This repository lists dynamic analysis tools for all programming languages, build tools, config files and more.
The official website, analysis-tools.dev is based on this repository and adds rankings and user comments for each tool.
Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor. — Wikipedia
This project would not be possible without the generous support of our sponsors.
If you also want to support this project, head over to our Github sponsors page.
- ©️ stands for proprietary software. All other tools are Open Source.
- ℹ️ indicates that the community does not recommend to use this tool for new projects anymore. The icon links to the discussion issue.
⚠️ means that this tool was not updated for more than 6 months, or the repo was archived.
Pull requests are very welcome!
Also check out the sister project, awesome-static-analysis.
- angr - Platform agnostic binary analysis framework from UCSB.
- TRITON - Dynamic Binary Analysis for x86 binaries.
- DynamoRIO - is a runtime code manipulation system that supports code transformations on any part of a program, while it executes.
- Pin Tools - A dynamic binary instrumentation tool and a platform for creating analysis tools.
- KLEE - Symbolic virtual machine built on top of the LLVM compiler infrastructure.
- tis-interpreter - An interpreter for finding subtle bugs in programs written in standard C
- Valgrind - An instrumentation framework for building dynamic analysis tools
- LDRA ©️ - a tool suite incuding dynamic analysis and test to various standards can ensure test coverage to 100% op-code, branch & decsion coverage.
- LLVM/Clang Sanitizers
- AddressSanitizer - A memory error detector for C/C++
- MemorySanitizer - A detector of uninitialized memory reads in C/C++ programs.
- ThreadSanitizer - A data race detector for C/C++
- Java PathFinder - An extensible software model checking framework for Java bytecode programs.
- Parasoft Jtest ©️ - Jtest is an automated Java software testing and static analysis product that is made by Parasoft. The product includes technology for Data-flow analysis Unit test-case generation and execution, static analysis, regression testing, code coverage, and runtime error detection.
- typo - Runtime Type Checking for Python 3
- Microsoft IntelliTest - Generate a candidate suite of tests for your .NET code.
- Pex and Moles - Pex automatically generates test suites with high code coverage using automated white box analysis.
- stuck - provides a visualization for quickly identifying common bottlenecks in running, asynchronous, and concurrent applications.
- VB Watch ©️ - Profiler, Protector and Debugger for VB6. Profiler measures performance and test coverage. Protector implements robust error handling. Debugger helps monitor your executables.
- AppScan Standard ©️ - HCL's AppScan is a dynamic application security testing suite (previously by IBM).
- Code Pulse - Code Pulse is a free real-time code coverage tool for penetration testing activities by OWASP and Code Dx (GitHub).
- Gcov - GNU source code coverage program. Code coverage tool and profiling tool which is part of the GCC. Supports C, C++, Fortran.
- Minded Security BlueClosure ©️ - Dynamic web application security scanner. It uses dynamic data tainting in order to understand if a DOM XSS is exploitable and uses the browser JavaScript engine for understanding the code.
- WhiteHat Sentinel Dynamic ©️ - Part of the WhiteHat Application Security Platform. Dynamic application security scanner that covers the OWASP Top 10.
To the extent possible under law, Matthias Endler has waived all copyright and related or neighboring rights to this work.
Logo designed by Freepik