Bandit alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

64

Alternative: pyelftools

Pyelftools is a Python library to parse ELF files and DWARF debugging information. It can be useful to perform dynamic binary analysis on files.

Project details

pyelftools is written in Python.

Strengths

  • + More than 25 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • binary analysis
  • malware analysis

pyelftools project page

64

Alternative: PyT (Python Taint)

Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.

Project details

PyT is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • code analysis

PyT project page

76

Alternative: uncompyle6

Uncompyle6 is a decompiler for Python-based software. It can be used for developers and security professionals to investigate software components.

Project details

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • binary analysis
  • code analysis

uncompyle6 project page

81

Alternative: Yosai

Yosai is security framework for Python applications and adds authentication, authorization, and session management capabilities.

Project details

Yosai is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • identity and access management

Yosai project page

74

Alternative: angr

Angr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.

Project details

angr is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • binary analysis
  • malware analysis

angr project page

93

Alternative: Brakeman

Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.

Project details

Brakeman is written in Ruby.

Strengths

  • + Commercial support available
  • + The source code of this software is available

Typical usage

  • code analysis

Brakeman project page

81

Alternative: Cppcheck

Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

52

Alternative: graudit

Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.

Project details

graudit is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • code analysis

graudit project page

64

Alternative: Jackhammer

Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.

The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

Project details

Jackhammer is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • collaboration
  • information sharing

Jackhammer project page

68

Alternative: yasca (Yet Another Source Code Analyzer)

Yasca is a tool to perform code analysis and linting. It can be used by developers and security professionals to evaluate the code quality.

Project details

yasca is written in PHP.

Strengths

  • + The source code of this software is available

Typical usage

  • code analysis

yasca project page