taint-analysis

Performant type-checking for python.

A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Binary Analysis Platform

Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection

An easy-to-learn/use static analysis framework for Java

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

Python source code auditing and static analysis on a large scale

A declarative static analysis tool for jvm bytecode based Datalog like CodeQL

Antidote to VibeCoding

A taint-tracking plugin for the Valgrind memory checking tool

libdft for Intel Pin 3.x and 64 bit platform. (Dynamic taint tracking, taint analysis)

Corax for Java: A general static analysis framework for java code checking.

Teaching and Learning Software Analysis via SVF

A structure-aware grey box fuzzer based on modeling the input processing logic.