521 Open source projects that are alternatives of or similar to Semgrep Rules

nodejsscan is a static security code scanner for Node.js applications.

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

The CodeQL extractor and libraries for Go.

[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.

Program analysis playground for a simple, imperative language

Security scanner coordinator

Program for determining types of files for Windows, Linux and MacOS.

Binary Analysis Platform

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

TIRO - A hybrid iterative deobfuscation framework for Android applications

cwe_checker finds vulnerable patterns in binary executables

A LLVM-based static analysis framework.

Performant type-checking for python.

Static Analyzer for LLVM bitcode based on Abstract Interpretation

T.J. Watson Libraries for Analysis

Static Analysis Compiler Plugin for Scala

SeaHorn Verification Framework

CoRnucopia of ABstractions: a library for building abstract interpretation-based analyses

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Static Analyzer for LLVM bitcode based on Abstract Interpretation

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

Static analysis of IEC 61131-3 programs

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Kubernetes RBAC static Analysis & visualisation tool

a javascript static security analysis tool

🐞 Primitive Erlang Security Tool

A curated list of vulnerable web applications.

Distributed filesystem scanner

The Java Disassembler

Standalone linter for ABAP

An Android base app with loads of cool libraries/configuration NOT MAINTAINED

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Haxe Checkstyle

IDAPython plugin for finding function strings recursively

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more

Validate and visualize dependencies. Your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.

批量漏洞扫描框架

Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains.

PHP Static Analysis Tool - discover bugs in your code without running it!

golang version for nmap service and application version detection (without nmap installation)

Malware Behavior Analyzer

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

GopherCI was a project to help you maintain high-quality Go projects, by checking each GitHub Pull Request, for backward incompatible changes, and a suite of other third party static analysis tools.

THIS REPOSITORY HAS BEEN MOVED TO https://github.com/wpscanteam/wpscan USE THAT!!!

Setup scripts for my Malware Analysis VMs

Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

A parser and source code analyzer for PL/SQL and Oracle SQL.

A curated list of mathematics documents ,Concepts, Study Materials , Algorithms and Codes available across the internet for machine learning and deep learning

Analyses and reports testability issues of a php codebase

Toolkit for enriching and speeding up static malware analysis

Faster and more efficient stateless SYN scanner and banner grabber due to userland TCP/IP stack usage.

A libre cross-platform disassembler.

Awesome Golang Security resources 🕶🔐

A list of computer-science readings I recommend

Telling tales on you for leaking secrets!

Offensive vulnerability scanner for ethereum, and symbolic execution tool for the Ethereum Virtual Machine

GitHub Sensitive Information Leakage（GitHub敏感信息泄露监控）

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

Extension for PHPStan to allow analysis of Drupal code.