Agnitio v2.1 Released – Manual Security Code Review Tool


A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

It hasn’t been updated for a fair while sadly, and v2.1 was released in 2011 – but still it’s a useful tool and a decent update. The last time we wrote about it was when Agnitio v2.0 was released back in August 2011.

Agnitio - Security Code Review

The major changes in v2.1 are listed below:

  • Windows x64 support
  • Automatically decompile Android .apk application to easily analyse the apps source code
  • Application profiles now have an application type of either web or mobile which allows only relevant checklist items to be displayed during the security code review
  • Create new checklist questions and mark them as web or mobile
  • C# and Java rules from the OWASP Code Crawler project have been imported into the Agnitio database and linked to relevant checklist questions

You can download Agnitio v2.1 here:

x64 – Agnitio x64.zip
x86 – Agnitio x86.zip

Or read more here.

Posted in: Countermeasures, Secure Coding, Security Software

, ,


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


Comments are closed.