Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp

Stars: ✭ 1,516 (+1066.15%)

Mutual labels: owasp

Gda Android Reversing Tool

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

Stars: ✭ 2,332 (+1693.85%)

Mutual labels: vulnerability-scanners

Awesome Hacking Resources

A collection of hacking / penetration testing resources to make you better!

Stars: ✭ 11,466 (+8720%)

Mutual labels: owasp

Grepbugs

A regex based source code scanner.

Stars: ✭ 118 (-9.23%)

Mutual labels: static-code-analysis

Patrowldocs

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Stars: ✭ 105 (-19.23%)

Mutual labels: vulnerability-scanners

Drek

A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.

Stars: ✭ 103 (-20.77%)

Mutual labels: static-code-analysis

View All Similar Projects ➔

The Owasp Orizon project

Owasp Orizon is a source code static analyzer tool designed to spot security issues in Java applications.

The history

It was a dark and stormy night in Milan, Italy. It was 2006 and I felt the need of something helping me in reviewing other people java source code. So Owasp Orizon born and grew up as security tool trying to parse Java source code, building an Abstract Syntax Tree and spot for unsafe calls in the code.

In the very beginning Owasp Orizon was a sort of enhanced grep tool. In 2008, I started supporting PHP programming language but the initial boost disappeared. After being in love with other programming languages and technolgies, eight years later, in 2016 I kickstarted the project again from scratch.

The typo

The mission

Source code contains bugs and vulnerabilities. Owasp Orizon will help either application security specialists or developersto spot vulnerabilities in their code and to create security patches.

Owasp Orizon mission is to provide people an opensource tool, helping them in reviewing:

single Java classes
java standalone tools packed in JAR files
web applications packed in EAR / WAR files
Android APK applications

An overall introduction

When you launch Owasp Orizon it will start unpkacing the target file if not a standalone .class file.

First security analysis stage is about vulnerabilities from third party libraries. Owasp Orizon will try to understand target package dependencies and than look for known security issues.

As knowledge base for third party library vulnerabilities, Owasp Orizon will support:

vFeed.io database. Please note that we don't redistribute the database. You must go on vFeed website and purchase the license that best fits your tool usage
CVE archive from NVD

After this stage, Owasp Orizon will perform a walkthrough on Owasp TOP 10 security risks, using Apache BCEL library to disassemble java bytecode.

Usage

More a reminder than a real doc here

java -Dlog4j.configurationFile=./log4j2.xml -jar target/owasp-orizon-1.0-SNAPSHOT.jar

The overall design

To be written

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 130

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (4) 🔗