SaaSHub helps you find the best software and product alternatives Learn more β
Top 23 dynamic-analysis Open-Source Projects
-
x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Several months have passed since the last part was posted. Maintainers of x64dbg have continued to improve its functionality. They also opened a task to update the development tools. So in this post, we will continue the analysis based on commit f518e50 code and, where possible, we'll compare it with the commit 9785d1a, which is accurate at the time of writing.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
-
Trufflehog is a tool that can scan multiple sources (filesystem, git, have a pre commit hook, Postman), integrate in CI / Docker environment, etc... .
-
-
owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
The OWASP Mobile Application Security (MAS) flagship project provides a robust security standard for mobile apps, known as the OWASP MASVS, along with a comprehensive testing guide (OWASP MASTG). These resources cover the processes, techniques, and tools used during a mobile app security test, ensuring consistent and complete results.
-
MobileApp-Pentest-Cheatsheet
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
-
Triton
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code. (by JonathanSalwan)
-
awesome-frida
Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
-
Project mention: Binsider β Analyze binaries without leaving the terminal | news.ycombinator.com | 2024-09-30
-
Indeed, the tooling is the problem. And I wouldn't hold my breath to see this tooling being implemented, as the feature has been around for quite a bit.
IMHO, PANDA [1] remains a better/more practical choice for whole-system record/replay analysis. It already offers quite a bit of tooling (including a python interface), as well as hooks to build your own. It does have its own shortcomings (speed and not being in-sync with the latest QEMU), but at least you're not limited to gdb-based debugging.
[1] https://panda.re/
-
-
-
-
awesome-symbolic-execution
A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.
-
Project mention: CrossHair: Analysis [Python] that blurs the line between testing and [types] | news.ycombinator.com | 2024-12-24
-
dynamic-analysis
βοΈ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.
-
-
Enlightn scans your code to check whether it follows best practices in performance, security, and reliability. It's a paid tool, but it also has free checks you can use. At the time of writing, it has 64 checks in the free version and 128 checks in the paid version. For the purposes of this article, we'll only be using the free version.
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Project mention: A Study of Malware Prevention in Linux Distributions | news.ycombinator.com | 2024-11-21Good to see Packj[1] as one of the malware scanners used.
1. https://github.com/ossillate-inc/packj
Packj detects malicious PyPI/NPM/Ruby/PHP/etc. dependencies using behavioral analysis. It uses static+dynamic code analysis to scan for indicators of compromise (e.g., spawning of shell, use of SSH keys, network communication, use of decode+eval, etc). It also checks for several metadata attributes to detect bad actors (e.g., typo squatting).
-
-
-
-
dynamic-analysis discussion
dynamic-analysis related posts
-
New 34 GitHub Repositories - OpenSource of Dec 21, 2024
-
Platform for Architecture-Neutral Dynamic Analysis (Panda)
-
Hacking & Gaming :)
-
casr: Collect crash reports, triage, and estimate severity - estimates the security implications from native crash dumps
-
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
-
Mass Assignment Vulnerabilities and Validation in Laravel
-
Security Snapshot Testing Inside Your Jest Test Suite
-
A note from our sponsor - SaaSHub
www.saashub.com | 26 Jan 2025
Index
What are some of the best open-source dynamic-analysis projects? This list will help you:
# | Project | Stars |
---|---|---|
1 | x64dbg | 45,251 |
2 | Mobile-Security-Framework-MobSF | 17,932 |
3 | trufflehog | 17,824 |
4 | awesome-malware-analysis | 12,184 |
5 | owasp-mastg | 11,913 |
6 | MobileApp-Pentest-Cheatsheet | 4,758 |
7 | Triton | 3,600 |
8 | awesome-frida | 3,127 |
9 | binsider | 2,943 |
10 | panda | 2,531 |
11 | frida-snippets | 2,337 |
12 | bap | 2,092 |
13 | mutant | 1,959 |
14 | awesome-symbolic-execution | 1,351 |
15 | CrossHair | 1,076 |
16 | dynamic-analysis | 967 |
17 | fsmon | 925 |
18 | enlightn | 926 |
19 | packj | 660 |
20 | debugoff | 307 |
21 | casr | 297 |
22 | sandworm-guard-js | 252 |
23 | allsafe | 231 |