Top 23 program-analysis Open-Source Projects

x64dbg

32 43,128 9.1 C++

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Project mention: we need a 2015E revival. | /r/oldrobloxrevivals | 2023-12-07

pyre-check

24 6,687 9.9 OCaml

Performant type-checking for python.

Project mention: Pylyzer – A fast static code analyzer and language server for Python | news.ycombinator.com | 2024-04-11

Did you come across pyre in your search? MIT license and pretty fast.
https://github.com/facebook/pyre-check

InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Detect-It-Easy

18 6,525 9.4 JavaScript

Program for determining types of files for Windows, Linux and MacOS.

Project mention: E-book piracy - a weird ZIP file | /r/Piracy | 2023-05-17

If it was me, I'd first run something like DIE on it (I have a few such programs installed)- https://github.com/horsicq/Detect-It-Easy

mythril

12 3,706 8.2 Python

Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.

Project mention: Fuzzing Around: Better Smart Contract Testing through the Power of Random Inputs | dev.to | 2023-04-25

Fuzzing has been around for a while in traditional full-stack development, but a new class of tools is here that can apply fuzzing to smart contract testing in web3. Some of the fuzzing tools include the open source Echidna and MythX.

manticore

5 3,631 3.8 Python

Symbolic execution tool
Triton

4 3,299 7.8 C++

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code. (by JonathanSalwan)
rizin

46 2,413 9.8 C

UNIX-like reverse engineering framework and command-line toolset.

Project mention: Refix: Fast, Debuggable, Reproducible Builds | news.ycombinator.com | 2024-04-02

Just for the record, for nicer inspection of files with such debug information, including compressed sections, and debuginfod support, Rizin[1] can be used, since starting from the 0.7.0 release[2] all of those were added.
[1] https://rizin.re
[2] https://github.com/rizinorg/rizin/releases/tag/v0.7.0

WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
pyt

2 2,161 0.0 Python

A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
DIE-engine

1 2,093 10.0 C++

DIE engine
ikos

14 1,979 7.5 C++

Static analyzer for C/C++ based on the theory of Abstract Interpretation.

Project mention: Static analyzer IKOS 3.2 Released | news.ycombinator.com | 2023-12-28

bap

3 1,970 4.5 OCaml

Binary Analysis Platform
bindiff

2 1,863 7.3 Java

Quickly find differences and similarities in disassembled code

Project mention: BinDiff is now open source | news.ycombinator.com | 2023-09-29

VMProtect-devirtualization

3 1,049 0.0 Roff

Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.
cwe_checker

1 1,045 7.1 Rust

cwe_checker finds vulnerable patterns in binary executables
semgrep-rules

8 704 9.5 Solidity

Semgrep rules registry

Project mention: Powerful SAST project for Android Application Security | /r/bugbounty | 2023-06-21

Nice and all, but why not contribute to https://github.com/returntocorp/semgrep-rules ?

psychec

4 496 7.3 C++

A compiler frontend for the C programming language
vast

2 334 9.9 C++

VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.

Project mention: Print(“lol”) doubled the speed of my Go function | news.ycombinator.com | 2023-08-23

Most languages target C or LLVM, and C and LLVM have a fundamentally lossy compilation processes.
To get around this, you'd need a hodge podge of pre compiler directives, or take a completely different approach.
I found a cool project that uses a "Tower of IRs" that can restablish source to binary provenance, which, seems to me, to be on the right track:
https://github.com/trailofbits/vast
I'd definitely like to see the compilation processes be more transparent and easy to work with.

crab

1 215 5.8 C++

A library for building abstract interpretation-based analyses (by seahorn)
siderophile

1 189 5.8 Rust

Find the ideal fuzz targets in a Rust codebase
MATE

1 165 0.0 Python

MATE is a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code using Code Property Graphs. (by GaloisInc)
Sojobo

1 132 0.0 F#

A binary analysis framework
cclyzerpp

1 109 4.2 C++

cclyzer++ is a precise and scalable pointer analysis for LLVM code.
Gymbo

2 34 8.8 C++

gradient-based symbolic execution engine implemented from scratch

Project mention: [P] Let's Debug Your Neural Network: Gradient-based Symbolic Execution for NN | /r/MachineLearning | 2023-12-04

I have developed Gymbo, a proof of concept for a Gradient-based Symbolic Execution Engine implemented from scratch.

SaaSHub

www.saashub.com sponsored

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-04-11.

program-analysis related posts

Refix: Fast, Debuggable, Reproducible Builds
4 projects | news.ycombinator.com | 2 Apr 2024
LLM4Decompile: Decompiling Binary Code with LLM
6 projects | news.ycombinator.com | 17 Mar 2024
Static analyzer IKOS 3.2 Released
1 project | news.ycombinator.com | 28 Dec 2023
Static analyzer IKOS 3.2-rc1 published – Request for testers
1 project | news.ycombinator.com | 17 Dec 2023
[P] Let's Debug Your Neural Network: Gradient-based Symbolic Execution for NN
1 project | /r/MachineLearning | 4 Dec 2023
Rizin – Free and Open Source Reverse Engineering Framework
1 project | news.ycombinator.com | 14 Nov 2023
Show HN: I spent 6 months building a new C debugger as a 17-year-old
4 projects | news.ycombinator.com | 11 Nov 2023
A note from our sponsor - SaaSHub
www.saashub.com | 19 Apr 2024

SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source program-analysis projects? This list will help you:

	Project	Stars
1	x64dbg	43,128
2	pyre-check	6,687
3	Detect-It-Easy	6,525
4	mythril	3,706
5	manticore	3,631
6	Triton	3,299
7	rizin	2,413
8	pyt	2,161
9	DIE-engine	2,093
10	ikos	1,979
11	bap	1,970
12	bindiff	1,863
13	VMProtect-devirtualization	1,049
14	cwe_checker	1,045
15	semgrep-rules	704
16	psychec	496
17	vast	334
18	crab	215
19	siderophile	189
20	MATE	165
21	Sojobo	132
22	cclyzerpp	109
23	Gymbo	34