BinSkim
BinSkim BinSkim is Microsoft's open-source static analyzer for PE/ELF binaries, scanning for security flaws like missing ASLR or weak RELRO with configurable rules for custom policy checks. Load your executable via CLI, run scans for compliance reports, and integrate into CI for automated binary vetting. GitHub-native and rule-extensible, it's the policy enforcer for reverse engineers auditing hardened builds.
Explore →CodeQL
CodeQL CodeQL is GitHub's semantic query engine for static analysis, treating code as data to hunt vulns like taint flows or unsafe deserializations across languages with custom QL queries. Clone repos or extract from binaries, run analyses via CLI for vulnerability packs, and visualize paths in notebooks. Open-source and query-powered, it's the detective database for pentesters querying codebases like SQL.
Explore →Semgrep
Semgrep Semgrep is the fast, pattern-matching static analyzer for code and binaries, flagging issues like hardcoded secrets or unsafe API calls with YAML rules that run lightning-quick on large repos. Install via pip, scan directories for custom patterns, and output SARIF for IDE integration or reports. Open-source and rule-rich, it's the semantic sniffer for reverse engineers spotting flaws without full parses.
Explore →Flawfinder
Flawfinder Flawfinder is the C/C++ vulnerability scanner that greps source for risky functions like strcpy or gets, scoring potential dangers with line-level reports for quick triage in legacy code audits. Run it on directories via Python script, tuning confidence levels for noise reduction in outputs. Open-source and lightweight, it's the pattern patroller for analysts flagging buffer overflows in static sweeps.
Explore →Cppcheck
Cppcheck Cppcheck is the static C/C++ analyzer that detects memory leaks, null pointers, and style issues through abstract interpretation, running deep checks on large codebases without compilation. Compile from source or use pre-built binaries, scanning files for warnings with suppressions for false positives. Open-source and thorough, it's the code clinician for reverse engineers diagnosing defects in native binaries.
Explore →Infer
Infer Infer is Facebook's abstract interpretation engine for static analysis, uncovering null derefs and resource leaks in Java/Obj-C/C++ with interprocedural precision for scalable app reviews. Build from OCaml source, run on projects for buck-based scans, and review issues in HTML reports. Open-source and inference-smart, it's the predictive profiler for devs statically simulating runtime paths.
Explore →SpotBugs
SpotBugs SpotBugs is the successor to FindBugs, a static Java analyzer that detects 400+ bug patterns like thread races or infinite loops using bytecode scanning for IDE or CLI audits. Integrate via Maven plugins or standalone JAR, filtering detectors for focused runs on class files. Open-source and pattern-proven, it's the bug beacon for reverse engineers illuminating defects in JVM bytecode.
Explore →Clang Static Analyzer
Clang Static Analyzer Clang Static Analyzer is LLVM's built-in checker for C/C++/Obj-C, exploring symbolic paths to flag buffer overflows or use-after-free in compile-time scans without runtime overhead. Invoke via scan-build wrapper on makefiles, generating HTML reports with path traces for deep dives. Open-source and compiler-integrated, it's the path predictor for analysts foreseeing crashes in code flows.
Explore →PVS-Studio
PVS-Studio PVS-Studio is the commercial-yet-free-for-open-source static analyzer for C/C++/C# with 300+ diagnostics for concurrency bugs and dead code, integrating into VS or CLI for project scans. Run analyzer.exe on builds, reviewing warnings with suppression comments for iterative fixes. Trial-available and diagnostic-deep, it's the vigilant validator for reverse engineers probing multi-lang binaries.
Explore →Brakeman