Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Binary Code Scanners

[SAMATE Home | IntrO TO SAMATE | SARD | SATE | Bugs Framework | Publications | Tool Survey | Resources]

Static binary code scanners are used like Source Code Security Analyzers, however they detect vulnerabilities through disassembly and pattern recognition. One advantage that binary code scanners have over source code scanners is the ability to look at the compiled result and factor in any vulnerabilities created by the compiler itself. Furthermore, library function code or other code delivered only as a binary can be examined.

We are currently working on understanding the state of the art. It has been hard to find commercially available binary code scanners that strictly fit into our definition of this class of tool. The following instances also include tools that assist in performing binary analysis and service providers that perform binary analysis.

Some Instances 

DISCLAIMER: Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology (NIST), nor does it imply that the products are necessarily the best available for the purpose.

By selecting almost any of these links, you will be leaving NIST webspace. We provide these links because they may have information of interest to you. No inferences should be drawn because some sites are referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the assertions presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites.

Please contact us if you think something should be included. If it has all the characteristics of the tool, techniques, etc., we will be happy to add it. You can contact us at samate(at)nist(dot)gov.

Many Java tools are Byte Code Scanners.

ToolLanguageAvail.CCRFinds or Checks for      as of      
BAPx86 executablesCarnegie Mellon University Binary Analysis Platform is designed to facilitate binary program analysis by reducing complex instruction sets to a formally specified intermediate language (BIL). BAP is a rewrite of Vine.22 Oct 2014
BlackBerry JarvisNative embedded software packages developed to run on multiple CPU architectures (including ARM, x86, Power, MIPS, SH, Sparc, Infineon Tricore, Renasas V850, RH850 etc.), written in C, C++, Assembly and JavaBlackBerry Security weaknesses, including coding violations, information leakage, insecure API usage, etc. Also identifies security vulnerabilities (CVEs) in open-source components.Nov 2021
BugProveFull support for Linux-based platforms, in the following architectures for the binary scans: ARM, ARM64, MIPS32, MIPS64, PPC32, PPC64, PPC64LE, x86. Firmware analysis only is also available for SH, RISCV, SPARC, S390, SPARCV9, SPARC32PLUS, M68K. Languages: C, C++, assembly.BugProve Binary scans are looking for misconfigurations, weak cryptographic parameters, and most importantly, specific memory corruption vulnerabilities, such as buffer overflows and command injections. When analyzing firmware, also check each binary for unsafe calls (system, strcpy, strcat, mmap, sptrintf, fprintf) and hardening status flags.Oct 2023
BugScamapp binaries .EXE or .DLL filesSourceForge This a package of IDC scripts for IDA Pro to look for common programming flaws.8 May 2003
CAT.NETx86 executablesMicrosoft A binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.30 Dec 2009
CodeSonar for BinariesIntel, Arm and PowerPC instruction set architecturesGrammaTech Buffer Overruns / Underruns, Command Injection Vulnerabilities, Deadlocks, Divisions By Zero, Double Frees, File System Race Conditions, Frees of Non-Heap Variables, Frees of Null Pointers, High Risk Loops, Integer Overflows, Null Pointer Dereferences, Resource Leaks, Shift Amounts, Exceeds Width, SQL Injection Vulnerabilities, Unreasonable Size Arguments, Uses After Close/Free, Unsafe Format Strings, etc.Oct 2021
esReverseSupports ARM 32/64, Intel x86, x64, and RISC-V architectures. Supports at kernel level: Windows, Linux and Android (AOSP). iOS support coming soon.eShard Binary security analysis tool that uses emulation of the target architecture the firmware or software runs on. Decompiles to assembly and generates C source code for static checks. Includes integrations with Ghidra and IDA for source code checks. Also includes various dynamic analysis and stress testing techniques. Finds crashes and deviations from expected behavior.June 2024
IDA ProWindows/Linux excutablesDataRescue A disassembler/debugger that can be used to analyze security issues in binary code.31 Jan 2008
SAST 
(Note: web service, not an installed tool)
Java, C#, VB.net, ASP.net (C# or VB.net), C, C++, JS (ng.js and node), PHP, Scala, Ruby on Rails, ASP Classic, Coldfusion (compiled as Java), Perl, Python, Android/Dalvik, iOS (xcode 4.4-8.x llvm), Xamarin, Cordova/PhoneGap, Titanium, COBOL, RPG, VBVeracode Automated static binary analyses to identify software flaws and vulnerabilities, absence of security features, and malware including backdoors and other unintended functionality.June 2017
Created March 23, 2021, Updated July 25, 2024