Mosca is a manual analysis tool to find bugs like a grep unix command and since it is not dynamic the uses static code to search don’t confuse with academic views hahaha don’t have graph here or CFG which is a simple “grep”

  • egg modules is a config to find to vulnerabilities
  • you can use at C, PHP, javascript, ruby etc
  • Save results at XML file
  • create your own modules etc…
  • why static ?

Also Read – Box.JS : A Tool For Studying JavaScript Malware