Home / Tools / code-audit

Packages that audit existing source code for vulnerability analysis.

Tool count: 41

Name Version Description Category Website
androwarn 135.626c02d Yet another static code analyzer for malicious Android applications. mobile code-audit
bof-detector 19.e08367d A simple detector of BOF vulnerabilities by source-code-level check. code-audit
brakeman 3758.927a8003c A static analysis security vulnerability scanner for Ruby on Rails applications code-audit exploitation scanner
cflow 1.6 A C program flow analyzer. code-audit
codeql 1:2.5.5 The CLI tool for GitHub CodeQL automation code-audit
cppcheck 2.6 A tool for static C/C++ code analysis code-audit
cpptest 2.0.0 A portable and powerful, yet simple, unit testing framework for handling automated tests in C++. code-audit
detect-secrets v1.1.0.r18.gfefc670 An enterprise friendly way of detecting and preventing secrets in code. code-audit
devaudit 803.ca0a68e An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams. code-audit
dscanner 0.11.1 Swiss-army knife for D source code. code-audit
expose 1110.30264af A Dynamic Symbolic Execution (DSE) engine for JavaScript binary reversing code-audit
flawfinder 2.0.19 Searches through source code for potential security flaws. code-audit scanner
git-dump 7.4c9a2a9 Dump the contents of a remote git repository without directory listing enabled. scanner code-audit
graudit 534.63e12d7 Grep rough source code auditing tool. code-audit
leena 2.5119f56 Symbolic execution engine for JavaScript binary code-audit
local-php-security-checker v1.2.0.r0.gf883cc5 A command line tool that checks your PHP application packages with known security vulnerabilities. code-audit
mosca 112.7d33611 Static analysis tool to find bugs like a grep unix command. code-audit
njsscan 0.2.8 A static application testing (SAST) tool that can find insecure code patterns in your node.js applications. code-audit
peach-fuzz 55.404e8ee Simple vulnerability scanning framework. fuzzer code-audit
pfff 0.29 Tools and APIs for code analysis, visualization and transformation code-audit
php-vulnerability-hunter An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. windows webapp code-audit
phpstan 6331.5ff10f304 PHP Static Analysis Tool - discover bugs in your code without running it. code-audit
procyon 0.6 A suite of Java metaprogramming tools focused on code generation and analysis. decompiler code-audit
pscan 1.3 A limited problem scanner for C source files code-audit
rats 6.4ba54ce A rough auditing tool for security in source code files. It is a tool for scanning C, C++, Perl, PHP, Python and Ruby source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool. code-audit
retire 3.0.3.r0.g6511e2a Scanner detecting the use of JavaScript libraries with known vulnerabilities. scanner code-audit
shellcheck 0.7.2 Shell script analysis tool code-audit
slither 1:2327.82360106 Solidity static analysis framework written in Python 3. code-audit exploitation
smalisca 58.1aa7a16 Static Code Analysis for Smali files. mobile code-audit
snyk 1.642.0 CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies. code-audit scanner
spaf 11.671a976 Static Php Analysis and Fuzzer. webapp fuzzer code-audit
splint 3.1.2.git20180129 A tool for statically checking C programs for security vulnerabilities and coding mistakes code-audit
spotbugs 16468.0a34d96f8 A tool for static analysis to look for bugs in Java code. code-audit
stacoan 0.90 Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. mobile code-audit
stoq 766.eea553d An open source framework for enterprise level automated analysis. code-audit
tell-me-your-secrets v.2.4.0.r1.gd7d2e74 Find secrets on any machine from over 120 Different Signatures. code-audit forensic
valgrind 3.17.0 A tool to help find memory-management problems in programs binary code-audit
whispers 1.5.3.r11.g1a28191 Identify hardcoded secrets and dangerous behaviours. code-audit
wpbullet 34.6185112 A static code analysis for WordPress (and PHP). code-audit webapp
wscript 201.0410be2 Emulator/tracer of the Windows Script Host functionality. code-audit
yasca 2.1 Multi-Language Static Analysis Toolset. code-audit