The SAMATE Project Department of Homeland Security

Binary Code Scanners

From SAMATE

Static binary code scanners are used like Source Code Security Analyzers, however they detect vulnerabilities through disassembly and pattern recognition. One advantage that binary code scanners have over source code scanners is the ability to look at the compiled result and factor in any vulnerabilities created by the compiler itself. Furthermore, library function code or other code delivered only as a binary can be examined.

We are currently working on understanding the state of the art. It has been hard to find commercially available binary code scanners that strictly fit into our definition of this class of tool. The following instances also include tools that assist in performing binary analysis and service providers that perform binary analysis.

Some Instances

DISCLAIMER: Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology (NIST), nor does it imply that the products are necessarily the best available for the purpose.

By selecting almost any of these links, you will be leaving NIST webspace. We provide these links because they may have information of interest to you. No inferences should be drawn because some sites are referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the assertions presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites.

Please contact us if you think something should be included. If it has all the characteristics of the tool, techniques, etc., we will be happy to add it. You can contact us at .

Many Java tools are Byte Code Scanners.

ToolLanguageAvail. CCR Finds or Checks for       as of      
BugScam app binaries .EXE or .DLL files SourceForge This a package of IDC scripts for IDA Pro to look for common programming flaws. 8 May 2003
CodeSurfer/x86 x86 executables Grammatech A prototype system from joint research by the University of Wisconsin and GrammaTech to provide a platform for an analyst to understand the workings of COTS components, plugins, mobile code, and DLLs, as well as memory snapshots. CodeSurfer is a source code anaylyzer. 2005
IDA Pro Window/Linux excutables DataRescue A disassembler/debugger that can be used to analyze security issues in binary code. 31 Jan 2008
Logiscan J2EE, MIPS and SPARC binaries, as well as existing Intel x86 support LogicLab Weaknesses such as buffer overflows, SQL injection and cross-site scripting can be discovered . It also offers suggestions for appropriate security remediation via its built-in training for secure coding. Formerly BugScan. 2005
SecurityReview
(Note: web service, not an installed tool) 		Excutable of C, C++, C#, Java Veracode Automated static binary and dynamic web application analyses to identify software flaws and vulnerabilities, absence of security features, and malcode including backdoors and other unintended functionality. 24 Jun 2011
Vine x86 executables BitBlaze Vine is a component of UC Berkeley's research project BitBlaze. It provides an intermediate language (ILA) that x86 code can be translated to. It also provides analysis on the ILA, such as abstract interpretation, dependency analysis, and logical analysis via interfaces with theorem provers. 20 Jan 2008
CAT.NET x86 executables Microsoft A binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. 30 Dec 2009
Retrieved from "http://samate.nist.gov/index.php/Binary_Code_Scanners"