Tag Archives: Static Analysis

gokart : Static Analysis Tool For Securing Go code

GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe, which reduces the number of false positives compared to other Go security scanners. For …

Continue reading “gokart : Static Analysis Tool For Securing Go code”

Aura : Python Source Code Auditing And Static Analysis On A Large Scale

Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code enable an organization to conduct …

Continue reading “Aura : Python Source Code Auditing And Static Analysis On A Large Scale”

Scanmycode-Ce : Code Scanning/SAST/Static Analysis/Linting Using Many tools/Scanners

Scanmycode-Ce is a Code Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech stacks. Similar to SonarQube, but it is different. TLDR To install it. Install docker and docker-compose and then: 2 options Fastest (use DockerHub built images). If unsure, use this. git clone …

Continue reading “Scanmycode-Ce : Code Scanning/SAST/Static Analysis/Linting Using Many tools/Scanners”

Mininode : A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis

Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction (1) coarse, (2) fine. Mininode constructs the dependency graph (modules and functions used) of the application starting from main file, i.e. entry point of the application. Mininode initializes entry point …

Continue reading “Mininode : A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis”

Mariana Trench : Security Focused Static Analysis Tool For Android And Java Applications

Mariana Trench is a security focused static analysis platform targeting Android. This guide will walk you through setting up Mariana Trench on your machine and get you to find your first remote code execution vulnerability in a small sample app. These instructions are also available at our website. Prerequisites Mariana Trench requires a recent version of Python. …

Continue reading “Mariana Trench : Security Focused Static Analysis Tool For Android And Java Applications”

Xori : An Automation-Ready Disassembly & Static Analysis Library

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. Architectures: i386 x86-64 File Formats PE, PE+ Plain shellcode Current Features Outputs json of the 1) Disassembly, 2) Functions, and 3) Imports. Manages Image and Stack memory. 2 modes: Light Emulation – meant to enumerate …

Continue reading “Xori : An Automation-Ready Disassembly & Static Analysis Library”