Home / Tools / code-audit

Packages that audit existing source code for vulnerability analysis.

Tool count: 48

Name Version Description Category Website
androwarn 135.626c02d Yet another static code analyzer for malicious Android applications. mobile code-audit
bandit 1.7.7 Python security linter from OpenStack Security code-audit
bof-detector 19.e08367d A simple detector of BOF vulnerabilities by source-code-level check. code-audit
brakeman 1:v6.1.2.1.r3.g76b50de03 A static analysis security vulnerability scanner for Ruby on Rails applications code-audit exploitation scanner
cflow 1.7 A C program flow analyzer. code-audit
checkov 3.2.96.r0.g6c3b45ca4 Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages. code-audit
codeql 1:2.8.1 The CLI tool for GitHub CodeQL automation code-audit
cppcheck 2.12.0 A tool for static C/C++ code analysis code-audit
cpptest 2.0.0 A portable and powerful, yet simple, unit testing framework for handling automated tests in C++. code-audit
detect-secrets v1.5.0.r8.gb02ff0d An enterprise friendly way of detecting and preventing secrets in code. code-audit
devaudit 803.ca0a68e An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams. code-audit
dscanner 0.15.2 Swiss-army knife for D source code. code-audit
expose 1110.30264af A Dynamic Symbolic Execution (DSE) engine for JavaScript binary reversing code-audit
flawfinder 2.0.19 Searches through source code for potential security flaws. code-audit scanner
git-dump 7.4c9a2a9 Dump the contents of a remote git repository without directory listing enabled. scanner code-audit
githound v1.7.1.r15.g1d20536 Find secret information in git repositories. code-audit recon
graudit 621.675eaa9 Grep rough source code auditing tool. code-audit
horusec v2.9.0.beta.2.r1.g873d4104 Static code analysis to identify security flaws for many languages. code-audit
leena 2.5119f56 Symbolic execution engine for JavaScript binary code-audit
local-php-security-checker v2.1.3.r0.g4f59cf8 A command line tool that checks your PHP application packages with known security vulnerabilities. code-audit
mosca 130.a7e725d Static analysis tool to find bugs like a grep unix command. code-audit
njsscan 0.3.1 A static application testing (SAST) tool that can find insecure code patterns in your node.js applications. code-audit
peach-fuzz 55.404e8ee Simple vulnerability scanning framework. fuzzer code-audit
pfff 0.29 Tools and APIs for code analysis, visualization and transformation code-audit
php-malware-finder 0.3.4.r82.g87b6d7f Detect potentially malicious PHP files. webapp malware scanner code-audit
php-vulnerability-hunter An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. windows webapp code-audit
phpstan 10806.3cb6d5957 PHP Static Analysis Tool - discover bugs in your code without running it. code-audit
procyon 0.6 A suite of Java metaprogramming tools focused on code generation and analysis. decompiler code-audit
pscan 1.3 A limited problem scanner for C source files code-audit
rats 6.4ba54ce A rough auditing tool for security in source code files. It is a tool for scanning C, C++, Perl, PHP, Python and Ruby source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool. code-audit
retire 5.0.0.beta.1.r19.g11f13ca Scanner detecting the use of JavaScript libraries with known vulnerabilities. scanner code-audit
semgrep 1.72.0 Lightweight static analysis for many languages. code-audit
shellcheck 0.10.0 Shell script analysis tool code-audit
slither 1:4441.1a50b8ef0 Solidity static analysis framework written in Python 3. code-audit exploitation
smalisca 58.1aa7a16 Static Code Analysis for Smali files. mobile code-audit
snyk 1.1283.0 CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies. code-audit scanner
sonar-scanner Generic CLI tool to launch project analysis on SonarQube servers. code-audit
spaf 11.671a976 Static Php Analysis and Fuzzer. webapp fuzzer code-audit
splint 3.1.2.git20180129 A tool for statically checking C programs for security vulnerabilities and coding mistakes code-audit
spotbugs 17383.9563fb9e3 A tool for static analysis to look for bugs in Java code. code-audit
stacoan 0.90 Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. mobile code-audit
stoq 769.8bfc78b An open source framework for enterprise level automated analysis. code-audit
tell-me-your-secrets 1:v2.4.2.r2.g873a4c9 Find secrets on any machine from over 120 Different Signatures. code-audit forensic
valgrind 3.23.0 A tool to help find memory-management problems in programs binary code-audit
whispers 2.2.1.r3.g8f17f77 Identify hardcoded secrets and dangerous behaviours. code-audit
wpbullet 34.6185112 A static code analysis for WordPress (and PHP). code-audit webapp
wscript 201.0410be2 Emulator/tracer of the Windows Script Host functionality. code-audit
yasca 2.1 Multi-Language Static Analysis Toolset. code-audit