🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

An extremely fast Python linter and code formatter, written in Rust.

ShellCheck, a static analysis tool for shell scripts

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

A tool to enforce Swift style and conventions.

Local-first code intelligence graph for MCP and CLI. Builds a persistent map of your codebase so AI coding tools read only what matters, with benchmarked context reductions on reviews and large-repo workflows.

A PHP parser written in PHP

A static analyzer for Java, C, C++, and Objective-C

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

⚡A CLI tool for code structural search, lint and rewriting. Written in Rust

PHP Static Analysis Tool - discover bugs in your code without running it!

Defund the Police.

A tool to automatically fix PHP Coding Standards issues

Useful CMake Examples

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

A vulnerability scanner for container images and filesystems

Dockerfile linter, validate inline bash, written in Haskell

Vulnerability Static Analysis for Containers