...
| Tool Name | Description | |
|---|---|---|
| Static analysis | Coverity | This tool finds defects and security vulnerabilities in custom source code written in C, C++, Java, C#, JavaScript and more |
| Veracode | Veracode provides multiple security analysis technologies on a single platform, including static analysis, dynamic analysis, mobile application behavioral analysis and software composition analysis. | |
| Helix QAC | Helix QAC is the most accurate static code analyzer for C and C++. | |
| CodeSonar | CodeSonar performs a unified dataflow and symbolic execution analysis that examines the computation of the entire program. | |
| Dynamic analysis | angr | angr is a platform-agnostic binary analysis framework. It performs
|
| KLEE | KLEE is a symbolic virtual machine built on top of the LLVM compiler infrastructure, and available under the UIUC open source license. | |
| Valgrind | Valgrind tool suite provides a number of debugging and profiling tools. | |
| LLVM/Clang Sanitizers | It is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library. The tool can detect the following types of bugs:
| |
| FlowDroid (Java) | FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool, it could be leveraged to scan Java Bytecode. | |
| Pen test | Metasploit | The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. |
| Autosploit | AutoSploit attempts to automate the exploitation of remote hosts. | |
| Armitage | Armitage is a graphical cyber attack management tool for the Metasploit. | |
| cisco-global-exploiter | Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool . | |
| OWASP Zed Attack Proxy (ZAP) | OWASP ZAP is an open-source web application security scanner. | |
| Fuzzing test | OSS-Fuzz | OSS-Fuzz conducts continuous fuzzing of open source softwares. |
| AFL | American fuzzy lop is a fuzzer that employs genetic algorithms in order to efficiently increase code coverage of the test cases. | |
| Vulnerability analysis | Cybellum | Cybellum V-Ray ™. Gives full component visibility and risk assessment, based on automated vulnerability detection. |
| Veracode | It secures the applications you build, buy, & manage | |
| OpenVAS | The OpenVAS scanner is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices. | |
| Wireshark | Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. | |
| Nessus Professional | Nessus helps the security pros on the front lines quickly and easily identify and fix vulnerabilities - including software flaws, missing patches, malware, and misconfigurations. | |
| John the Ripper | John the Ripper is a free password cracking software tool. | |
| Stress Test | SlowHTTPTest | It is a Application Layer DoS attack simulator. |
| OVS+TcpReplayPktgen/MoonGen w/ DPDK | It is a high throughput packet generator. |
...