PyT alternatives

Looking for a better tool, or simply want to learn about alternatives? There is typically more than one option.

Alternatives (by tag)

93

Alternative: Brakeman

Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.

Project details

Brakeman is written in Ruby.

Strengths

  • + Commercial support available
  • + The source code of this software is available

Typical usage

  • code analysis

Brakeman project page

81

Alternative: Cppcheck

Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

64

Alternative: graudit

Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.

Project details

graudit is written in shell script.

Strengths

  • + Used language is shell script
  • + The source code of this software is available

Typical usage

  • code analysis

graudit project page

64

Alternative: Jackhammer

Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.

The tool uses RBAC (Role Based Access Control) with different levels of access. Jackhammer uses several tools to do dynamic and static code analysis (e.g. for Java, Ruby, Python, and Nodejs). It checks also for vulnerabilities in libraries. Due to its modular architecture, it can use several scanners out of the box, with options to add your own.

The Jackhammer project was initially added to GitHub on the 8th of May, 2017.

Project details

Jackhammer is written in Ruby.

Strengths

  • + The source code of this software is available

Typical usage

  • collaboration
  • information sharing

Jackhammer project page

56

Alternative: Shellyzer

Shellyzer helps with static code analysis for both developers and security professionals, to test the quality of shell scripts. This is also known as linting.

Project details

Shellyzer is written in Python.

Strengths

  • + The source code of this software is available

Weaknesses

  • - Unknown project license

Typical usage

  • code analysis

Shellyzer project page

68

Alternative: Bandit

Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.

64

Alternative: pyelftools

Pyelftools is a Python library to parse ELF files and DWARF debugging information. It can be useful to perform dynamic binary analysis on files.

Project details

pyelftools is written in Python.

Strengths

  • + More than 25 contributors
  • + More than 500 GitHub stars
  • + The source code of this software is available

Typical usage

  • binary analysis
  • malware analysis

pyelftools project page

68

Alternative: uncompyle6

Uncompyle6 is a decompiler for Python-based software. It can be used for developers and security professionals to investigate software components.

Project details

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Typical usage

  • binary analysis
  • code analysis

uncompyle6 project page

81

Alternative: Yosai

Yosai is security framework for Python applications and adds authentication, authorization, and session management capabilities.

Project details

Yosai is written in Python.

Strengths

  • + The source code of this software is available

Typical usage

  • identity and access management

Yosai project page

74

Alternative: angr

Angr is a security tool written in Python to allow analyzing binaries. It provides a combination of static and dynamic analysis.

Project details

angr is written in Python.

Strengths

  • + More than 50 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Typical usage

  • binary analysis
  • malware analysis

angr project page

68

Alternative: yasca (Yet Another Source Code Analyzer)

Yasca is a tool to perform code analysis and linting. It can be used by developers and security professionals to evaluate the code quality.

Project details

yasca is written in PHP.

Strengths

  • + The source code of this software is available

Typical usage

  • code analysis

yasca project page