disassembler

  +7
• 

  TerraGoat

  TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.

  0

  Free

  Cloud Security

  Terraform

  Cloud Security

  Infrastructure As Code

  Misconfiguration

  Devsecops

  Vulnerability Testing

  Educational

  Policy

  Static Analysis

  Cloud

  Share

  

  TerraGoat

  TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.

  0

  Free

  Cloud Security

  Terraform

  Cloud Security

  Infrastructure As Code

  +7
• 

  Maldrolyzer

  A simple framework for extracting actionable data from Android malware

  0

  Free

  Malware Analysis

  Malware

  Androguard

  Yara

  Static Analysis

  Share

  

  Maldrolyzer

  A simple framework for extracting actionable data from Android malware

  0

  Free

  Malware Analysis

  Malware

  Androguard

  Yara

  +1
• 

  KICS

  KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.

  0

  Free

  Cloud Security

  Cloud Security

  Infrastructure As Code

  Static Analysis

  Security Scanning

  Ci Cd

  Open Source

  Vulnerability Detection

  Compliance

  Devsecops

  Cloud Native

  Share

  

  KICS

  KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.

  0

  Free

  Cloud Security

  Cloud Security

  Infrastructure As Code

  Static Analysis

  +7
• 

  Securibench Micro

  A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.

  0

  Free

  Application Security

  Application Security

  Vulnerability Testing

  Static Analysis

  Penetration Testing

  Sql Injection

  Xss

  Vulnerable Apps

  Security Testing

  Benchmark

  Share

  

  Securibench Micro

  A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.

  0

  Free

  Application Security

  Application Security

  Vulnerability Testing

  Static Analysis

  +6
• 

  Quick Android Review Kit

  QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.

  0

  Free

  Application Security

  Android

  Android Security

  Mobile Security

  Static Analysis

  Vulnerability Scanner

  Apk

  Source Code Analysis

  Security Testing

  Proof Of Concept

  Application Security

  Share

  

  Quick Android Review Kit

  QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.

  0

  Free

  Application Security

  Android

  Android Security

  Mobile Security

  +7
• 

  cfn-nag

  cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

  0

  Free

  Cloud Security

  Cloud Security

  Aws

  Static Analysis

  Infrastructure As Code

  Security Scanning

  Iam

  Automation

  Ci Cd

  Devsecops

  Share

  

  cfn-nag

  cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

  0

  Free

  Cloud Security

  Cloud Security

  Aws

  Static Analysis

  +6
• 

  Scumblr

  Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.

  0

  Free

  Security Operations

  Security Operations

  Automation

  Security Automation

  Monitoring

  Github

  Dns

  Static Analysis

  Security Monitoring

  Workflow Automation

  Web

  Share

  

  Scumblr

  Scumblr is a web-based security automation platform that performs periodic data source synchronization and security analysis to help organizations proactively identify and track security issues.

  0

  Free

  Security Operations

  Security Operations

  Automation

  Security Automation

  +7
• 

  DroidRA

  DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.

  0

  Free

  Application Security

  Android

  Application Security

  Static Analysis

  Mobile Security

  Android Security

  Security Analysis

  Instrumentation

  Appsec

  Java

  Security Testing

  Share

  

  DroidRA

  DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.

  0

  Free

  Application Security

  Android

  Application Security

  Static Analysis

  +7
• 

  sdc-check

  A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.

  0

  Free

  Application Security

  Dependency Management

  Dependency Scanning

  Application Security

  Software Supply Chain

  Package Security

  Security Scanning

  Vulnerability Detection

  Appsec

  Static Analysis

  Security Analysis

  Share

  

  sdc-check

  A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.

  0

  Free

  Application Security

  Dependency Management

  Dependency Scanning

  Application Security

  +7
• 

  AndroBugs Framework

  AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.

  0

  Free

  Application Security

  Android

  Android Security

  Mobile Security

  Vulnerability Analysis

  Vulnerability Scanner

  Static Analysis

  Application Security

  Security Scanning

  Apk

  Vulnerability Detection

  Share

  

  AndroBugs Framework

  AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.

  0

  Free

  Application Security

  Android

  Android Security

  Mobile Security

  +7
• 

  GuardDog

  GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.

  0

  Free

  Application Security

  Application Security

  Package Security

  Cli

  Python

  Npm

  Malware Detection

  Static Analysis

  Security Scanning

  Dependency Scanning

  Open Source

  Share

  

  GuardDog

  GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.

  0

  Free

  Application Security

  Application Security

  Package Security

  Cli

  +7
• 

  Fnord

  Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.

  0

  Free

  Malware Analysis

  Malware Analysis

  Pattern Matching

  Yara

  Yara Rules

  Obfuscation

  Static Analysis

  Binary Analysis

  Entropy

  Malware Research

  Reverse Engineering

  Share

  

  Fnord

  Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.

  0

  Free

  Malware Analysis

  Malware Analysis

  Pattern Matching

  Yara

  +7
• 

  CFRipper

  CFRipper is a security analyzer for AWS CloudFormation templates that identifies vulnerabilities and misconfigurations before cloud deployment.

  0

  Free

  Cloud Security

  Aws

  Cloud Security

  Infrastructure As Code

  Security Analysis

  Cli

  Python Library

  Iam

  Compliance

  Static Analysis

  Share

  

  CFRipper

  CFRipper is a security analyzer for AWS CloudFormation templates that identifies vulnerabilities and misconfigurations before cloud deployment.

  0

  Free

  Cloud Security

  Aws

  Cloud Security

  Infrastructure As Code

  +6
• 

  Smali/Baksmali mode for Emacs

  An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.

  0

  Free

  Malware Analysis

  Malware Analysis

  Android

  Smali

  Reverse Engineering

  Android Security

  Static Analysis

  Code Analysis

  Dalvik

  Mobile Security

  Apk

  Share

  

  Smali/Baksmali mode for Emacs

  An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.

  0

  Free

  Malware Analysis

  Malware Analysis

  Android

  Smali

  +7
• 

  dexmod

  A Python tool for patching Dalvik bytecode in DEX files and assisting in Android application analysis

  0

  Free

  Specialized Security

  Dex

  Static Analysis

  Share

  

  dexmod

  A Python tool for patching Dalvik bytecode in DEX files and assisting in Android application analysis

  0

  Free

  Specialized Security

  Dex

  Static Analysis
• 

  Threat.Zone

  Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.

  0

  Free

  Malware Analysis

  Malware Analysis

  Sandbox

  Static Analysis

  Emulation

  Binary Security

  File Analysis

  Share

  

  Threat.Zone

  Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.

  0

  Free

  Malware Analysis

  Malware Analysis

  Sandbox

  Static Analysis

  +3
• 

  floss

  A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.

  0

  Free

  Malware Analysis

  Binary Security

  Malware Analysis

  Obfuscation

  Static Analysis

  Share

  

  floss

  A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.

  0

  Free

  Malware Analysis

  Binary Security

  Malware Analysis

  Obfuscation

  +1
• 

  SecretScanner

  SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

  0

  Free

  Security Operations

  Secret Detection

  Container Security

  Filesystem

  Security Scanning

  Devsecops

  Aws Secrets

  Security Audit

  Vulnerability Detection

  Static Analysis

  Share

  

  SecretScanner

  SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

  0

  Free

  Security Operations

  Secret Detection

  Container Security

  Filesystem

  +6
• 

  cwe_checker

  A static analysis tool that detects Common Weakness Enumerations (CWEs) in ELF binaries across multiple CPU architectures using Ghidra-based disassembly and various analysis techniques.

  0

  Free

  Application Security

  Static Analysis

  Vulnerability Detection

  Binary Analysis

  Elf

  Firmware Analysis

  Cross Platform

  Docker

  Security Analysis

  Share

  

  cwe_checker

  A static analysis tool that detects Common Weakness Enumerations (CWEs) in ELF binaries across multiple CPU architectures using Ghidra-based disassembly and various analysis techniques.

  0

  Free

  Application Security

  Static Analysis

  Vulnerability Detection

  Binary Analysis

  +5
• 

  UglifyJS 3

  UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.

  0

  Free

  Application Security

  Javascript

  Nodejs

  Npm

  Cli

  Parser

  Application Security

  Code Analysis

  Development

  Static Analysis

  Share

  

  UglifyJS 3

  UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.

  0

  Free

  Application Security

  Javascript

  Nodejs

  Npm

  +6
• 

  Boomerang Decompiler

  An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.

  0

  Free

  Malware Analysis

  Reverse Engineering

  Decompiler

  Binary Analysis

  Malware Analysis

  X86

  Open Source

  Disassembly

  Static Analysis

  Forensic Analysis

  Share

  

  Boomerang Decompiler

  An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.

  0

  Free

  Malware Analysis

  Reverse Engineering

  Decompiler

  Binary Analysis

  +6
• 

  iam-lint

  A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.

  0

  Free

  Cloud Security

  Aws

  Iam

  Cloud Security

  Aws Security

  Static Analysis

  Security Scanning

  Ci Cd

  Github

  Automation

  Compliance

  Share

  

  iam-lint

  A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.

  0

  Free

  Cloud Security

  Aws

  Iam

  Cloud Security

  +7
• 

  Yara Decompressor

  A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.

  0

  Free

  Malware Analysis

  Malware Analysis

  Yara

  Yara Rules

  Compression

  Malware

  Golang

  Static Analysis

  Forensics

  Security Analysis

  Malware Detection

  Share

  

  Yara Decompressor

  A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.

  0

  Free

  Malware Analysis

  Malware Analysis

  Yara

  Yara Rules

  +7
• 

  FSquaDRA

  FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.

  0

  Free

  Application Security

  Android

  Android Security

  Mobile Security

  Apk

  Malware Detection

  Application Security

  Security Analysis

  Java

  Static Analysis

  Research

  Share

  

  FSquaDRA

  FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.

  0

  Free

  Application Security

  Android

  Android Security

  Mobile Security

  +7
• 

  Terrascan

  Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.

  0

  Free

  Cloud Security

  Static Analysis

  Infrastructure As Code

  Cloud Security

  Terraform

  Kubernetes

  Docker

  Aws

  Azure

  Gcp

  Compliance

  Share

  

  Terrascan

  Terrascan is a static code analyzer that scans Infrastructure as Code for security misconfigurations and compliance violations across multiple cloud platforms and container environments.

  0

  Free

  Cloud Security

  Static Analysis

  Infrastructure As Code

  Cloud Security

  +7
• 

  Banyan Collector

  A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

  0

  Free

  Cloud Security

  Container Security

  Containers

  Docker

  Static Analysis

  Security Analysis

  Policy

  Compliance

  Automation

  Framework

  Devops

  Share

  

  Banyan Collector

  A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

  0

  Free

  Cloud Security

  Container Security

  Containers

  Docker

  +7
• 

  Mobile Audit

  Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.

  0

  Free

  Application Security

  Android

  Apk

  Sast

  Malware Analysis

  Static Analysis

  Mobile Security

  Docker

  Application Security

  Virus Total

  Certificate

  Share

  

  Mobile Audit

  Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.

  0

  Free

  Application Security

  Android

  Apk

  Sast

  +7
• 

  Argus-SAF

  Argus-SAF is a static analysis framework for security vetting Android applications.

  0

  Free

  Application Security

  Static Analysis

  Mobile Security

  Share

  

  Argus-SAF

  Argus-SAF is a static analysis framework for security vetting Android applications.

  0

  Free

  Application Security

  Static Analysis

  Mobile Security
• 

  Mastiff

  A static analysis framework for extracting key characteristics from various file formats

  0

  Free

  Endpoint Security

  Binary Security

  File Analysis

  Static Analysis

  Malware Analysis

  Forensic Analysis

  Share

  

  Mastiff

  A static analysis framework for extracting key characteristics from various file formats

  0

  Free

  Endpoint Security

  Binary Security

  File Analysis

  Static Analysis

  +2
• 

  readpe

  A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.

  0

  Free

  Malware Analysis

  Malware Analysis

  Pe File

  Binary Analysis

  Reverse Engineering

  Windows

  Executable Analysis

  File Analysis

  Command Line Tool

  Forensics

  Static Analysis

  Share

  

  readpe

  A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.

  0

  Free

  Malware Analysis

  Malware Analysis

  Pe File

  Binary Analysis

  +7
• 

  ctf-tools

  A collection of setup scripts for various security research tools with installers for tools like afl, angr, barf, and more.

  0

  Free

  Miscellaneous

  Binary Analysis

  Binary Security

  Static Analysis

  Share

  

  ctf-tools

  A collection of setup scripts for various security research tools with installers for tools like afl, angr, barf, and more.

  0

  Free

  Miscellaneous

  Binary Analysis

  Binary Security

  Static Analysis
• 

  manalyze

  A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.

  0

  Free

  Malware Analysis

  Malware Analysis

  Static Analysis

  Pe File

  Executable Analysis

  Binary Analysis

  Malware Detection

  Clamav

  Reverse Engineering

  Security Analysis

  Threat Research

  Share

  

  manalyze

  A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.

  0

  Free

  Malware Analysis

  Malware Analysis

  Static Analysis

  Pe File

  +7
• 

  Whispers

  A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.

  0

  Free

  Application Security

  Static Analysis

  Code Analysis

  File Analysis

  Share

  

  Whispers

  A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.

  0

  Free

  Application Security

  Static Analysis

  Code Analysis

  File Analysis
• 

  CFGScanDroid

  CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

  0

  Free

  Malware Analysis

  Malware Analysis

  Android

  Android Security

  Static Analysis

  Java

  Dex

  Malware Detection

  Security Analysis

  Apk

  Mobile Security

  Share

  

  CFGScanDroid

  CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

  0

  Free

  Malware Analysis

  Malware Analysis

  Android

  Android Security

  +7
• 

  Redexer

  Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.

  0

  Free

  Malware Analysis

  Android

  Malware Analysis

  Binary Analysis

  Dex

  Reverse Engineering

  Mobile Security

  Android Security

  Static Analysis

  Permissions

  Dalvik

  Share

  

  Redexer

  Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.

  0

  Free

  Malware Analysis

  Android

  Malware Analysis

  Binary Analysis

  +7
• 

  Quark Script

  Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.

  0

  Free

  Specialized Security

  Mobile Security

  Pentest

  Static Analysis

  Dynamic Analysis

  Scripting

  Share

  

  Quark Script

  Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.

  0

  Free

  Specialized Security

  Mobile Security

  Pentest

  Static Analysis

  +2
• 

  Regexp Security Cheatsheet

  A comprehensive repository documenting security vulnerabilities in regular expressions used by Web Application Firewalls, including bypass examples and SAST tools for vulnerability identification.

  0

  Free

  Application Security

  Application Security

  Waf

  Regex

  Vulnerability Analysis

  Bypass

  Sast

  Static Analysis

  Web Application Security

  Security Research

  Penetration Testing

  Share

  

  Regexp Security Cheatsheet

  A comprehensive repository documenting security vulnerabilities in regular expressions used by Web Application Firewalls, including bypass examples and SAST tools for vulnerability identification.

  0

  Free

  Application Security

  Application Security

  Waf

  Regex

  +7
• 

  SUPER Android Analyzer

  A command-line Android APK vulnerability analyzer written in Rust that decompresses and scans APK files using rule-based detection to identify security issues.

  0

  Free

  Application Security

  Android

  Apk

  Vulnerability Scanner

  Mobile Security

  Android Security

  Static Analysis

  Command Line Tool

  Rust

  Application Security

  Security Scanning

  Share

  

  SUPER Android Analyzer

  A command-line Android APK vulnerability analyzer written in Rust that decompresses and scans APK files using rule-based detection to identify security issues.

  0

  Free

  Application Security

  Android

  Apk

  Vulnerability Scanner

  +7
• 

  Krakatau

  A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.

  0

  Free

  Malware Analysis

  Java

  Reverse Engineering

  Malware Analysis

  Decompiler

  Disassembler

  Binary Analysis

  Static Analysis

  Security Research

  Obfuscation

  Share

  

  Krakatau

  A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.

  0

  Free

  Malware Analysis

  Java

  Reverse Engineering

  Malware Analysis

  +6
• 

  FlowDroid

  FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.

  0

  Free

  Application Security

  Static Analysis

  Flow Analysis

  Share

  

  FlowDroid

  FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.

  0

  Free

  Application Security

  Static Analysis

  Flow Analysis
• 

  Androguard module for Yara

  Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.

  0

  Free

  Application Security

  Androguard

  Android Security

  Yara

  Static Analysis

  Mobile Security

  Share

  

  Androguard module for Yara

  Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.

  0

  Free

  Application Security

  Androguard

  Android Security

  Yara

  +2
• 

  JD-GUI

  JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.

  0

  Free

  Malware Analysis

  Java

  Decompiler

  Reverse Engineering

  Java Decompiler

  Gui

  Cross Platform

  Malware Analysis

  Binary Analysis

  Static Analysis

  Open Source

  Share

  

  JD-GUI

  JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.

  0

  Free

  Malware Analysis

  Java

  Decompiler

  Reverse Engineering

  +7
• 

  Stowaway

  A static analysis tool for Android apps that detects malware and other malicious code

  0

  Free

  Application Security

  Appsec

  Binary Security

  Malware Detection

  Static Analysis

  Share

  

  Stowaway

  A static analysis tool for Android apps that detects malware and other malicious code

  0

  Free

  Application Security

  Appsec

  Binary Security

  Malware Detection

  +1
• 

  ASH - The Automated Security Helper

  ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.

  0

  Free

  Application Security

  Application Security

  Security Scanning

  Devsecops

  Automation

  Static Analysis

  Vulnerability Scanning

  Infrastructure

  Iam

  Open Source

  Ci Cd

  Share

  

  ASH - The Automated Security Helper

  ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.

  0

  Free

  Application Security

  Application Security

  Security Scanning

  Devsecops

  +7
• 

  NodeJsScan

  Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.

  0

  Free

  Application Security

  Nodejs

  Sast

  Static Analysis

  Security Testing

  Devsecops

  Share

  

  NodeJsScan

  Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.

  0

  Free

  Application Security

  Nodejs

  Sast

  Static Analysis

  +2
• 

  RetDec

  RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.

  0

  Free

  Malware Analysis

  Reverse Engineering

  Malware Analysis

  Static Analysis

  Decompiler

  Binary Analysis

  Disassembler

  X86

  Arm

  C

  Share

  

  RetDec

  RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.

  0

  Free

  Malware Analysis

  Reverse Engineering

  Malware Analysis

  Static Analysis

  +6
• 

  CAPA

  CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

  0

  Free

  Malware Analysis

  Malware Analysis

  Static Analysis

  Executable Analysis

  Binary Analysis

  Mitre Attack

  Pe File

  Elf

  Dotnet

  Shellcode

  Threat Analysis

  Share

  

  CAPA

  CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

  0

  Free

  Malware Analysis

  Malware Analysis

  Static Analysis

  Executable Analysis

  +7
• 

  Clair

  Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.

  0

  Free

  Vulnerability Management

  Vulnerability Scanning

  Container Security

  Static Analysis

  Docker

  Vulnerability Detection

  Open Source

  Api

  Containers

  Security Scanning

  Vulnerability Management

  Share

  

  Clair

  Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.

  0

  Free

  Vulnerability Management

  Vulnerability Scanning

  Container Security

  Static Analysis

  +7
• 

  StaDynA

  StaDynA is a system supporting security app analysis in the presence of dynamic code update features.

  0

  Free

  Specialized Security

  App Security

  Dynamic Analysis

  Static Analysis

  Share

  

  StaDynA

  StaDynA is a system supporting security app analysis in the presence of dynamic code update features.

  0

  Free

  Specialized Security

  App Security

  Dynamic Analysis

  Static Analysis
• 

  Dagda

  Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.

  0

  Free

  Vulnerability Management

  Container Security

  Docker

  Docker Security

  Vulnerability Scanning

  Static Analysis

  Malware Detection

  Mongodb

  Clamav

  Devsecops

  Security Monitoring

  Share

  

  Dagda

  Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.

  0

  Free

  Vulnerability Management

  Container Security

  Docker

  Docker Security

  +7
• 

  Androwarn

  Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.

  0

  Free

  Malware Analysis

  Malware Analysis

  Android

  Android Security

  Static Analysis

  Mobile Security

  Androguard

  Dalvik

  Apk

  Malware Detection

  Security Analysis

  Share

  

  Androwarn

  Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.

  0

  Free

  Malware Analysis

  Malware Analysis

  Android

  Android Security

  +7
• 

  Joint Advanced Application Defect Assessment for Android Application (JAADAS)

  JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.

  0

  Free

  Application Security

  Static Analysis

  Java

  Vulnerability Detection

  Share

  

  Joint Advanced Application Defect Assessment for Android Application (JAADAS)

  JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.

  0

  Free

  Application Security

  Static Analysis

  Java

  Vulnerability Detection
• 

  FLARE Obfuscated String Solver (FLOSS)

  FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.

  0

  Free

  Malware Analysis

  Malware Analysis

  Static Analysis

  Obfuscation

  Deobfuscation

  Binary Analysis

  Malware Research

  Reverse Engineering

  String Analysis

  Malware

  Security Analysis

  Share

  

  FLARE Obfuscated String Solver (FLOSS)

  FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.

  0

  Free

  Malware Analysis

  Malware Analysis

  Static Analysis

  Obfuscation

  +7
• 

  de4dot

  An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.

  0

  Free

  Malware Analysis

  Malware Analysis

  Deobfuscation

  Dotnet

  Reverse Engineering

  Csharp

  Open Source

  Static Analysis

  Binary Analysis

  Net

  Assembly

  Decryption

  Share

  

  de4dot

  An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.

  0

  Free

  Malware Analysis

  Malware Analysis

  Deobfuscation

  Dotnet

  +8
• 

  Mobile Application Penetration Testing Cheat Sheet

  A comprehensive guide to mobile application penetration testing, covering various topics and techniques

  0

  Free

  Resources

  Mobile Security

  Reverse Engineering

  Static Analysis

  Dynamic Analysis

  Network Analysis

  Share

  

  Mobile Application Penetration Testing Cheat Sheet

  A comprehensive guide to mobile application penetration testing, covering various topics and techniques

  0

  Free

  Resources

  Mobile Security

  Reverse Engineering

  Static Analysis

  +2
• 

  Checkov

  Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.

  0

  Free

  Application Security

  Static Analysis

  Infrastructure As Code

  Cloud Security

  Terraform

  Kubernetes

  Docker

  Vulnerability Scanning

  Compliance

  Devsecops

  Ci Cd

  Share

  

  Checkov

  Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.

  0

  Free

  Application Security

  Static Analysis

  Infrastructure As Code

  Cloud Security

  +7
• 

  capa

  Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.

  0

  Free

  Malware Analysis

  Malware Analysis

  Static Analysis

  Dynamic Analysis

  Executable Analysis

  Pe File

  Elf

  Dotnet

  Shellcode

  Sandbox

  Mitre Attack

  Behavioral Analysis

  Command Line Tool

  Malware Detection

  Threat Analysis

  Share

  

  capa

  Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.

  0

  Free

  Malware Analysis

  Malware Analysis

  Static Analysis

  Dynamic Analysis

  +11