FlowDroid
FlowDroid Static Data Flow Trackerphasar
A LLVM-based static analysis framework.DroidBench
A micro-benchmark suite to assess the stability of taint-analysis tools for AndroidSuSi
SuSi - our tool to automatically discover sources and sinks in the Android frameworktamiflex
TamiFlex facilitates static analysis of programs that use reflection and custom class loadersPointerBench
A points-to and alias analysis benchmark suiteCOVA
COVA - A static analysis tool to compute path conditionsTypeEvalPy
A Micro-benchmarking Framework for Python Type Inference Toolsboomerang
Boomerang is a on-demand context and flow-sensitive pointer analysis for Java.swan
Security methods for WeAkNess detectionsootdiff
SootDiff - Bytecode Comparison Across Different Java CompilersDroidForce
DroidForce Project Repository. See our ARES'2014 paper for the details on DroidForce.SootFX
A Static Code Feature Extraction Tool for Java and Androidsecucheck
Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.authcheck
Analysis for access-control vulnerabilities in Java Spring Security applications.SPLlift
Jimple-Interpreter
Soot based Jimple interpreterHeaderGen
HeaderGen annotates Jupyter notebooks using static analysis. Improves PyCG's call graph analysis by supporting external libraries and flow-sensitivity.SPDS-experiments
secucheck-core
Taint Analysis on top of Soot.ideal
IDE/AL - Alias-Aware Framework for Interprocedural Dataflow Analysisandroid-instrumentation-tutorial
denial-of-app-attack
Denial-Of-App Attackcheetah
Eclipse plugin for a JIT taint analysisopcua-scanner
An opcua client scanning for servers in a networkrose
Research Tool for Online Social Environmentsupcy
UpCy automatically finds compatible updates for Maven dependencies.achilles-benchmark-depscanners
Achilles - Benchmark for assessing OSS-Vulnerability Scanners 59PathExpression
An implementation of Tarjan's PathExpression algorithmSparseBoomerang
Sparse Demand-Driven Pointer Analysisjadx-taintdoc
Jadx extended to ease documentation of taint flowsneck
spring-petclinic-kotlin
Vulnerable version of the Spring PetClinic application in Kotlincards
Component-based Assumptions and Restrictions for Dataflow SpecificationsFlowStar
Common base project for taint analyses such as FlowDroid et al.modguard
soot-infoflow-testgenerator
Test case generator for FlowDroidtamiflex.benchmarks
Automatically exported from code.google.com/p/tamiflex.benchmarksTS4J
A fluent interface for defining and computing typestate analysescrimestop
visuflow
VisuFlow - An Eclipse plugin that helps static code developers in writing static analyses on top of Soot.ivy
CogniCrypt-IntelliJ
Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android StudioSparseIDE
Sparse IDE/IFDS solver and client implementationpaper-idesolverxx
Supplementary website for the paper "Scaling Interprocedural Static Data-Flow Analysis to Large C/C++ Applications"Love Open Source and this site? Check out how you can help us