Alternatives to Grammatech Proteus
Compare Grammatech Proteus alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Grammatech Proteus in 2026. Compare features, ratings, user reviews, pricing, and more from Grammatech Proteus competitors and alternatives in order to make an informed decision for your business.
-
1
Sahi Pro
Tyto Software Pvt Ltd
Sahi Pro is a no-code test automation tool for web, desktop, mobile, and SAP applications. Sahi Pro empowers business testers and automation engineers to streamline their test automation processes. Sahi Pro reduces the time, effort, and complexity involved in test automation, making it an ideal choice for various domains including automobile, healthcare and BFSI. Features: 1. Non-flaky Test Execution - For reliable test results and reduced time wastage in analysis of false-positives or false-negatives. 2. Supports Multiple Technologies - Achieve end to end automation across technologies. 3. No-code Automation - Enable non-technical business testers to automate. 4. Integrations - Integrate and work with your existing ecosystem. Testers using Sahi Pro easily automate complex tests without writing code. With Sahi Pro, you can achieve faster release cycles, improved software quality, & reduced costs. Our customers love Sahi Pro for its speed, flexibility, and ease of use.Starting Price: $1499/year/user -
2
Proteus
Xergy
Proteus is the complete project management software built by energy experts for the energy sector. Proteus brings pre-project planning, winning business, resource management, project management, collaboration, project financials, and business intelligence into one integrated solution. Proteus moves companies in oil and gas and renewables away from a fixed cost model to an on-demand model, crucial to staying competitive in a low margin environment. Move faster, win more business, deliver more projects and keep work simplified. Proteus brings everything together in one single view: clients, proposals, projects, invoicing, documents, inventory, and more- all in one place on a centralized platform. Proteus dramatically improves efficiency by improving the way margins are managed, resulting in cost savings to allow your company to scale and grow. Maximize value across the project lifecycle. Get better visibility, better control, better consistency and better productivity.Starting Price: $35 per user per month -
3
Troy
BigBear.ai
Troy is an AI-powered, machine-assisted binary analysis platform developed by BigBear.ai to enhance cybersecurity vulnerability assessment and testing. It automates the process of binary reverse engineering, providing better visibility into the code running on sensors and devices. By intelligently automating common tools and techniques, Troy extracts significant data and produces unique insights, accelerating the identification of software vulnerabilities. A key feature of Troy is its ability to generate a reverse Software Bill of Materials (SBOM) for binaries lacking available source code, reducing manual labor and increasing analysis speed. The platform's modular and customizable design allows for the integration of new tools, techniques, and AI-backed analysis into expanding workflows, offering a scalable and flexible framework for cybersecurity professionals. -
4
ObjectSecurity BinLens
ObjectSecurity
Conventional cybersecurity approaches are insufficient to protect today’s IT/OT/ICS software and devices. SBOM generation is limited to detecting only known vulnerabilities in published software. Source code analysis and static application security testing (SAST) produce too many false-positives, slowing down remediation. Network scanning fails in cases where devices are not connected to the network. Unlock deeper security insights with BinLens™— your all-in-one solution for advanced binary analysis. BinLens™ (formerly ObjectSecurity OT.AI Platform) uses an integrated approach, combining multiple techniques to uncover potential zero-days with unmatched precision. Powered by automated symbolic execution, it excels at detecting memory-safety violations and other undefined behaviors in binary programs, delivering a dramatically lower false-positive rate than competing tools. BinLens™ automates key manual reverse engineering tasks like static analysis, disassembly, and decompilation. -
5
afl-unicorn
Battelle
afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine. If you can emulate the code you’re interested in using the Unicorn Engine, you can fuzz it with afl-unicorn. Unicorn Mode works by implementing the block-edge instrumentation that AFL’s QEMU mode normally does into Unicorn Engine. Basically, AFL will use block coverage information from any emulated code snippet to drive its input generation. The whole idea revolves around the proper construction of a Unicorn-based test harness. The Unicorn-based test harness loads the target code, sets up the initial state, and loads in data mutated by AFL from disk. The test harness then emulates the target binary code, and if it detects that a crash or error occurred it throws a signal. AFL will do all its normal stuff, but it’s actually fuzzing the emulated target binary code. Only tested on Ubuntu 16.04 LTS, but it should work smoothly with any OS capable of running both AFL and Unicorn.Starting Price: Free -
6
Binarly
Binarly
Detect and remediate known and unknown vulnerabilities at every step of the device and software supply chain. That's why, instead of merely mapping binaries to a list of known vulnerabilities, we go beneath the surface to understand how the code executes, enabling us to detect defects, not just the binaries. This approach allows Binarly to identify entire classes of defects, beyond just known issues, and to do so more rapidly with near-zero false positives. Identifying known and previously unknown vulnerabilities and malicious behavior – not just hashes or signature matching. Extending insight beyond the CVE, showing which vulnerabilities exist at the binary level. Reducing alert fatigue through the use of machine learning to achieve near-zero false positives. -
7
osquery
osquery
osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. Frequently, attackers will leave a malicious process running but delete the original binary on disk. This query returns any process whose original binary has been deleted, which could be an indicator of a suspicious process. Our build infrastructure ensures that newly introduced code is benchmarked and tested. We perform continuous testing for memory leaks, thread safety, and binary reproducibility on all supported platforms.Starting Price: Free -
8
PROTEUS 420
PROTEUS 420
Since 2008, PROTEUS 420’s intuitive and adaptive ERP system has been delivering real-time data and business operational software to the cannabis industry. PROTEUS 420 is the ONLY single-source cannabis business software solution for Cultivation – Manufacturing – Distribution – Retail/POS – Delivery – Business Intelligence, and everything in between. Built for you and built to scale, our solution is tested, trusted, and industry-approved by operators in every legal marketplace. PROTEUS 420 is your technology partner through all stages of growth. Supporting all state reporting across legal states. Validated metrc integrator for over 12 years! PROTEUS 420 is Peace of Mind for your cannabis business.Starting Price: $450 per month -
9
american fuzzy lop
Google
American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor or resource-intensive testing regimes down the road. Compared to other instrumented fuzzers, afl-fuzz is designed to be practical, it has a modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases, say, common image parsing or file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.Starting Price: Free -
10
Enghouse Proteus
Enghouse Networks
The ability to monitor and manage the cost of communications across a company is essential to obtaining the right balance between expenditure and the business benefits that come from today’s complex unified communications systems. Proteus, from Enghouse Interactive, is an advanced call accounting application, designed to provide small, medium and large corporations with detailed analysis of your communications systems. From cost management to network management and planning, Proteus helps identify cost savings and productivity improvements that help to maximize your investment in your communications systems. Designed for the medium to large corporate market, Proteus Enterprise is an advanced, scalable, call accounting application that provides a detailed analysis of all of your company’s communications. -
11
Black Duck's Mobile Application Security Testing (MAST) service offers on-demand assessments designed to address the unique security risks of mobile applications. It enables detailed analysis of client-side code, server-side code, and third-party libraries, identifying vulnerabilities even without requiring access to source code. Combining proprietary static and dynamic analysis tools, MAST provides two levels of testing depth: Standard, which integrates automated and manual analysis to detect vulnerabilities in application binaries, and Comprehensive, which adds extended manual testing to uncover issues in both mobile application binaries and their server-side functionalities. This flexible and thorough approach helps organizations reduce the risk of breaches and ensure the security of their mobile application ecosystems.
-
12
Mayhem
ForAllSecure
Advanced fuzzing solution that combines guided fuzzing with symbolic execution, a patented technology from CMU. Mayhem is an advanced fuzz testing solution that dramatically reduces manual testing efforts with autonomous defect detection and validation. Deliver safe, secure, reliable software with less time, cost, and effort. Mayhem’s unique advantage is in its ability to acquire intelligence of its targets over time. As Mayhem’s knowledge grows, it deepens its analysis and maximizes its code coverage. All reported vulnerabilities are exploitable, confirmed risks. Mayhem guides remediation efforts with in-depth system level information, such as backtraces, memory logs, and register state, expediting issue diagnosis and fixes. Mayhem utilizes target feedback to custom generate test cases on the fly -- meaning no manual test case generation required. Mayhem offers access to all of its test cases to make regression testing effortless and continuous. -
13
go-fuzz
dvyukov
Go-fuzz is a coverage-guided fuzzing solution for testing Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary) and is especially useful for hardening systems that parse inputs from potentially malicious users (anything accepted over a network). go-fuzz has recently added preliminary support for fuzzing Go Modules. If you encounter a problem with modules, please file an issue with details. Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase the priority of the given input during subsequent fuzzing if the input must not be added to the corpus even if it gives new coverage, and 0 otherwise; other values are reserved for future use. The fuzz function must be in a package that go-fuzz can import. This means the code you want to test can't be in package main. Fuzzing internal packages is supported, however.Starting Price: Free -
14
Insignary Clarity
Insignary
Insignary Clarity is a specialized software composition analysis solution that helps customers gain visibility into the binary code they use by identifying known, preventable security vulnerabilities, while also highlighting potential license compliance issues. It uses unique fingerprint-based technology, which works on the binary-level without the need for source code or reverse engineering. Unlike checksum and hash-based binary code scanners, which are constrained by limited databases of pre-compiled binaries of the most commonly used open source components, Clarity is independent of compile times and CPU architectures. This makes it easy for software developers, value added resellers, systems integrators and security MSPs overseeing software deployments to take proper, preventive action before product delivery. Insignary, the global leader in binary-level, open source software security and compliance, is a venture-backed startup, headquartered in South Korea. -
15
Santoku
Santoku
Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform. Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more. Scripts to detect common issues in mobile applications. Utilities to simulate network services for dynamic analysis. Useful scripts and utilities specifically designed for mobile forensics. Firmware flashing tools for multiple manufacturers. GUI tools for easy deployment and control of mobile apps. -
16
Rocket z/Assure VAP
Rocket Software
Rocket z/Assure Vulnerability Analysis Program (VAP) is a specialized mainframe security solution that scans and analyzes vulnerabilities in IBM z/OS operating system code to help organizations identify, assess, track, and mitigate security risks that could expose critical data. Unlike traditional vulnerability tools that focus on application layers, z/Assure VAP conducts thorough and precise binary code scanning at the OS level to detect zero-day and integrity-based vulnerabilities without relying on signature files, using an Interactive Application Security Testing (IAST)-style approach to pinpoint real weaknesses and guide developers to the exact code requiring remediation. It generates detailed vulnerability disclosure reports that provide actionable insights and clear paths to fix issues, enabling teams to prioritize risk, strengthen defenses, and make mainframe vulnerability management a repeatable part of IT security and compliance programs. -
17
Jazzer
Code Intelligence
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. You can use Docker to try out Jazzer's autofuzz mode, which automatically generates arguments to a given Java function and reports unexpected exceptions and detected security issues. You can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing.Starting Price: Free -
18
Proteus GDPReady
Proteus-Cyber
Proteus® GDPReady™ is an itteration of Proteus® NextGen Data Privacy™ and uses the same code set. If you are only interested in GDPR then we simply deliver Proteus® NextGen configured to show only the functionality required for GDPR: Comprehensive view of where Personal Identifiable Information (PII) resides in your organisation - Scored readiness evaluation and graphical illustration of compliance gaps - Roadmap for compliance with recommendations for immediate action - Insights to start building a robust data protection framework and inform your future technology choices - Helps meet the regulation requirements at a reduced cost and potentially huge fines mitigated, not to mention reputational damage averted - Snapshot of legal landscape and your potential exposure - Easy, fast breach reporting - Vendor risk management for audits To see the full capabilities of Proteus NextGen Data Privacy see here https://sourceforge.net/software/product/Proteus-NextGen-Data-Privacy/ -
19
ProteusCMS
Proteus.co
Proteus is a content and data management platform to power your customer and business driving websites. If your needs are a simple "brochure website" then we are not a fit. The perfect client for ProteusCMS is a business who leverages its website to grow the business including lead generation, intranets, extranets, online tools, workflow management, thought leadership, data gathering, custom databases, and highly-dynamic customer experiences. With over 15 years of web experience and proven technology, Proteus partners with you to execute the technical needs of your website experience. This experience combined with the Proteus Platform of comprehensive digital and content management tools which allows your businesses to respond to the ever-changing customer needs. Proteus’s SmartInnovation process helps guide the client through the complex process of product validation, design, implementation, and scaling. Our proven process has helped leading Fortune 500 clients and emerging startups. -
20
Proteus WMS
Sanderson
Proteus WMS is intelligent warehouse management software (or WMS) designed to help your business operate more efficiently. Although all warehouses share much in common, each one is individual in the way it works, with different processes and priorities. That’s why our specialist, best of breed software is highly flexible, to shape and match the precise requirements of your warehouse operation. By automating your business processes and tasks, Proteus WMS replaces slow, out-dated or even paper-based systems that impede growth, with a powerful system tailored to your business needs. This will eliminate potential for human error, increase efficiency, optimize resources, improve productivity and drive down costs. Our philosophy is to deliver not just a system, but a long-term solution. Proteus WMS is highly intuitive, it is easy to learn and use. This means we can train your team to manage your system going forward. -
21
Binary Ninja
Binary Ninja
Binary Ninja is an interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, and Linux. Disassemble executables and libraries from multiple formats, platforms, and architectures. Decompile code to C or BNIL for any supported architecture, including your own. Automate analysis with C++, Python, and Rust APIs from inside or outside the UI. Visualize control flow and navigate through cross-references interactively. Name variables and functions, apply types, create structures, and add comments. Collaborate effortlessly with synchronized commits using our Enterprise product. Our built-in decompiler works with all of our officially supported architectures at one price and builds on a powerful family of ILs called BNIL. In fact, not just our architectures, but even community architectures can produce amazing decompilation.Starting Price: $299 one-time payment -
22
ProteusEngage
Proteus
The ProteusEngage sales enablement platform was designed by sales industry leaders who struggled with complex new business development and current client cross-sell success. ProteusEngage is different from any other sales enablement platform on the market as we leverage a buyer first methodology powered by proven buyer engagement Journeys, Modules and Analytics. ProteusEngage's one of a kind proven Workspaces drive engagement, collaboration, consistency and communication - driving relationships and revenue success. Stop having your sales team sling out as many brochures and ppt's as they can. Adopt the approach your buyers and clients desire - real consultative and authentic relationships on their terms. ProteusEngage empowers sales and account teams to build highly collaborative digital workspaces to maintain real relationships via communication, collaboration and trust development - digitally. -
23
Awesome Fuzzing
secfigo
Awesome Fuzzing is a list of fuzzing resources including books, courses, both free and paid, videos, tools, tutorials, and vulnerable applications to practice in order to learn fuzzing and initial phases of exploit development like root cause analysis. Courses/training videos on fuzzing, videos talking about fuzzing techniques, tools, and best practices. Conference talks and tutorials, blogs, tools that help in fuzzing applications, and fuzzers that help in fuzzing applications that use network-based protocols like HTTP, SSH, SMTP, etc. Search and pick the exploits, that have respective apps available for download, and reproduce the exploit by using the fuzzer of your choice. Set of tests for fuzzing engines. Includes different well-known bugs. A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.Starting Price: Free -
24
CodeSentry
CodeSecure
CodeSentry is a Binary Composition Analysis (BCA) tool designed to provide detailed insights into the components of binaries, including open-source software, firmware, and containers. It helps identify vulnerabilities within these components by generating Software Bill of Materials (SBOMs) in formats like SPDX and CycloneDX. By mapping components to a comprehensive vulnerability database, CodeSentry enables organizations to mitigate risks and improve software security. It is effective for both pre-production analysis and post-production monitoring, allowing teams to track vulnerabilities throughout the software lifecycle. The tool is flexible in deployment, supporting SaaS and on-premise configurations. -
25
BugProve
BugProve
Founded by former security researchers, BugProve offers an automated firmware analysis platform. - Swift Results: Upload firmware, and get a security report in 5 mins. - Supply Chain Risk Management: Identify components and vulnerabilities with optional CVE monitoring for compliance. - Zero-day Engine: Detect memory corruption vulnerabilities before exploits happen. - All-in-One Hub: Easily access reevaluations, comparisons, and updates in a user-friendly format. - Effortless Sharing: Share findings via live links or export as PDFs for simple reporting. - Accelerated Testing: Save weeks in pentesting, focus on in-depth discoveries, and launch more secure products. - No Source Code Needed: Run checks directly on firmware, including static/dynamic analysis, multi-binary taint analysis, and more. Skeptical? Sign up with our Free Plan and check it yourself, no commitment required.Starting Price: $700/month -
26
beSTORM
Beyond Security (Fortra)
Discover code weaknesses and certify the security strength of any product without access to source code. Test any protocol or hardware with beSTORM, even those used in IoT, process control, CANbus compatible automotive and aerospace. Realtime fuzzing, doesn’t need access to the source code, no cases to download. One platform, one GUI to learn, with over 250+ prebuilt protocol testing modules and the ability to add custom and proprietary ones. Find the security weaknesses before deployment that are most often discovered by external actors after release. Certify vendor components and your own applications in your own testing center. Self-learning software module and propriety software testing. Customization and scalability for any business sizes up or down. Automatically generate and deliver near-infinite attack vectors and document any product failures. Record every pass/fail and hand engineering the exact command that produced each fail.Starting Price: $50,000.00/one-time -
27
Peach Fuzzer
Peach Tech
Peach is a SmartFuzzer that is capable of performing both generation and mutation-based fuzzing. Peach requires the creation of Peach Pit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (publisher), logging interface, etc. Peach has been under active development since 2004 and is in its third major version. Fuzzing continues to be the fastest way to find security issues and test for bugs. Effective hardware fuzzing with Peach will introduce students to the fundamentals of device fuzzing. Peach was designed to fuzz any type of data consumer from servers to embedded devices. Researchers, corporations, and governments already use Peach to find vulnerabilities in hardware. This course will focus on using Peach to target embedded devices and collect information from the device in the event of a crash.Starting Price: Free -
28
Sonatype Intelligence
Sonatype
Sonatype Intelligence provides a powerful platform for managing open-source security risks with advanced tools for vulnerability identification and remediation. It uses cutting-edge technology like Advanced Binary Fingerprinting (ABF) to scan deployed applications for embedded third-party components, minimizing false positives. Sonatype Intelligence goes beyond public data sources, continuously monitoring GitHub commits, advisory sites, and vulnerability databases to offer real-time insights into emerging threats. With expert-curated guidance for developers, it helps teams quickly identify and fix vulnerabilities, ensuring the security of their open-source components and enhancing their software supply chain security. -
29
Echidna
Crytic
Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases. Generates inputs tailored to your actual code. Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Interactive terminal UI, text-only or JSON output. Automatic test case minimization for quick triage. Seamless integration into the development workflow. Maximum gas usage reporting of the fuzzing campaign. Support for a complex contract initialization with Etheno and Truffle.Starting Price: Free -
30
Perfecto
Perforce
Perfecto Is the Leading Testing Platform for Web & Mobile Apps. We believe your apps should perform no matter what. With Perfecto’s cloud-based solution, you can boost test coverage for fewer escaped defects while accelerating testing. From creation to execution and analysis, Perfecto has a proven, unified solution for your web and mobile testing needs. Test in your CI instead of the end of the cycle, and identify real failures quickly with false-negative filtering. Align platform and scenario test coverage with your actual users. Test failure analysis provides real test failure reasons. Heatmaps, test reports, and CI dashboards give you fast feedback. Get the most comprehensive rich test artifacts on the market, like crash logs, screenshots, and HAR files. Get visual validation for a side-by-side comparison across platforms. Eliminate bug reproduction time. Fix defects from your IDE. Integrate fully with Jira for full test management.Starting Price: $99.00/month -
31
Proteus
Labcenter Electronics Limited
We started developing Proteus way back in the days of MS-DOS. Over 30 years of constant development later we're proud to offer one of the most productive and cost effective PCB tools on the market. Our philosophy has always been one of continuous improvement and innovation resulting in a modern software suite packed full of powerful, time-saving features to help you design PCBs faster. Purchasing Proteus is the start - not the end - of a successful business relationship. Included with the cost of the software comes a world class technical support service. After each professional purchase one of our team will introduce themselves as your technical support point of contact. This gives you an easy way to ask questions and direct access to Labcenter support. We may not be able to solve every problem immediately but we'll certainly try our best. Our customers are the reason for our success.Starting Price: $6,592 one-time payment -
32
Q-mast
Quokka
Q-mast is Quokka’s automated mobile application security testing solution built for teams that need deep visibility, operational speed, and strong compliance across both in-house and/or third-party mobile apps. Q-mast performs full-spectrum testing across the mobile software development lifecycle—from design to deployment—covering static, dynamic, and interactive analysis, even in obfuscated or binary-only builds. The solution generates a complete, version-specific software bill of materials (SBOM), including embedded libraries, to surface vulnerable components and dependencies with pinpoint accuracy. Designed to fit into modern pipelines, Q-mast automates mobile app testing within CI/CD workflows like GitHub, GitLab, and Jenkins. -
33
Code Intelligence
Code Intelligence
Our platform uses various security techniques, including coverage-guided and feedback-based fuzz testing, to automatically generate millions of test cases that trigger hard-to-find bugs deep within your application. This white-box approach protects against edge cases and speeds up development. Advanced fuzzing engines generate inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Uncover true vulnerabilities only. Get the input and stack trace as proof, so you can reliably reproduce errors every time. AI white-box testing uses data from all previous test runs to continuously learn the inner-workings of your application, triggering security-critical bugs with increasingly high precision. -
34
Precogs AI
Precogs AI
Precogs AI is an autonomous application security platform that finds, fixes, and ships secure code—without slowing developers down. AI-native detection across code, binaries, and data with 98% precision and near-zero false positives. Auto-generates fixes directly in pull requests. Built-in PII detection (99.2%), secrets scanning, and Pre-LLM Sanitization to protect your IP during AI analysis. Covers SAST, SCA, SBOM, IaC, containers, binary/DAST. Tops CASTLE benchmark. Free tier available.Starting Price: $34/month -
35
McCabe IQ
McCabe Software
Mission, life and business critical applications must work right the first and every time or lives and fortunes could be lost. If you are not actively analyzing your code for vulnerabilities and complexity, or thoroughly scrutinizing your testing activities using a path oriented approach, trouble is going to find you. The world’s top organizations trust the McCabe IQ quality management suite to analyze the quality and test coverage of their critical applications. McCabe IQ is available in three editions, each targeted at key groups within the application development process and tailored to suit their specific needs. -
36
Google OSS-Fuzz
Google
OSS-Fuzz offers continuous fuzzing for open source software. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community. OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Projects that do not qualify for OSS-Fuzz can run their own instances of ClusterFuzz or ClusterFuzzLite. Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, and Java/JVM code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.Starting Price: Free -
37
ReversingLabs
ReversingLabs
ReversingLabs is a software supply chain security platform that helps organizations identify hidden threats within software components. It uses AI-driven binary analysis to detect malware, tampering, secrets, and other active threats that traditional tools often miss. ReversingLabs analyzes first-party, open-source, and third-party software to provide complete visibility into software risk. Its flagship solution, Spectra Assure®, identifies security issues in final builds before release. The platform leverages one of the world’s largest threat intelligence repositories to improve accuracy and reduce false positives. ReversingLabs helps organizations move from reactive threat detection to proactive risk management. It delivers trusted insights that strengthen software trust and security operations. -
38
YARA
YARA
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic. YARA-CI may be a useful addition to your toolbelt. This is GitHub application that provides continuous testing for your rules, helping you to identify common mistakes and false positives. The above rule is telling YARA that any file containing one of the three strings must be reported as silent_banker. -
39
WebReaver
Websecurify
WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, suitable for novice as well as advanced users. WebReaver allows you easily test any web application for a large variety of web vulnerabilities from the sever kinds such as SQL Injection, local and remote file Includes, command Injection, cross-site scripting and expression Injection to the less severe ones such as variety of session and headers problems, information leakage and many more. Automated security testing technologies, such as those, which rely on scanning, fuzzing, sending arbitrary malicious data to detect security defects, can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments. -
40
CodeWall
CodeWall
CodeWall is an AI-powered autonomous penetration testing platform that continuously finds and validates security vulnerabilities in your applications. Unlike traditional point-in-time pentests, CodeWall deploys AI agents that autonomously map attack surfaces, chain real exploits, and deliver verified proof-of-concept evidence — running continuously alongside your change management and development cycle. Key capabilities: automated reconnaissance and subdomain enumeration, multi-phase exploit chaining, authenticated testing, AI/LLM vulnerability detection, and compliance-tagged findings. Supports web apps, REST/GraphQL APIs, cloud infrastructure, and internal tooling. Integrates with CI/CD pipelines via CLI and REST API. -
41
IDA Pro
Hex-Rays
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro so that it can generate assembly language source code from machine-executable code and make this complex code more human-readable. The debugging feature augmented IDA with the dynamic analysis. It supports multiple debugging targets and can handle remote applications. Its cross-platform debugging capability enables instant debugging, easy connection to both local and remote processes and support for 64-bit systems and new connection possibilities. IDA Pro allows the human analyst to override its decisions or to provide hints so that the analyst can work seamlessly and quickly with the disassembler and analyze binary code more intuitively. -
42
Proteus CMMS
Eagle Technology
Proteus CMMS Scalable and versatile cloud-based suite to manage, organize, track and schedule your maintenance activities. Bring your maintenance operations together in one place. Proteus MMX is a cloud-hosted Next-Gen Computerized Maintenance management solution, offering all the features of a traditional solution, preventive maintenance scheduling, work orders and asset management combined with latest digital trends as Enterprise Resource Planning (ERP), Artificial Intelligence Integration, and IoT system connectivity. Compile accurate information on equipment and infrastructure to analyze performance, schedule preventive maintenance, and reduce capital expenses. One database for all asset information allows for easy retrieval, input on activities, parts usage, and maintenance. With real-time data dashboard, manufacturing equipment can be monitored by the maintenance team to quickly identify potential problems.Starting Price: $39 per user per year -
43
LLMFuzzer
LLMFuzzer
If you're a security enthusiast, a pentester, or a cybersec researcher who loves to find and exploit vulnerabilities in AI systems, LLMFuzzer is the perfect tool for you. It's built to make your testing process streamlined and efficient. We are working on full documentation. It will cover detailed information about the architecture, different fuzzing strategies, examples, and how to extend the tool.Starting Price: Free -
44
OpenJDK
Oracle
The place to collaborate on an open-source implementation of the Java platform, standard edition, and related projects. Download and install the latest open-source JDK. Oracle’s free, GPL-licensed, production-ready OpenJDK JDK 21 binaries for Linux, macOS, and Windows are available, Oracle’s commercially-licensed JDK 21 binaries, based on the same code, are available as well. Browse the code on the web, clone a repository to make a local copy, and contribute a patch to fix a bug, enhance an existing component, or define a new feature. OpenJDK provides source code that developers can use to build their binaries. Consequently, users are responsible for compiling the code and generating the Java runtime tailored to their specific platform. The JDK is a complex software project. Building it requires a certain amount of technical expertise, a fair number of dependencies on external software, and reasonably powerful hardware.Starting Price: Free -
45
Thorium
Thorium
Thorium uses many modifications to the compiler configuration file, which highly optimizes the browser, at the cost of size. Thorium uses the official builds of Chrome and Chromium also uses Profile Guided Optimization (PGO), this optimization technique uses a profile data file, which is generated by a profiler to optimize the entire binary. The profiler does a test run of the binary, and records which parts of code are accessed most frequently, their memory access patterns, and what data they frequently fetch. There are many Chromium-based browsers out there with subsets of these optimizations, but only Thorium uses all of them together to bring the most performant browsing experience on Linux, Windows, MacOS, and Raspberry Pi.Starting Price: Free -
46
APIFuzzer
PyPI
APIFuzzer reads your API description and step-by-step fuzzes the fields to validate if your application can cope with the fuzzed parameters, and it does not require coding. Parse API definition from a local file or remote URL. JSON and YAML file format support. All HTTP methods are supported. Fuzzing of the request body, query string, path parameter, and request header is supported. Relies on random mutations and supports CI integration. Generate JUnit XML test report format. Send a request to an alternative URL. Support HTTP basic auth from the configuration. Save the report of the failed test in JSON format into the pre-configured folder.Starting Price: Free -
47
walrus.ai
walrus.ai
We let humans do what they do best, and machines do what they do best. The walrus.ai CLI tool is the easiest way to run end-to-end tests for your application. It supports defining tests either inline with the call, or in specified YML files. Send us your test from our dashboard or with the walrus.ai CLI. We translate your instructions into an automated test model. Results are available in our dashboard, through the CLI, or via one of our integrations. We monitor every model run to look for application changes or false failures. Re-verification of your test ensures you never receive false positives or false negatives. Test your most complicated user flows with plain English — we’ll handle the rest. -
48
robotic.mobi
Mobinavel
As a fast-growing company we are focusing on perfection of test automation. Our team has qualitative development and QA background. Test your app on real devices. You can find most of the popular devices across the market at robotic lab. You can run your test on common operating systems and platforms. Transform your business to continues testing and DevOps. Get help of the artificial intelligence to cover your test scenarios more than you can imagine. Application test without code skills but still advanced. Get rid of complexity and chaos of test cases. You will feel like playing puzzles.Starting Price: $100 one-time payment -
49
LibFuzzer
LLVM Project
LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine. LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entry point (or target function); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. The code coverage information for libFuzzer is provided by LLVM’s SanitizerCoverage instrumentation. LibFuzzer is still fully supported in that important bugs will get fixed. The first step in using libFuzzer on a library is to implement a fuzz target, a function that accepts an array of bytes and does something interesting with these bytes using the API under test. Note that this fuzz target does not depend on libFuzzer in any way so it is possible and even desirable to use it with other fuzzing engines like AFL and/or Radamsa.Starting Price: Free -
50
QShield
Quarkslab
Obfuscate your highly valuable source code and protect your sensitive assets thanks to QShield compiler-obfuscator. Protect your applications against static and dynamic analysis. Software running on untrusted environments is at risk of reverse-engineering, an application running on a device that is available to an attacker is vulnerable to a wide range of techniques used to try and extract secrets, and intellectual property. To prevent unauthorized parties from gaining insight, tampering with or even recovering the source code from the binary, software protection mechanisms must be implemented to preserve revenues and intellectual property. 30+ obfuscation schemes are available. Granular control of the protection profile thanks to a file-based policy or comments throughout the code. Build diversification, each compiled application is different with a user-controlled randomness seed. Integrity checks and detection of debuggers, emulators, and hooking frameworks.
