Alternatives and similar repositories for flawfinder:

Users that are interested in flawfinder are comparing it to the libraries listed below

• fkie-cad / cwe_checker
  cwe_checker finds vulnerable patterns in binary executables
  ☆1,184Updated 2 months ago
• armijnhemel / binaryanalysis-ng
  Binary Analysis Next Generation (BANG)
  ☆492Updated 2 months ago
• jfoote / exploitable
  The 'exploitable' GDB plugin
  ☆723Updated 2 years ago
• 0xdea / semgrep-rules
  A collection of my Semgrep rules to facilitate vulnerability research.
  ☆605Updated 7 months ago
• uds-se / FormatFuzzer
  FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs.
  ☆406Updated 2 years ago
• google / fuzztest
  ☆795Updated this week
• splintchecker / splint
  Splint - annotation-assisted static program checker
  ☆316Updated 2 months ago
• analysis-tools-dev / dynamic-analysis
  ⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.
  ☆973Updated 2 weeks ago
• Wenzel / checksec.py
  Checksec tool in Python, Rich output. Based on LIEF
  ☆324Updated 5 months ago
• aflnet / aflnet
  AFLNet: A Greybox Fuzzer for Network Protocols (https://thuanpv.github.io/publications/AFLNet_ICST20.pdf)
  ☆901Updated 6 months ago
• GJDuck / e9patch
  A powerful static binary rewriting tool
  ☆1,006Updated last month
• andrew-d / rough-auditing-tool-for-security
  Automatically exported from code.google.com/p/rough-auditing-tool-for-security
  ☆84Updated 3 years ago
• hardik05 / Damn_Vulnerable_C_Program
  An example C program which contains vulnerable code for common types of vulnerabilities. It can be used to show fuzzing concepts.
  ☆685Updated 4 months ago
• microsoft / binskim
  A binary static analysis tool that provides security and correctness results for Windows Portable Executable and *nix ELF binary formats
  ☆789Updated this week
• ossf / fuzz-introspector
  Fuzz Introspector -- introspect, extend and optimise fuzzers
  ☆398Updated this week
• googleprojectzero / TinyInst
  A lightweight dynamic instrumentation library
  ☆1,207Updated 2 months ago
• nimble-code / Cobra
  An interactive (fast) static source code analyzer
  ☆143Updated 3 weeks ago
• google / clusterfuzzlite
  ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
  ☆469Updated 2 months ago
• airbus-seclab / c-compiler-security
  Security-related flags and options for C compilers
  ☆188Updated 2 years ago
• semgrep / semgrep-rules
  Semgrep rules registry
  ☆857Updated this week
• secure-software-engineering / phasar
  A LLVM-based static analysis framework.
  ☆963Updated this week
• GJDuck / EnvFuzz
  Fuzz anything with Program Environment Fuzzing
  ☆373Updated 3 weeks ago
• scriptingxss / owasp-fstm
  The Firmware Security Testing Methodology (FSTM) is composed of nine stages tailored to enable security researchers, software developers,…
  ☆406Updated 2 years ago
• google / fuzzbench
  FuzzBench - Fuzzer benchmarking as a service.
  ☆1,120Updated 2 weeks ago
• ucsb-seclab / karonte
  Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware
  ☆401Updated 3 years ago
• googleprojectzero / winafl
  A fork of AFL for fuzzing Windows binaries
  ☆2,389Updated 2 months ago
• google / centipede
  ☆253Updated last year
• google / fuzzer-test-suite
  Set of tests for fuzzing engines
  ☆1,435Updated 3 years ago
• conikeec / seeve
  A set of vulnerable C code snippets (with mapped CVEs)
  ☆72Updated 7 months ago
• fuzzstati0n / fuzzgoat
  A vulnerable C program for testing fuzzers.
  ☆193Updated 2 years ago