Trending repositories for topic static-analysis

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

An extremely fast Python linter and code formatter, written in Rust.

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Zero shot vulnerability discovery using LLMs

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

Program for determining types of files for Windows, Linux and MacOS.

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

A vulnerability scanner for container images and filesystems

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

A tool for finding security issues in GitHub Actions setups.

Staticcheck - The advanced Go linter

Analyze ELF binaries like a boss 😼🕵️‍♂️

Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.

It's not just a linter that annoys you!

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

static analysis of C/C++ code

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

A tool for finding security issues in GitHub Actions setups.

Zero shot vulnerability discovery using LLMs

QtREAnalyzer, a Ghidra extension to reverse-engineer Qt binaries.

A modern supercompiler for call-by-value functional languages

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

All-in-one devtool to automatically analyze, search and visualize project modules and dependencies from JavaScript, TypeScript (JSX/TSX) and Node.js (ES6, CommonJS)

Detect non-inclusive language in your source code.

Corax for Java: A general static analysis framework for java code checking.

Analyze ELF binaries like a boss 😼🕵️‍♂️

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

Work-in-progress tool to reverse unity's IL2CPP toolchain.

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Define and run pattern-based custom linting rules.

Program for determining types of files for Windows, Linux and MacOS.

Multi-language code linter, auto-formatter, and security scanner

Scans your project to determine what components you use

PHP Magic Number Detector

An extremely fast Python linter and code formatter, written in Rust.

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

A vulnerability scanner for container images and filesystems

Program for determining types of files for Windows, Linux and MacOS.

Zero shot vulnerability discovery using LLMs

Analyze ELF binaries like a boss 😼🕵️‍♂️

ShellCheck, a static analysis tool for shell scripts

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

A tool for finding security issues in GitHub Actions setups.

PHP Static Analysis Tool - discover bugs in your code without running it!

Defund the Police.

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

A tool for finding security issues in GitHub Actions setups.

AST Metrics is a language-agnostic static code analyzer.

Zero shot vulnerability discovery using LLMs

A library for extracting and analyzing definition/reference graphs from your codebase. Powered by tree-sitter and LSIF/SCIP.

💀 PHP unused code detection via PHPStan extension. Detects dead cycles, supports libs like Symfony, Doctrine, PHPUnit etc. Can automatically remove dead PHP code.

View8 - Decompiles serialized V8 objects back into high-level readable code.

A modern supercompiler for call-by-value functional languages

A program slicer for Java, based on the system dependence graph (SDG).

Reverse Engineering Tools (deobf, decompiler etc..)

Interface with the rustc compiler for the purpose of program verification

View IL2Cpp data in dnSpy

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

QtREAnalyzer, a Ghidra extension to reverse-engineer Qt binaries.

Analyze ELF binaries like a boss 😼🕵️‍♂️

Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors

All-in-one devtool to automatically analyze, search and visualize project modules and dependencies from JavaScript, TypeScript (JSX/TSX) and Node.js (ES6, CommonJS)

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

An extremely fast Python linter and code formatter, written in Rust.

Zero shot vulnerability discovery using LLMs

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

A tool for finding security issues in GitHub Actions setups.

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Program for determining types of files for Windows, Linux and MacOS.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

A vulnerability scanner for container images and filesystems

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

Defund the Police.

Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.

ShellCheck, a static analysis tool for shell scripts

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Analyze ELF binaries like a boss 😼🕵️‍♂️

PHP Static Analysis Tool - discover bugs in your code without running it!

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

Continuous Inspection

Static analysis tool to detect potential nil panics in Go code

A tool for finding security issues in GitHub Actions setups.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Zero shot vulnerability discovery using LLMs

💀 PHP unused code detection via PHPStan extension. Detects dead cycles, supports libs like Symfony, Doctrine, PHPUnit etc. Can automatically remove dead PHP code.

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

TON Static Analyzer

TorchFix - a linter for PyTorch-using code with autofix support

AST Metrics is a language-agnostic static code analyzer.

A simple crossplatform heuristic PE-analyzer

Interface with the rustc compiler for the purpose of program verification

Software Security Analysis Course

Jar Analyzer - 一个JAR包分析工具，批量分析，SCA漏洞分析，方法调用关系搜索，字符串搜索，Spring组件分析，信息泄露检查，CFG程序分析，JVM栈帧分析，进阶表达式搜索，字节码指令级的动态调试分析，反编译JAR包一键导出，一键提取序列化数据恶意代码，一键分析BCEL字节码

QtREAnalyzer, a Ghidra extension to reverse-engineer Qt binaries.

A library for extracting and analyzing definition/reference graphs from your codebase. Powered by tree-sitter and LSIF/SCIP.

Find leaking classes that you never use... and get rid of them.

View8 - Decompiles serialized V8 objects back into high-level readable code.

A lightweight memory allocator for hardware-accelerated machine learning

Code style checking for factory_bot files.

JavaScript Reverse Engineering Toolkit (JSRETK) - Experimental tools for analyzing (minified/obfuscated) JavaScript

Wake is a Python-based Solidity development and testing framework with built-in vulnerability detectors

Zero shot vulnerability discovery using LLMs

A modern supercompiler for call-by-value functional languages

A tool for finding security issues in GitHub Actions setups.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

A linter with superpowers! 🔥 Use LLMs to enforce best practices across your codebase.

A simple crossplatform heuristic PE-analyzer

View8 - Decompiles serialized V8 objects back into high-level readable code.

💀 PHP unused code detection via PHPStan extension. Detects dead cycles, supports libs like Symfony, Doctrine, PHPUnit etc. Can automatically remove dead PHP code.

Get error count for each PHPStan level

A collection of my weggli patterns to facilitate vulnerability research.

Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIs

A static analysis tool for anchor rust programs.

SherlockElf is a powerful tool designed for both static and dynamic analysis of Android ELF binaries and dynamic iOS Macho-O binaries (experimental).

QtREAnalyzer, a Ghidra extension to reverse-engineer Qt binaries.

AI-driven Static Analyzer. Supports Rust and Smart contracts: Solana based on Rust, Ethereum based on Solidity.

View IL2Cpp data in dnSpy

A tool for analyzing and visualizing complex software architecture hierarchies

A Pointer Analysis Framework for Rust

A code quality control tool for PHP that will give you an idea of the composition of comments in the codebase, and help improve documentation

Software Security Analysis Course

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

An extremely fast Python linter and code formatter, written in Rust.

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

ShellCheck, a static analysis tool for shell scripts

Analyze ELF binaries like a boss 😼🕵️‍♂️

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Static analysis tool to detect potential nil panics in Go code

A vulnerability scanner for container images and filesystems

Program for determining types of files for Windows, Linux and MacOS.

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

Defund the Police.

A fast, feature-rich static code analyzer & language server for Python

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

🦩 Tools for Go projects

Dockerfile linter, validate inline bash, written in Haskell

🐶 Automated code review tool integrated with any code analysis tools regardless of programming language

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Useful CMake Examples

Zero shot vulnerability discovery using LLMs

Analyze ELF binaries like a boss 😼🕵️‍♂️

💀 PHP unused code detection via PHPStan extension. Detects dead cycles, supports libs like Symfony, Doctrine, PHPUnit etc. Can automatically remove dead PHP code.

A comprehensive collection of cheatsheets for reverse engineering, binary analysis, and assembly programming tools. This repository serves as a one-stop reference for security researchers, reverse eng...

Get error count for each PHPStan level

Search an SBOM for licenses and the packages they belong to

Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIs

TorchFix - a linter for PyTorch-using code with autofix support

SherlockElf is a powerful tool designed for both static and dynamic analysis of Android ELF binaries and dynamic iOS Macho-O binaries (experimental).

AST Metrics is a language-agnostic static code analyzer.

PHP_CodeSniffer tokenizes PHP files and detects violations of a defined set of coding standards.

Zero shot vulnerability discovery using LLMs

A modern supercompiler for call-by-value functional languages

🤝 A friendly error formatter extension for PHPStan that provides more readable and informative output, including code snippets and color highlighting.

A code quality control tool for PHP that will give you an idea of the composition of comments in the codebase, and help improve documentation

apkInspector is a tool designed to provide detailed insights into the zip structure of APK files, offering the capability to extract content and decode the AndroidManifest.xml file.

Elevate your 🐍 code with optimal data structure recommendations from pyggester.

A tool for analyzing and visualizing complex software architecture hierarchies

Performant static analyzer for PHP, which is extremely easy to use. It helps you catch common mistakes in your PHP code.

🪵 Ensure consistent code style when using log/slog

View8 - Decompiles serialized V8 objects back into high-level readable code.