Search Results for "static code analysis" - Page 2
Sort By:
Showing 56 open source projects for "static code analysis"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
1
PHPCorrector
XSS and SQLi vulnerabilities corrrector for PHP web applications
PHPCorrector is a tool that scans your PHP code to find Cross-Site Scripting (XSS) and SQL Injection (SQLi) vulnerabilities. When a vulnerability is found, it is corrected automatically. -
2
ansvif
An advanced cross platform fuzzing framework suited to find code bugs.
ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids... -
3
CapAnalysis
PCAP from another point of view
CapAnalysis is a web visual tool for information security specialists, system administrators and everyone who needs to analyze large amounts of captured network traffic. Analyze TCP and UDP streams Support multible datasets Perform deep packet inspection Support filtering capability Source Code: https://github.com/xplico/CapAnalysis -
4
__Alien Cipher
A bespoke symmetric cipher.
Released under 'Creative Commons v3' license Alien Cipher is an endeavour to build my own symmetric cipher. The primary aim is to simply learn the fundamentals and finer details of cryptography in general and build working examples of my ideas in code. The code is shared here for posterity (future folk) in the guise that it may help others also on the path to cryptography. This code demo uses a 256bit rolling hash table (8x8bytes) at its heart to mix together pre-defined parameters in a way that allows the cipher to produce encoded output that is locked to a key of arbitrary length without padding. ... -
Catch Bugs Before Your Customers DoMove from alert to fix before users notice. AppSignal monitors errors, performance bottlenecks, host health, and uptime—all from one dashboard. Instant notifications on deployments, anomaly triggers for memory spikes or error surges, and seamless log management. Works out of the box with Rails, Django, Express, Phoenix, Next.js, and dozens more. Starts at $23/month with no hidden fees.
-
5
RIPS - PHP Security Analysis
Free Static Code Analysis Tool for PHP Applications
RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/ -
6
Network Tracking Database
Track your ARP/MAC table changes and so much more
The Network Tracking Database (NetDB for short) tracks all changes to the MAC address tables on your switches and the ARP tables on your routers over time stored in MySQL. It supports extensive switch, VLAN and vendor code reports from a CLI or Web App. NetDB can generate CSV reports, track the usage of static IP addresses, record neighbor discovery data and much more. There is now a VM "appliance" with easier upgrades available in the Files section. See the http://netdbtracking.sourceforge.net for more details. -
7
BTCore
A Collection of Useful Java/Swing Code
NEWEST FEATURE ---------- Added one line ".zip" extraction to Util class! Added one line ".zip" extraction from URL (web) and one line file download from URL! BTCore is a library that was designed to be used with all of Banotech's software. It includes a tremendous amount of code snippets and classes that have been boiled down to allow ease of use by everyone. BTCore is, and always will be FREE. It has tools that we scrapped together over our last few projects, and that we found... -
8
FACPL - Access control policies
A Java library for Attribute-based Access Control Policies
FACPL: a Java-based library for the specification and enforcement of Access Control policies - Attribute-based Access Control Policies - Advanced features for the management of, e.g., combining algorithms and missing attributes - Generation of XACML code starting from FACPL code - Generation of FACPL code starting from XACML code Source Code: https://github.com/andreamargheri/FACPL/ -
9
Web Application Protection
Tool to detect and correct vulnerabilities in PHP web applications
...WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. ... -
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI Studio. Switch between models without switching platforms.
-
10
theZoo
A repository of LIVE malwares for malware analysis and security
theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev. theZoo’s purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe... -
11
ESSPEE - Penetration Testing & Forensics
(Android Forensics & Malware Analysis Included)
ESSPEE - Extreme Security Scanning Penetration testing & Exploitation Environment Ubuntu 12.04 LTS (Precise Pangolin) is purposefully selected as the base Operating System to obtain supports from Ubuntu for a long duration (till Apr 2017). It is packed with featured security tools with very less resource consumption and higher degree of stability. Thanks to Back Track, Blackbuntu, CAINE and DEFT and many others for inspiration. Being a sole developer to this distro, I wish it... -
12
DEEEP
Detector of Integer Vulnerabilities in Software Portability
DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of aplications from ILP32 to LP64. It uses the tools Lint and Splint, and runs over Open Solaris and Linux operating systems. This tool semantically analyses source code. More precisely, it does type checking, data-flow analysis, and it automatically correlates the results of these two types of analysis. -
13
PHParser
A Lexer and a Parser to PHP scripts
PHParser 1.2 generates a pure Java parser for PHP programs. Invoking this parser yields an explicit parse tree (AST) and a tree walker suitable for further analysis. This tool package is based upon: - ANTLR 3.2 or higher (www.antlr.org). - JDK 1.6 or higher (java.sun.com). - Grammar specifications of PHP 5.3. -
14
Free-SA
Free-SA is report generating tool for web, proxy and mail log files
Free-SA is logs processor and report generating tool. It can be used to control traffic usage, to evaluate conformance to the Internet access security policies, to investigate security incidents, to evaluate web server efficiency and to detect troubles with server configuration. -
15
Forensic Scripts
Forensic scripts for evidence acquisitions, analysis and more
This project contains various scripts and code snippets that can easily be deployed by an incident responder or forensic analyst to aid them in either acquiring or analyzing critical data. You can contact me at: interrupt08@users.sf.net or visit my blog, fork(), at https://forksec.wordpress.com/ -
16
NetStress-NG
NetStress is a DDoS and network stress testing tool.
Syn Flood Attacks SYNFlood with static source port SYNFlood with random source port SYNFlood with static source ip address SYNFlood with random source address SynFlood with fragmented packets ACK Flood Attacks ACK Flood with static source port ACK Flood with random source port ACK Flood with static source ip address ACK Flood with random source address ACK Flood with fragmented packets FIN Flood Attacks FIN Flood with static source port FIN Flood with random source port FIN Flood with static source ip address FIN Flood with random source address FIN Flood with fragmented packets UDP Flood Attacs Static source port udp flood UDP flood with random source port UDP Flood with static source ip address UDP Flood with random source address UDP Flood with fragmented packets ICMP Flood ICMP Flood with all options random(source ip, icmp type, code) HTTP Flood ... ... -
17
Substitution Cipher Decryption
Decrypt messages encrypted with a substitution cipher
...Ciphertext can be modified at any point of the process. • Easy location of corresponding characters in the ciphertext and the substituted text by selection. • Fast frequency analysis for single letters, bigrams, trigrams and quadgrams (more N -grams can be made available by adding a single line of code). • Showing the most common letters (bi-/trigrams) in the ciphertext compared to the most common letters (bi-/trigrams) in the British English language. • Easy assignment and change of the substitution letters... -
18
Post Memory Corruption Memory Analysis
PMCMA - Post Memory Corruption Memory Analysis
Pmcma is a tool aimed at automating the most time consuming taskes of exploitation. It for instance determine why an application is triggering a segmentention fault, evaluate if the faulting instruction can be used to write to memory or execute arbitrary code, and list all the function pointers potentially called from a given point in time by an application. Pmcma is a totally new kind of debugger, which allows for easy experimentation with a process in memory by forcing it to fork. The... -
19
CesTa (Code Enhancing Security Transformation and Analysis) is a tool for enhancing security by program transformations. Focused on Smart Cards (Java Card in particular), powered by Ant, ANTLR and StringTemplates.
-
20
Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
-
21
REL (Research and Education Language) is a simple but very powerfull language with a compiler, an interpreter and a verifier.
-
22
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
-
23
This project aims to develop a prototype system that explores how we should re-invision computer system design based on changes in how people get the software that they run, as well as advances in static analysis of software.
-
24
using PHP (and some ShellScript) to protect your linux server against bruke force attacks(http://en.wikipedia.org/wiki/Brute_force_attack). also keep a log in MySQL and have email reporting
-
25
"mASN1" - mini ASN.1 framework is a light ASN.1 framework written in C# for .NET framework. It can be used for creating classes that model ASN.1 types and are capable of encoding/decoding themselves to BER/DER codes. PER support is planned.
