Mosca is a manual analysis tool to find bugs like a grep unix command and since it is not dynamic the uses static code to search don’t confuse with academic views hahaha don’t have graph here or CFG which is a simple “grep”
- egg modules is a config to find to vulnerabilities
- you can use at C, PHP, javascript, ruby etc
- Save results at XML file
- create your own modules etc…
- why static ?
![](https://1.bp.blogspot.com/-2UZCKlojBVM/XaVKq_7JasI/AAAAAAAAC6U/tQzvvONevLI_XzRgd9YMdi73iNcBkcZxACLcBGAsYHQ/s1600/Mosca.jpg)
Also Read – Box.JS : A Tool For Studying JavaScript Malware