Mosca is a manual analysis tool to find bugs like a grep unix command and since it is not dynamic the uses static code to search don’t confuse with academic views hahaha don’t have graph here or CFG which is a simple “grep”
- egg modules is a config to find to vulnerabilities
- you can use at C, PHP, javascript, ruby etc
- Save results at XML file
- create your own modules etc…
- why static ?
Also Read – Box.JS : A Tool For Studying JavaScript Malware
