From 5b93c24601b6cc7bc02d74b9d24c7c92928a848e Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Sat, 5 Jan 2019 14:18:50 -0800 Subject: [PATCH] Cleanup README --- README.md | 75 ++++++++++++++++++++++++------------------------------- 1 file changed, 33 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 25d6156..9637a17 100644 --- a/README.md +++ b/README.md @@ -4,15 +4,14 @@ android-security-awesome ![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/ A collection of android security related resources. -1. [TOOLS](#tools) -2. [ACADEMIC / RESEARCH / PUBLICATIONS / BOOKS](#academic) -3. [EXPLOITS / VULNERABILITIES / BUGS](#exploits) +1. [Tools](#tools) +2. [Academic/Research/Publications/Books](#academic) +3. [Exploits/Vulnerabilities/Bugs](#exploits) ----- -# TOOLS +## Tools + +### Online Analyzers -Online Analyzers ----- 1. [AndroTotal](http://andrototal.org/) 2. [Tracedroid](http://tracedroid.few.vu.nl/) @@ -42,8 +41,8 @@ Online Analyzers 27. ~~[MobiSec Eacus](http://www.mobiseclab.org/eacus.jsp)~~ 28. ~~[Fireeye](https://fireeye.ijinshan.com/)- max 60MB 15/day~~ -Static Analysis Tools ----- +### Static Analysis Tools + 1. [Androwarn](https://github.com/maaaaz/androwarn/) - detect and warn the user about potential malicious behaviours developed by an Android application. 2. [ApkAnalyser](https://github.com/sonyxperiadev/ApkAnalyser) @@ -68,16 +67,15 @@ Static Analysis Tools 21. [StaCoAn](https://github.com/vincentcox/StaCoAn) - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool was created with a big focus on usability and graphical guidance in the user interface. 22. [JAADAS](https://github.com/flankerhqd/JAADAS) - Joint intraprocedure and interprocedure program analysis tool to find vulnerabilities in Android apps, built on Soot and Scala -App Vulnerability Scanners ----- +### App Vulnerability Scanners + 1. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues 2. [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework) 3. [Nogotofail](https://github.com/google/nogotofail) 4. ~~[Devknox](https://devknox.io/) - IDE plugin to build secure Android apps. Not maintained anymore.~~ -Dynamic Analysis Tools ----- +### Dynamic Analysis Tools 1. [Android DBI frameowork](http://www.mulliner.org/blog/blosxom.cgi/security/androiddbiv02.html) 2. [Androl4b](https://github.com/sh4hin/Androl4b)- A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis @@ -111,8 +109,7 @@ Dynamic Analysis Tools 32. ~~[Mercury](https://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/)~~ -Reverse Engineering ----- +### Reverse Engineering 1. [Smali/Baksmali](https://github.com/JesusFreke/smali) – apk decompilation 2. [emacs syntax coloring for smali files](https://github.com/strazzere/Emacs-Smali) @@ -147,8 +144,7 @@ Reverse Engineering 31. [Jadx](https://github.com/skylot/jadx) 32. [Dwarf](https://github.com/iGio90/Dwarf) - GUI for reverse engineering -Fuzz Testing ----- +### Fuzz Testing 1. [IntentFuzzer](https://www.nccgroup.trust/us/about-us/resources/intent-fuzzer/) 2. [Radamsa Fuzzer](https://github.com/anestisb/radamsa-android) @@ -157,13 +153,11 @@ Fuzz Testing 5. [Media Fuzzing Framework for Android](https://github.com/fuzzing/MFFA) 6. [AndroFuzz](https://github.com/jonmetz/AndroFuzz) -App Repackaging Detectors ----- +### App Repackaging Detectors 1. [FSquaDRA](https://github.com/zyrikby/FSquaDRA) - a tool for detection of repackaged Android applications based on app resources hash comparison. -Market Crawlers ----- +### Market Crawlers 1. [Google play crawler (Java)](https://github.com/Akdeniz/google-play-crawler) 2. [Google play crawler (Python)](https://github.com/egirault/googleplay-api) @@ -172,8 +166,7 @@ Market Crawlers 5. [Appland downloader (Node)](https://github.com/dweinstein/node-appland) - download apps from Appland third-party Android market 6. [Apkpure](https://apkpure.com/) - Online apk downloader. Provides also an own app for downloading. -Misc Tools ----- +### Misc Tools 1. [smalihook](http://androidcracking.blogspot.com/2011/03/original-smalihook-java-source.html) 2. [APK-Downloader](http://codekiem.com/2012/02/24/apk-downloader/) @@ -188,22 +181,21 @@ Misc Tools 11. [dockerfile/androguard](https://github.com/dweinstein/dockerfile-androguard) 12. [Android Vulnerability Test Suite](https://github.com/AndroidVTS/android-vts) - android-vts scans a device for set of vulnerabilities 13. [AppMon](https://github.com/dpnishant/appmon)- AppMon is an automated framework for monitoring and tampering system API calls of native macOS, iOS and android apps. It is based on Frida. ----- -# ACADEMIC / RESEARCH / PUBLICATIONS / BOOKS +## Academic/Research/Publications/Books + +### Research Papers -Research Papers ----- 1. [Exploit Database](https://www.exploit-db.com/papers/) 2. [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) 3. [A good collection of static analysis papers](https://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) -Books ----- +### Books + 1. [SEI CERT Android Secure Coding Standard](https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard) -Others ----- +### Others + 1. [OWASP Mobile Security Testing Guide Manual](https://github.com/OWASP/owasp-mstg) 2. [doridori/Android-Security-Reference](https://github.com/doridori/Android-Security-Reference) 3. [android app security checklist](https://github.com/b-mueller/android_app_security_checklist) @@ -211,12 +203,11 @@ Others 5. [Mobile Security Reading Room](https://mobile-security.zeef.com) - A reading room which contains well categorised technical reading material about mobile penetration testing, mobile malware, mobile forensics and all kind of mobile security related topics 6. ~~[Android Reverse Engineering 101 by Daniele Altomare](http://www.fasteque.com/android-reverse-engineering-101-part-1/)~~ ----- -# EXPLOITS / VULNERABILITIES / BUGS +## Exploits/Vulnerabilities/Bugs + +### List -List ----- 1. [Android Security Bulletins](https://source.android.com/security/bulletin/) 2. [Android's reported security vulnerabilities](https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html) @@ -228,8 +219,8 @@ List 8. [Google Android Security Team’s Classifications for Potentially Harmful Applications (Malware)](https://source.android.com/security/reports/Google_Android_Security_PHA_classifications.pdf) -Malware ----- +### Malware + 1. [androguard - Database Android Malwares wiki](https://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) 2. [Android Malware Github repo](https://github.com/ashishb/android-malware) 3. [Android Malware Genome Project](http://www.malgenomeproject.org/policy.html) - contains 1260 malware samples categorized into 49 different malware families, free for research purpose. @@ -238,14 +229,14 @@ Malware 6. [Drebin](https://www.sec.cs.tu-bs.de/~danarp/drebin/) 7. ~~[Admire](http://admire.necst.it/)~~ -Bounty Programs ----- +### Bounty Programs + 1. [Android Security Reward Program](https://www.google.com/about/appsecurity/android-rewards/) -How to report Security issues ----- +### How to report Security issues + 1. [Android - reporting security issues](https://source.android.com/security/overview/updates-resources.html#report-issues) 2. [Android Reports and Resources](https://github.com/B3nac/Android-Reports-and-Resources) - List of Android Hackerone disclosed reports and other resources -# Contributing +## Contributing Your contributions are always welcome!