Penetration testing commands for Code Analysis

Code analysis entails the review of source code to uncover security flaws, coding errors, and logical vulnerabilities. It covers both static and dynamic analysis techniques essential for securing software at the development stage.

NameDescriptionPrice
AdhritAndroid APK reversing and analysis suiteFree
AndroBugs FrameworkAndroid APK vulnerability analyzerFree
APKHuntStatic code analysis for Android apps that is based on the OWASP MASVS frameworkFree
APKLeaksScanning APK file for URIs, endpoints and secretsFree
BearerStatic application security testing tool that helps discover, filter, and prioritize security risks and vulnerabilitiesFree
BrakemanStatic analysis security vulnerability scanner for Ruby on Rails applicationsFree
cIFrexRegexp static code analysisFree
CodeCatAutomatic code static analysis tool to detect bugs and vulnerabilitiesFree
CodeQLSemantic code analysis engine; discover vulnerabilities across a codebase, lets you query code as though it were data, write a query to find all variants of a vulnerabilityFree
DawnscannerSstatic analysis security scanner for ruby written web applications; supports Sinatra, Padrino and Ruby on Rails frameworksFree
JoernCode analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphsFree
Kube-hunterScanner for security weaknesses in Kubernetes clustersFree
LICMALanguage Independent Crypto-Misuse Analysis; multi-language analysis tool to identify incorrect initialization of crypto functionsFree
MobSFAndroid APK vulnerability analyzerFree
NodeJsScanStatic security code scanner for Node.js applicationsFree
QARKAndroid APK vulnerability analyzerFree
SemgrepStatic analysis engine for detecting vulnerabilities for many languagesPaid
SonarQubeAutomatic code review tool to detect bugs, vulnerabilities; continuous code inspection automated with static code analysis rulesFree
StaCoAnMobile applications static code analysis toolFree
SUPERAndroid APK vulnerability analyzerFree
TfsecMisconfiguration scanner for terraform codeFree
TrivyVulnerability and misconfiguration scanner for containers (OS and language-specific packages)Free
weggliSemantic search tool for C and C++ designed to help security researchers identify interesting functionality in large codebasesFree
wpBulletStatic code analysis for WordPress Plugins and Themes (and PHP)Free