Bandit alternatives

Analysis of source code helps to find programming flaws including those that can lead to software vulnerabilities. Graudit helps to uncover these by searching through the files and discover possible flaws. The tool supports languages like ASP, C, Perl, PHP, Python, and others.

Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. The scan is performed on the so-called abstract syntax tree (AST). Gosec checks for common flaws that may be part of the selected project.

Yosai is a security framework for Python applications and adds authentication, authorization, and session management capabilities. Features include Role-Based Access Control (RBAC), two-factor authentication, and Time-based One-Time Passwords (TOTP). Besides a focus on the authentication and authorization, Yosai enables an audit trail of all relevant events.

As each framework comes with some overhead, Yosai aims to leverage caching and serialization where possible.

Tools like angr are great for performing in-depth analysis of binaries. This could be the analysis of an unknown binary, like a collected malware sample.

When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.

Shellharden helps to detect flaws in shell scripts that may result in vulnerabilities. While being similar to Shellcheck, this tool can apply the suggested changes to a shell script.

Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.

The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

Shell scripts are easy to create and often used by system administrator and developers. Although the language is fairly easy, there is a good number of best practices when creating them. Tools like Shellyzer can help auditing these scripts and improve the code or discover vulnerabilities.

This toolkit is used by other software, or standalone. Its main purpose is to parse binary ELF files and DWARF debugging information. This can be useful during malware analysis or troubleshooting issues with programs.

A decompiler like uncompyle6 can be used to investigate Python-based software components that are compiled. These files can be recognized by their .pyc file extension.

This tool has been written as several other decompilers were no longer maintained. So far this software seems to have a good number of contributors and regular updates.

Gauntlt allows you to run different attacks on your code with the goal to build better software and withstand the biggest threats in existence.