Mosca is a manual analysis tool to find bugs like a grep unix command and since it is not dynamic the uses static code to search don’t confuse with academic views hahaha don’t have graph here or CFG which is a simple “grep”
- egg modules is a config to find to vulnerabilities
- Save results at XML file
- create your own modules etc…
- why static ?