octopus - Security Analysis tool for WebAssembly module (wasm) and Blockchain Smart Contracts (BTC/ETH/NEO/EOS)

  •        63

Huge thanks to QuoScient for having sponsored this project. Octopus is a security analysis framework for WebAssembly module and Blockchain Smart Contract.

https://webassembly-security.com/
https://github.com/pventuzelo/octopus

Tags
Implementation
License
Platform

   




Related Projects

mythril-classic - Mythril Classic: Security analysis tool for Ethereum smart contracts

  •    Python

Mythril Classic is an open-source security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities. If you a smart contract developer who wants convenience and comprehensive results, you should be using MythX, our next-gen smart contract security API that integrates with Truffle Framework and other development environments.

mythril - Security analysis tool for Ethereum smart contracts

  •    Python

Mythril is a security analysis tool for Ethereum smart contracts. It uses concolic analysis, taint analysis and control flow checking to detect a variety of security vulnerabilities. See the Wiki for more detailed instructions.

porosity - *UNMAINTAINED* Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts

  •    C++

Ethereum is gaining a significant popularity in the blockchain community, mainly due to fact that it is design in a way that enables developers to write decentralized applications (Dapps) and smart-contract using blockchain technology. Ethereum blockchain is a consensus-based globally executed virtual machine, also referred as Ethereum Virtual Machine (EVM) by implemented its own micro-kernel supporting a handful number of instructions, its own stack, memory and storage. This enables the radical new concept of distributed applications.

manticore - Symbolic execution tool

  •    Python

Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Manticore is supported on Linux and requires Python 2.7. Ubuntu 16.04 is strongly recommended. Ethereum smart contract analysis requires the solc program in your $PATH.

solgraph - Visualize Solidity control flow for smart contract security analysis

  •    Javascript

Generates a DOT graph that visualizes function control flow of a Solidity contract and highlights potential security vulnerabilities.


bap - Binary Analysis Platform

  •    OCaml

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.

OpenZeppelin - A Framework to build secure smart contracts on Ethereum

  •    Javascript

OpenZeppelin is a library for writing secure Smart Contracts on Ethereum. With OpenZeppelin, you can build distributed applications, protocols and organizations. It is meant to provide secure, tested and audited code to enable the new generation of distributed applications, protocols and organizations. OpenZeppelin is a community effort to reduce the hurdle to develop and use them.

capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, EVM, M68K, M680X, Mips, PPC, Sparc, SystemZ, TMS320C64x, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell, Visual Basic)

  •    C

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).

Solium - Linter to identify and fix style & security issues in Solidity

  •    Javascript

Solium analyzes your Solidity code for style & security issues and fixes them. To know which lint rules Solium applies for you, see Style rules and Security rules.

oyente - An Analysis Tool for Smart Contracts

  •    Javascript

A container with the dependencies set up can be found here. Open a web browser to http://localhost:3000 for the graphical interface.

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

  •    Python

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research). ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.

Iterative Flow Analysis

  •    C++

IFA, Iterative Flow Analysis is a combined data-flow and control flow analysis. It is capable of resolving the concrete types (as opposed to the nominal or declared types) and the interprocedural call graph for statically or dynamically typed programs.

joy - A package for capturing and analyzing network flow data and intraflow data, for network research, forensics, and security monitoring

  •    C

Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture (pcap) files, using a flow-oriented model similar to that of IPFIX or Netflow, and then representing these data features in JSON. It also contains analysis tools that can be applied to these data files. Joy can be used to explore data at scale, especially security and threat-relevant data. JSON is used in order to make the output easily consumable by data analysis tools. While the JSON output files are somewhat verbose, they are reasonably small, and they respond well to compression.

binnavi - BinNavi is a binary analysis IDE that allows to inspect, navigate, edit and annotate control flow graphs and call graphs of disassembled code

  •    Java

Copyright 2011-2016 Google Inc.BinNavi is a binary analysis IDE - an environment that allows users to inspect, navigate, edit, and annotate control-flow-graphs of disassembled code, do the same for the callgraph of the executable, collect and combine execution traces, and generally keep track of analysis results among a group of analysts.

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

web3j - Connect Java and Android apps to the Ethereum blockchain

  •    Java

web3j is a lightweight, reactive, type safe Java and Android library for integrating with clients (nodes) on the Ethereum network. This allows you to work with the Ethereum blockchain, without the additional overhead of having to write your own integration code for the platform.

NFStream - A Flexible Network Data Analysis Framework

  •    Python

NFStream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments. NFStream extracts +90 flow features and can convert it directly to a pandas Dataframe or a CSV file.

polytracker - An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing

  •    C

PolyTracker is a tool originally created for the Automated Lexical Annotation and Navigation of Parsers, a backronym devised solely for the purpose of referring to it as The ALAN Parsers Project. However, it has evolved into a general purpose tool for efficiently performing data-flow and control-flow analysis of programs. PolyTracker is an LLVM pass that instruments programs to track which bytes of an input file are operated on by which functions. It outputs a database containing the data-flow information, as well as a runtime trace. PolyTracker also provides a Python library for interacting with and analyzing its output, as well as an interactive Python REPL. PolyTracker can be used in conjunction with PolyFile to automatically determine the semantic purpose of the functions in a parser. It also has an experimental feature capable of generating a context free grammar representing the language accepted by a parser.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.