1901 Open source projects that are alternatives of or similar to Krane

kube-scan: Octarine k8s cluster risk assessment tool

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Security scanner coordinator

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

a javascript static security analysis tool

Simple Golang HTTPS/TLS Examples

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Chronos - A static race detector for the go language

Performing security tests inside your CI

Define and run pattern-based custom linting rules.

Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.

Handy utilities for the angr binary analysis framework, most notably CFG visualization

WEB SERVICE SECURITY ASSESSMENT TOOL

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

Vulnerability Patterns Detector for C# and VB.NET

A Simple PE File Heuristics Scanners

☕️ SonarSource Static Analyzer for Java Code Quality and Security

Binee: binary emulation environment

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

An open format definition for static analysis tools

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy

A parser and source code analyzer for PL/SQL and Oracle SQL.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Semgrep rules registry

Kubernetes object analysis with recommendations for improved reliability and security

Graph theory (network) library for visualisation and analysis

Ghidra Analysis Enhancer 🐉

Penetrum LLC opensource security tool list.

The Exakat Engine : smart static analysis for PHP

Awesome .NET Security Resources

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.

Golang security checker

FindBugs static analysis plugin for sbt.

SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.

A library for detecting swapped arguments in function calls, and a Clang Static Analyzer plugin used to demonstrate the library.

PHP Magic Number Detector

Awesome Python Security resources 🕶🐍🔐

A static analysis security vulnerability scanner for Ruby on Rails applications

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more

Awesome Golang Security resources 🕶🔐

nodejsscan is a static security code scanner for Node.js applications.

Telling tales on you for leaking secrets!

Awesome Java Security Resources 🕶☕🔐

Android Mobile Device Hardening

Magic number detector for Go.

CSS complexity linter

A humble, and fast, security-oriented HTTP headers analyzer

Java bytecode analyzer customizable via JSON rules

Scalpel: The Python Static Analysis Framework

Work-in-progress tool to reverse unity's IL2CPP toolchain.

SQL Server static code analysis rules for SSDT database projects

Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules

Source Code Security Audit (源代码安全审计)

Static code analysis for Kotlin