Static Analysis

A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.

CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.

Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.

A comprehensive repository documenting security vulnerabilities in regular expressions used by Web Application Firewalls, including bypass examples and SAST tools for vulnerability identification.

A command-line Android APK vulnerability analyzer written in Rust that decompresses and scans APK files using rule-based detection to identify security issues.

A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.

FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.

Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.

JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.

A static analysis tool for Android apps that detects malware and other malicious code

ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.

Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.

RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.

CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.

StaDynA is a system supporting security app analysis in the presence of dynamic code update features.

Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.

Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.

JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.

FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.

An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.

A comprehensive guide to mobile application penetration testing, covering various topics and techniques

Checkov is a static analysis tool that scans infrastructure as code and performs software composition analysis to detect security misconfigurations and vulnerabilities in cloud infrastructure and dependencies.