The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 dynamic-analysis Open-Source Projects
-
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
-
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
-
MobileApp-Pentest-Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
-
Triton
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code. (by JonathanSalwan)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
awesome-frida
Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
-
awesome-symbolic-execution
A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.
-
dynamic-analysis
⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03Trufflehog
Project mention: More ways to identify independently security tested apps on Google Play | news.ycombinator.com | 2023-11-03
Project mention: Platform for Architecture-Neutral Dynamic Analysis (Panda) | news.ycombinator.com | 2024-03-11
Project mention: Starting MIT - 6.858 Cybersecurity - anyone wanna do it together? | /r/cybersecurity | 2023-05-28At fist glance the only tricky part might be symbolic execution. Here's a page that will have you covered and help establish a proper context: https://github.com/ksluckow/awesome-symbolic-execution
They keep the dynamic analysis tools in a separate repository: https://github.com/analysis-tools-dev/dynamic-analysis
Both repos link each other close to the tops of their respective readmes. Annoyingly, though, their dynamic webstite seems to only include the static tools.
Enlightn scans your code to check whether it follows best practices in performance, security, and reliability. It's a paid tool, but it also has free checks you can use. At the time of writing, it has 64 checks in the free version and 128 checks in the paid version. For the purposes of this article, we'll only be using the free version.
Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.
1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.
dynamic-analysis related posts
- Platform for Architecture-Neutral Dynamic Analysis (Panda)
- Hacking & Gaming :)
- casr: Collect crash reports, triage, and estimate severity - estimates the security implications from native crash dumps
- Preventing Installing Composer Dependencies with Known Security Vulnerabilities
- Mass Assignment Vulnerabilities and Validation in Laravel
- Security Snapshot Testing Inside Your Jest Test Suite
- GitHub - sandworm-hq/sandworm-jest: Security Snapshot Testing Inside Your Jest Test Suite
-
A note from our sponsor - WorkOS
workos.com | 24 Apr 2024
Index
What are some of the best open-source dynamic-analysis projects? This list will help you:
Project | Stars | |
---|---|---|
1 | x64dbg | 43,170 |
2 | Mobile-Security-Framework-MobSF | 16,289 |
3 | trufflehog | 13,863 |
4 | owasp-mastg | 11,272 |
5 | awesome-malware-analysis | 11,057 |
6 | MobileApp-Pentest-Cheatsheet | 4,398 |
7 | Triton | 3,299 |
8 | awesome-frida | 2,909 |
9 | panda | 2,413 |
10 | frida-snippets | 2,133 |
11 | bap | 1,975 |
12 | mutant | 1,921 |
13 | awesome-symbolic-execution | 1,251 |
14 | CrossHair | 944 |
15 | dynamic-analysis | 865 |
16 | enlightn | 861 |
17 | fsmon | 800 |
18 | packj | 613 |
19 | debugoff | 272 |
20 | sandworm-guard-js | 248 |
21 | casr | 237 |
22 | allsafe | 187 |
23 | opem | 185 |
Sponsored