Penetration testing commands for Code Analysis
Code analysis entails the review of source code to uncover security flaws, coding errors, and logical vulnerabilities. It covers both static and dynamic analysis techniques essential for securing software at the development stage.
| Name | Description | Price |
|---|---|---|
| Adhrit | Android APK reversing and analysis suite | Free |
| AndroBugs Framework | Android APK vulnerability analyzer | Free |
| APKHunt | Static code analysis for Android apps that is based on the OWASP MASVS framework | Free |
| APKLeaks | Scanning APK file for URIs, endpoints and secrets | Free |
| Bearer | Static application security testing tool that helps discover, filter, and prioritize security risks and vulnerabilities | Free |
| Brakeman | Static analysis security vulnerability scanner for Ruby on Rails applications | Free |
| cIFrex | Regexp static code analysis | Free |
| CodeCat | Automatic code static analysis tool to detect bugs and vulnerabilities | Free |
| CodeQL | Semantic code analysis engine; discover vulnerabilities across a codebase, lets you query code as though it were data, write a query to find all variants of a vulnerability | Free |
| Dawnscanner | Sstatic analysis security scanner for ruby written web applications; supports Sinatra, Padrino and Ruby on Rails frameworks | Free |
| Joern | Code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs | Free |
| Kube-hunter | Scanner for security weaknesses in Kubernetes clusters | Free |
| LICMA | Language Independent Crypto-Misuse Analysis; multi-language analysis tool to identify incorrect initialization of crypto functions | Free |
| MobSF | Android APK vulnerability analyzer | Free |
| NodeJsScan | Static security code scanner for Node.js applications | Free |
| QARK | Android APK vulnerability analyzer | Free |
| Semgrep | Static analysis engine for detecting vulnerabilities for many languages | Paid |
| SonarQube | Automatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rules | Free |
| StaCoAn | Mobile applications static code analysis tool | Free |
| SUPER | Android APK vulnerability analyzer | Free |
| Tfsec | Misconfiguration scanner for terraform code | Free |
| Trivy | Vulnerability and misconfiguration scanner for containers (OS and language-specific packages) | Free |
| weggli | Semantic search tool for C and C++ designed to help security researchers identify interesting functionality in large codebases | Free |
| wpBullet | Static code analysis for WordPress Plugins and Themes (and PHP) | Free |