Packages that audit existing source code for vulnerability analysis.

Tool count: 28

BlackArch code-audit
Name Version Description Homepage
bof-detector 19.e08367d A simple detector of BOF vulnerabilities by source-code-level check.
brakeman 3749.69101ca16 A static analysis security vulnerability scanner for Ruby on Rails applications.
cflow 1.6 A C program flow analyzer.
cppcheck 2.5 A tool for static C/C++ code analysis
cpptest 2.0.0 A portable and powerful, yet simple, unit testing framework for handling automated tests in C++.
detect-secrets v1.1.0.r18.gfefc670 An enterprise friendly way of detecting and preventing secrets in code.
devaudit 803.ca0a68e An open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams.
dscanner 0.11.1 Swiss-army knife for D source code
flawfinder 2.0.19 Searches through source code for potential security flaws
graudit 527.f125d88 Grep rough source code auditing tool.
mosca 112.7d33611 Static analysis tool to find bugs like a grep unix command.
njsscan 0.2.8 A static application testing (SAST) tool that can find insecure code patterns in your node.js applications.
pfff 0.29 Tools and APIs for code analysis, visualization and transformation
phpstan 6160.4d61a88ae PHP Static Analysis Tool - discover bugs in your code without running it.
pscan 1.3 A limited problem scanner for C source files
rats 6.4ba54ce A rough auditing tool for security in source code files.
shellcheck 0.7.2 Shell script analysis tool
slither 2320.903799c0 Solidity static analysis framework written in Python 3.
snyk 1.642.0 CLI and build-time tool to find and fix known vulnerabilities in open-source dependencies.
splint 3.1.2.git20180129 A tool for statically checking C programs for security vulnerabilities and coding mistakes
spotbugs 16468.0a34d96f8 A tool for static analysis to look for bugs in Java code.
stoq 766.eea553d An open source framework for enterprise level automated analysis.
tell-me-your-secrets v2.3.0.r7.g68df5c3 Find secrets on any machine from over 120 Different Signatures.
trufflehog 209.912141d Searches through git repositories for high entropy strings, digging deep into commit history.
whispers 1.5.3.r7.g23cb8ea Identify hardcoded secrets and dangerous behaviours.
wpbullet 34.6185112 A static code analysis for WordPress (and PHP).
wscript 201.0410be2 Emulator/tracer of the Windows Script Host functionality.
yasca 2.1 Multi-Language Static Analysis Toolset.