From 16c5c4997140f40bb3118bf98ea15add919ee7bf Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Sun, 7 Jun 2015 22:00:14 -0400 Subject: [PATCH 01/37] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 31ce1f7..2b7d9bc 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) 18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. 19. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. +20. [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete ## REVERSE ENGINEERING From 69e2fabad5a340a86892aef4c5ddf0e7459b6a36 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Tue, 9 Jun 2015 10:36:34 -0700 Subject: [PATCH 02/37] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2b7d9bc..1fd1af4 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,8 @@ A lot of work is happening in academia and industry on tools to perform dynamic 9. [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks) 10. [Android OpenDebug](https://github.com/iSECPartners/Android-OpenDebug) – make any application on device debuggable (using cydia substrate). 11. [Dare](http://siis.cse.psu.edu/dare/index.html) – .dex to .class converter -12. [Dex2Jar](http://code.google.com/p/dex2jar/) +12. [Dex2Jar](http://code.google.com/p/dex2jar/) - dex to jar converter +13. [Enjarify](https://github.com/google/enjarify) - dex to jar converter from Google 13. [Dedexer](http://dedexer.sourceforge.net) 14. [Fino](https://github.com/sysdream/fino) 15. [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit From fb903a939ac56c37b5b9329d4cf91b86afa7de5c Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Sat, 27 Jun 2015 17:16:34 -0400 Subject: [PATCH 03/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1fd1af4..e372170 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic 2. [Anubis](http://anubis.iseclab.org/) 3. [App 360 scan](http://www.app360scan.com/) 4. [CopperDroid](http://copperdroid.isg.rhul.ac.uk/copperdroid/) -5. [Comdroid](http://www.comdroid.org/) 6. [Dexter](https://dexter.bluebox.com/) 7. [Foresafe](http://www.foresafe.com/scan) 8. [Mobile app insight](http://www.mobile-app-insight.org) @@ -27,6 +26,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 16. [NVISO ApkScan](http://apkscan.nviso.be/) 17. [AVC UnDroid](http://www.av-comparatives.org/avc-analyzer/) 14. [Stowaway](http://www.android-permissions.org/) – seems to be dead now +15. [Comdroid](http://www.comdroid.org/) - seems to be dead now ## STATIC ANALYSIS TOOLS From f181b1b32215a0fc6fbd522c46760d77cb193345 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Sat, 27 Jun 2015 17:19:12 -0400 Subject: [PATCH 04/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e372170..7811c65 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 17. [IntentSniffer](https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx) 18. [Introspy](https://github.com/iSECPartners/Introspy-Android) 19. [Jad]( http://www.varaneckas.com/jad) - Java decompiler -20. [JD-GUI](http://java.decompiler.free.fr/?q=jdgui) - Java decompiler +20. [JD-GUI](https://github.com/java-decompiler/jd-gui) - Java decompiler 21. [CFR](http://www.benf.org/other/cfr/) - Java decompiler 22. [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler 23. [Procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - Java decompiler From 076c3e55923e36fa1ef9e39c4fdf682b61fa5b6e Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Thu, 2 Jul 2015 03:06:49 -0400 Subject: [PATCH 05/37] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7811c65..c28ee39 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 15. [Android Hooker](https://github.com/AndroidHooker/hooker) - API Hooking of java methods triggered by any Android application (requires the Substrate Framework) 16. [Android tamer](https://androidtamer.com/) - custom image 17. [Droidscope](https://code.google.com/p/decaf-platform/wiki/DroidScope) - custom image for dynamic analysis +18. [CuckooDroid](https://github.com/idanr1986/cuckoo-droid) - Android extension for Cuckoo sandbox 16. [Crowdroid](http://www.ida.liu.se/labs/rtslab/publications/2011/spsm11-burguera.pdf) – unable to find the actual tool 16. [AuditdAndroid](https://github.com/nwhusted/AuditdAndroid) – android port of auditd, not under active development anymore 16. [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore @@ -66,6 +67,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 19. [Ijiami (Chinese)](http://safe.ijiami.cn/) - seems dead now 16. [Aurasium](http://www.aurasium.com/) – rewrites the android app to add security policy, seems dead now 17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) +18. 18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. 19. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. 20. [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete From d60bb5b771c2a5d1381a8f8fcd5efc9904fb647f Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Thu, 16 Jul 2015 12:33:44 -0700 Subject: [PATCH 06/37] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c28ee39..2ffdfdb 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 16. [Android tamer](https://androidtamer.com/) - custom image 17. [Droidscope](https://code.google.com/p/decaf-platform/wiki/DroidScope) - custom image for dynamic analysis 18. [CuckooDroid](https://github.com/idanr1986/cuckoo-droid) - Android extension for Cuckoo sandbox +19. [Mem](https://github.com/MobileForensicsResearch/mem) - Memory analysis of Android (root required) 16. [Crowdroid](http://www.ida.liu.se/labs/rtslab/publications/2011/spsm11-burguera.pdf) – unable to find the actual tool 16. [AuditdAndroid](https://github.com/nwhusted/AuditdAndroid) – android port of auditd, not under active development anymore 16. [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore From 2037ac070b902c9d79808ff3e0daa2cf7afb6f66 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Sun, 19 Jul 2015 00:00:27 -0400 Subject: [PATCH 07/37] Added contributing.md --- contributing.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 contributing.md diff --git a/contributing.md b/contributing.md new file mode 100644 index 0000000..6e8de68 --- /dev/null +++ b/contributing.md @@ -0,0 +1,15 @@ +# Contribution Guidelines + +Please ensure your pull request adheres to the following guidelines: + +- Search previous suggestions before making a new one, as yours may be a duplicate. +- Make sure your entries is useful before submitting. +- Make an individual pull request for each suggestion. +- Titles should be [capitalized](http://grammar.yourdictionary.com/capitalization/rules-for-capitalization-in-titles.html). +- Link additions should be added to the bottom of the relevant category. +- New categories or improvements to the existing categorization are welcome. +- Check your spelling and grammar. +- Make sure your text editor is set to remove trailing whitespace. +- The pull request and commit should have a useful title. + +Thank you for your suggestions! From f88254dc03a4dfa2b4c645f301940acc15fec25b Mon Sep 17 00:00:00 2001 From: Craig Davison Date: Fri, 7 Aug 2015 17:52:35 +0100 Subject: [PATCH 08/37] Add awesome list badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2ffdfdb..9b707fd 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -android-security-awesome +android-security-awesome [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) ======================== A collection of android security related resources. From a0e0ae9c310420e1e5b7381f1b7c08b67cfc3b87 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Fri, 7 Aug 2015 10:20:24 -0700 Subject: [PATCH 09/37] Update README.md --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9b707fd..5f4c5b6 100644 --- a/README.md +++ b/README.md @@ -123,11 +123,13 @@ A lot of work is happening in academia and industry on tools to perform dynamic 2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) 3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) -## BOOKS +## Reading material 1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html) +2. [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) +3. [A good collection of static analysis papers](http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) -## MISC TOOLS/READINGS +## MISC TOOLS 1. [smalihook](http://androidcracking.blogspot.com/2011/03/original-smalihook-java-source.html) 2. [APK-Downloader](http://codekiem.com/2012/02/24/apk-downloader/) @@ -136,7 +138,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic 5. [adb autocomplete](https://romannurik-code.googlecode.com/git/bash_completion/adb) 6. [Dalvik opcodes](http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html) 7. [Opcodes table for quick reference](http://xchg.info/corkami/opcodes_tables.pdf) -8. [A good collection of static analysis papers](http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) 9. [ExploitMe](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice 10. [GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) - for practice 11. [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice From 4cc4e2fdcd261ae78b986776796d17b036b374b0 Mon Sep 17 00:00:00 2001 From: David Weinstein Date: Sat, 8 Aug 2015 10:48:19 -0400 Subject: [PATCH 10/37] add market crawlers section --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 5f4c5b6..e52f716 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,14 @@ A lot of work is happening in academia and industry on tools to perform dynamic 2. [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) 3. [A good collection of static analysis papers](http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) +## MARKET CRAWLERS + +1. [Google play crawler (Java)](https://github.com/Akdeniz/google-play-crawler) +2. [Google play crawler (Python)](https://github.com/egirault/googleplay-api) +2. [Google play crawler (Node) ](https://github.com/dweinstein/node-google-play) - get app details and download apps from official Google Play Store. +3. [Aptoide downloader (Node)](https://github.com/dweinstein/node-aptoide) - download apps from Aptoide third-party Android market +4. [Appland downloader (Node)](https://github.com/dweinstein/node-appland) - download apps from Appland third-party Android market + ## MISC TOOLS 1. [smalihook](http://androidcracking.blogspot.com/2011/03/original-smalihook-java-source.html) From c41af48b69893b8b9a036d1ecc7ae4b8abd0dd58 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Thu, 24 Sep 2015 12:58:35 -0700 Subject: [PATCH 11/37] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e52f716..ee5f6c5 100644 --- a/README.md +++ b/README.md @@ -122,6 +122,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 1. [contagio mini dump](http://contagiominidump.blogspot.com) 2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) 3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) +4. {Admire](http://admire.necst.it/) ## Reading material From 7d6b28ae8907fc5ef80ea08a7e3857e3f9034c67 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Thu, 24 Sep 2015 12:59:01 -0700 Subject: [PATCH 12/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ee5f6c5..14e9f3f 100644 --- a/README.md +++ b/README.md @@ -122,7 +122,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 1. [contagio mini dump](http://contagiominidump.blogspot.com) 2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) 3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) -4. {Admire](http://admire.necst.it/) +4. [Admire](http://admire.necst.it/) ## Reading material From 18ab50f5d94442ef0ba6aa77c3a4a45389222725 Mon Sep 17 00:00:00 2001 From: Michael Ernst Date: Thu, 1 Oct 2015 05:35:26 -0700 Subject: [PATCH 13/37] Add link to SPARTA static analysis tool --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 14e9f3f..ecf2646 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 12. [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis 13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications 14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. +15. [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) ## DYNAMIC ANALYSIS TOOLS From 18f3629a75015a68c62aeec54ba4e4982a5ddea7 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Tue, 6 Oct 2015 12:28:36 -0700 Subject: [PATCH 14/37] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ecf2646..5741a1a 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 14. [Fino](https://github.com/sysdream/fino) 15. [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit 16. [IntentFuzzer](https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx) +17. [Randamsa Fuzzer](https://github.com/anestisb/radamsa-android) 17. [IntentSniffer](https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx) 18. [Introspy](https://github.com/iSECPartners/Introspy-Android) 19. [Jad]( http://www.varaneckas.com/jad) - Java decompiler From 202e0d0135fa529a1dff7977f4c2fd7f34d77db8 Mon Sep 17 00:00:00 2001 From: Anestis Bechtsoudis Date: Tue, 6 Oct 2015 16:15:41 -0700 Subject: [PATCH 15/37] New FUZZ TESTING category * Move existing tools * Add Honggfuzz & MFFA tools * Fixed typo in "radamsa" name Signed-off-by: Anestis Bechtsoudis --- README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5741a1a..281f124 100644 --- a/README.md +++ b/README.md @@ -91,8 +91,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic 13. [Dedexer](http://dedexer.sourceforge.net) 14. [Fino](https://github.com/sysdream/fino) 15. [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit -16. [IntentFuzzer](https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx) -17. [Randamsa Fuzzer](https://github.com/anestisb/radamsa-android) 17. [IntentSniffer](https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx) 18. [Introspy](https://github.com/iSECPartners/Introspy-Android) 19. [Jad]( http://www.varaneckas.com/jad) - Java decompiler @@ -108,6 +106,14 @@ A lot of work is happening in academia and industry on tools to perform dynamic 25. [Bytecode viewer](https://github.com/Konloch/bytecode-viewer) 26. [Krakatau](https://github.com/Storyyeller/Krakatau) +## FUZZ TESTING + +1. [IntentFuzzer](https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx) +2. [Radamsa Fuzzer](https://github.com/anestisb/radamsa-android) +3. [Honggfuzz](https://github.com/google/honggfuzz) +4. [An Android port of the melkor ELF fuzzer](https://github.com/anestisb/melkor-android) +5. [Media Fuzzing Framework for Android](https://github.com/fuzzing/MFFA) + ##APP REPACKAGING DETECTORS 1. [FSquaDRA](https://github.com/zyrikby/FSquaDRA) - a tool for detection of repackaged Android applications based on app resources hash comparison. @@ -145,7 +151,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic 1. [smalihook](http://androidcracking.blogspot.com/2011/03/original-smalihook-java-source.html) 2. [APK-Downloader](http://codekiem.com/2012/02/24/apk-downloader/) 3. [AXMLPrinter2](http://code.google.com/p/android4me/downloads/detail?name=AXMLPrinter2.jar) - to convert binary XML files to human-readable XML files -4. [An Android port of the melkor ELF fuzzer](https://github.com/anestisb/melkor-android) 5. [adb autocomplete](https://romannurik-code.googlecode.com/git/bash_completion/adb) 6. [Dalvik opcodes](http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html) 7. [Opcodes table for quick reference](http://xchg.info/corkami/opcodes_tables.pdf) From 90e60d8f7e6485ffbe6dc132c9fc35868ef790e5 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Sun, 11 Oct 2015 18:24:21 -0400 Subject: [PATCH 16/37] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 281f124..c40dce6 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications 14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. 15. [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) +16. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues ## DYNAMIC ANALYSIS TOOLS From ae05b11c40a47f4e899b7b843bced0f5ce75ad26 Mon Sep 17 00:00:00 2001 From: "Jiezhi.G" Date: Wed, 14 Oct 2015 16:15:01 +0800 Subject: [PATCH 17/37] update aurasium url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c40dce6..45ae04f 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 16. [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore 18. [Android Reverse Engineering](https://redmine.honeynet.org/projects/are/wiki) – ARE (android reverse engineering) not under active development anymore 19. [Ijiami (Chinese)](http://safe.ijiami.cn/) - seems dead now -16. [Aurasium](http://www.aurasium.com/) – rewrites the android app to add security policy, seems dead now +16. [Aurasium](https://github.com/xurubin/aurasium) – Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor. 17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) 18. 18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. From b375cd4e4a972b0c4a5674528c8cda0cbedbfdae Mon Sep 17 00:00:00 2001 From: "Jiezhi.G" Date: Wed, 14 Oct 2015 16:22:19 +0800 Subject: [PATCH 18/37] move ijami to online analysis move ijami from dynamic analysis to online analysis --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 45ae04f..a0d8006 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 15. [IBM Security AppScan Mobile Analyzer](https://appscan.bluemix.net/mobileAnalyzer) - not free 16. [NVISO ApkScan](http://apkscan.nviso.be/) 17. [AVC UnDroid](http://www.av-comparatives.org/avc-analyzer/) +18. 19. [Ijiami (Chinese)](http://safe.ijiami.cn/) 14. [Stowaway](http://www.android-permissions.org/) – seems to be dead now 15. [Comdroid](http://www.comdroid.org/) - seems to be dead now @@ -67,7 +68,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic 16. [AuditdAndroid](https://github.com/nwhusted/AuditdAndroid) – android port of auditd, not under active development anymore 16. [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore 18. [Android Reverse Engineering](https://redmine.honeynet.org/projects/are/wiki) – ARE (android reverse engineering) not under active development anymore -19. [Ijiami (Chinese)](http://safe.ijiami.cn/) - seems dead now 16. [Aurasium](https://github.com/xurubin/aurasium) – Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor. 17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) 18. From eeb53f6839129af10f0b10ec25d64d17f3b26f9f Mon Sep 17 00:00:00 2001 From: "Jiezhi.G" Date: Wed, 14 Oct 2015 16:23:31 +0800 Subject: [PATCH 19/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a0d8006..4cf44f2 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 15. [IBM Security AppScan Mobile Analyzer](https://appscan.bluemix.net/mobileAnalyzer) - not free 16. [NVISO ApkScan](http://apkscan.nviso.be/) 17. [AVC UnDroid](http://www.av-comparatives.org/avc-analyzer/) -18. 19. [Ijiami (Chinese)](http://safe.ijiami.cn/) +18. [Ijiami (Chinese)](http://safe.ijiami.cn/) 14. [Stowaway](http://www.android-permissions.org/) – seems to be dead now 15. [Comdroid](http://www.comdroid.org/) - seems to be dead now From 8b49cbeab3b6d4f151829a8936376babb9651499 Mon Sep 17 00:00:00 2001 From: "Jiezhi.G" Date: Fri, 16 Oct 2015 14:35:38 +0800 Subject: [PATCH 20/37] change smali_cfg url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4cf44f2..06f23eb 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 4. [APKInspector](https://github.com/honeynet/apkinspector/) 5. [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm) 6. [Several tools from PSU](http://siis.cse.psu.edu/tools.html) -7. [Smali CFG generator](http://code.google.com/p/smali-cfgs/) +7. [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs/) 8. [FlowDroid](http://sseblog.ec-spride.de/tools/flowdroid/) 9. [Android Decompiler](http://www.android-decompiler.com/) – not free 10. [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis From 397046524fdc6f4caee3f85c015bc7f819d2d4db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?B=C3=A2k=C4=B1r=20Emre?= Date: Mon, 19 Oct 2015 22:12:01 +0300 Subject: [PATCH 21/37] Update README.md added Vezir-Project. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c40dce6..3282e32 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. 19. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. 20. [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete +21. [Vezir Project](https://github.com/oguzhantopgul/Vezir-Project) - Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis ## REVERSE ENGINEERING From cd183e4a38d6537c6d426920760a211c44a7f827 Mon Sep 17 00:00:00 2001 From: "Jiezhi.G" Date: Fri, 23 Oct 2015 10:05:02 +0800 Subject: [PATCH 22/37] Update README.md --- README.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 06f23eb..54749d7 100644 --- a/README.md +++ b/README.md @@ -31,21 +31,21 @@ A lot of work is happening in academia and industry on tools to perform dynamic ## STATIC ANALYSIS TOOLS -2. [Androwarn](https://github.com/maaaaz/androwarn/) -3. [ApkAnalyser](https://github.com/sonyxperiadev/ApkAnalyser) -4. [APKInspector](https://github.com/honeynet/apkinspector/) -5. [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm) -6. [Several tools from PSU](http://siis.cse.psu.edu/tools.html) -7. [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs/) -8. [FlowDroid](http://sseblog.ec-spride.de/tools/flowdroid/) -9. [Android Decompiler](http://www.android-decompiler.com/) – not free -10. [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis -11. [Amandroid](http://amandroid.sireum.org/) -12. [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis -13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications -14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. -15. [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) -16. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues +1. [Androwarn](https://github.com/maaaaz/androwarn/) - detect and warn the user about potential malicious behaviours developped by an Android application. +* [ApkAnalyser](https://github.com/sonyxperiadev/ApkAnalyser) +* [APKInspector](https://github.com/honeynet/apkinspector/) +* [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm) +* [Several tools from PSU](http://siis.cse.psu.edu/tools.html) +* [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs/) +* [FlowDroid](http://sseblog.ec-spride.de/tools/flowdroid/) +* [Android Decompiler](http://www.android-decompiler.com/) – not free +* [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis +* [Amandroid](http://amandroid.sireum.org/) +* [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis +* [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications +* [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. +* [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) +* [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues ## DYNAMIC ANALYSIS TOOLS From d5f0a53a78e2601486e107862b8df93460448fc0 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Thu, 29 Oct 2015 11:01:55 -0700 Subject: [PATCH 23/37] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3282e32..1a4cbd3 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 11. [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice 12. [mitmproxy](https://github.com/mitmproxy/mitmproxy) 13. [dockerfile/androguard](https://github.com/dweinstein/dockerfile-androguard) - +14. [Android Vulnerability Test Suite](https://github.com/nowsecure/android-vts) - android-vts scans a device for known set of vulnerabilities # Other Awesome Lists Other amazingly awesome lists can be found in the [awesome-awesomeness](https://github.com/bayandin/awesome-awesomeness) list. From 816ae869b76b00f66fc12fa4a556ffa68d36a665 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Thu, 29 Oct 2015 11:03:08 -0700 Subject: [PATCH 24/37] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1a4cbd3..59b1e06 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,8 @@ A lot of work is happening in academia and industry on tools to perform dynamic 11. [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice 12. [mitmproxy](https://github.com/mitmproxy/mitmproxy) 13. [dockerfile/androguard](https://github.com/dweinstein/dockerfile-androguard) -14. [Android Vulnerability Test Suite](https://github.com/nowsecure/android-vts) - android-vts scans a device for known set of vulnerabilities +14. [Android Vulnerability Test Suite](https://github.com/nowsecure/android-vts) - android-vts scans a device for set of vulnerabilities + # Other Awesome Lists Other amazingly awesome lists can be found in the [awesome-awesomeness](https://github.com/bayandin/awesome-awesomeness) list. From f422740ec7163f7fd0f7a9156f2b778bf85a39a9 Mon Sep 17 00:00:00 2001 From: tuomao Date: Thu, 5 Nov 2015 23:47:06 +0800 Subject: [PATCH 25/37] add new sample source,MalGenome,free malware datasets --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 59b1e06..272e7d2 100644 --- a/README.md +++ b/README.md @@ -127,13 +127,16 @@ A lot of work is happening in academia and industry on tools to perform dynamic 2. [Root Exploits (from Drozer issue #56)](https://github.com/mwrlabs/drozer/issues/56) + ## SAMPLE SOURCES 1. [contagio mini dump](http://contagiominidump.blogspot.com) 2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) 3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) 4. [Admire](http://admire.necst.it/) - +5. [MalGenome](http://www.malgenomeproject.org/policy.html) - maintained by Yajin Zhou(North Carolina State University),contains 1260 malware samples categorized into 49 different malware families,free for research purpose. +6. [VirusTotal Malware Intelligence Service](https://www.virustotal.com/en/about/terms-of-service/) - powered by ViusTotal,not free + ## Reading material 1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html) From 75790b9f268d97c1286361df677ff93ba57c1d03 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Fri, 13 Nov 2015 16:58:10 -0800 Subject: [PATCH 26/37] Add AndroBugs --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 59b1e06..e46fbad 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,10 @@ A lot of work is happening in academia and industry on tools to perform dynamic 13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications 14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. 15. [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) -16. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues + +## APP VULNERABILITY SCANNERS +1. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues +2. [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework) ## DYNAMIC ANALYSIS TOOLS From f6c8323d53cf5630ca26b2c3292b182a47949dde Mon Sep 17 00:00:00 2001 From: ReadmeCritic Date: Fri, 13 Nov 2015 19:36:15 -0800 Subject: [PATCH 27/37] Update redirects in Readme --- README.md | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index e46fbad..3911e4d 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 14. [Mobile Malware Sandbox](http://www.mobilemalware.com.br/analysis/index_en.php) 15. [MobiSec Eacus](http://www.mobiseclab.org/eacus.jsp) 15. [IBM Security AppScan Mobile Analyzer](https://appscan.bluemix.net/mobileAnalyzer) - not free -16. [NVISO ApkScan](http://apkscan.nviso.be/) +16. [NVISO ApkScan](https://apkscan.nviso.be/) 17. [AVC UnDroid](http://www.av-comparatives.org/avc-analyzer/) 14. [Stowaway](http://www.android-permissions.org/) – seems to be dead now 15. [Comdroid](http://www.comdroid.org/) - seems to be dead now @@ -37,28 +37,25 @@ A lot of work is happening in academia and industry on tools to perform dynamic 6. [Several tools from PSU](http://siis.cse.psu.edu/tools.html) 7. [Smali CFG generator](http://code.google.com/p/smali-cfgs/) 8. [FlowDroid](http://sseblog.ec-spride.de/tools/flowdroid/) -9. [Android Decompiler](http://www.android-decompiler.com/) – not free +9. [Android Decompiler](https://www.pnfsoftware.com/) – not free 10. [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis 11. [Amandroid](http://amandroid.sireum.org/) 12. [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis 13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications 14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. 15. [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) - -## APP VULNERABILITY SCANNERS -1. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues -2. [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework) +16. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues ## DYNAMIC ANALYSIS TOOLS 1. [Android DBI frameowork](http://www.mulliner.org/blog/blosxom.cgi/security/androiddbiv02.html) 2. [Android Malware Analysis Toolkit](http://www.mobilemalware.com.br/amat/download.html) - (linux distro) Earlier it use to be an [online analyzer](http://dunkelheit.com.br/amat/analysis/index_en.html) -5. [AppUse](https://appsec-labs.com/AppUse) – custom build for pentesting -7. [Cobradroid](http://thecobraden.com/projects/cobradroid/) – custom image for malware analysis -8. [ViaLab Community Edition](https://viaforensics.com/product-updates/introducing-vialab-community-edition.html) +5. [AppUse](https://appsec-labs.com/AppUse/) – custom build for pentesting +7. [Cobradroid](https://www.thecobraden.com/projects/cobradroid/) – custom image for malware analysis +8. [ViaLab Community Edition](https://www.nowsecure.com/product-updates/introducing-vialab-community-edition.html%23viaforensics) 9. [Droidbox](http://code.google.com/p/droidbox/) 10. [Mercury](http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/) -11. [Drozer](https://labs.mwrinfosecurity.com/tools/drozer/) +11. [Drozer](https://www.mwrinfosecurity.com/products/drozer/) 12. [Taintdroid](http://appanalysis.org/download.html) - requires AOSP compilation 13. [Xposed](http://forum.xda-developers.com/showthread.php?t=1574401) - equivalent of doing Stub based code injection but without any modifications to the binary 15. [Android Hooker](https://github.com/AndroidHooker/hooker) - API Hooking of java methods triggered by any Android application (requires the Substrate Framework) @@ -74,7 +71,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 16. [Aurasium](http://www.aurasium.com/) – rewrites the android app to add security policy, seems dead now 17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) 18. -18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. +18. [Appie](https://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. 19. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. 20. [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete 21. [Vezir Project](https://github.com/oguzhantopgul/Vezir-Project) - Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis @@ -87,18 +84,18 @@ A lot of work is happening in academia and industry on tools to perform dynamic 5. [AndBug](https://github.com/swdunlop/AndBug) 6. [Androguard](https://github.com/androguard/androguard) – powerful, integrates well with other tools 7. [Apktool](http://code.google.com/p/android-apktool/) – really useful for compilation/decompilation (uses smali) -8. [Android Framework for Exploitation](https://github.com/xysec/AFE) +8. [Android Framework for Exploitation](https://github.com/appknox/AFE) 9. [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks) 10. [Android OpenDebug](https://github.com/iSECPartners/Android-OpenDebug) – make any application on device debuggable (using cydia substrate). 11. [Dare](http://siis.cse.psu.edu/dare/index.html) – .dex to .class converter -12. [Dex2Jar](http://code.google.com/p/dex2jar/) - dex to jar converter +12. [Dex2Jar](https://github.com/pxb1988/dex2jar) - dex to jar converter 13. [Enjarify](https://github.com/google/enjarify) - dex to jar converter from Google 13. [Dedexer](http://dedexer.sourceforge.net) 14. [Fino](https://github.com/sysdream/fino) 15. [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit -17. [IntentSniffer](https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx) +17. [IntentSniffer](https://www.nccgroup.trust/us/about-us/resources/intent-sniffer/) 18. [Introspy](https://github.com/iSECPartners/Introspy-Android) -19. [Jad]( http://www.varaneckas.com/jad) - Java decompiler +19. [Jad]( http://varaneckas.com/jad/) - Java decompiler 20. [JD-GUI](https://github.com/java-decompiler/jd-gui) - Java decompiler 21. [CFR](http://www.benf.org/other/cfr/) - Java decompiler 22. [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler @@ -113,7 +110,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic ## FUZZ TESTING -1. [IntentFuzzer](https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx) +1. [IntentFuzzer](https://www.nccgroup.trust/us/about-us/resources/intent-fuzzer/) 2. [Radamsa Fuzzer](https://github.com/anestisb/radamsa-android) 3. [Honggfuzz](https://github.com/google/honggfuzz) 4. [An Android port of the melkor ELF fuzzer](https://github.com/anestisb/melkor-android) @@ -141,7 +138,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html) 2. [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) -3. [A good collection of static analysis papers](http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) +3. [A good collection of static analysis papers](https://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) ## MARKET CRAWLERS @@ -158,7 +155,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 3. [AXMLPrinter2](http://code.google.com/p/android4me/downloads/detail?name=AXMLPrinter2.jar) - to convert binary XML files to human-readable XML files 5. [adb autocomplete](https://romannurik-code.googlecode.com/git/bash_completion/adb) 6. [Dalvik opcodes](http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html) -7. [Opcodes table for quick reference](http://xchg.info/corkami/opcodes_tables.pdf) +7. [Opcodes table for quick reference](http://www.xchg.info/corkami/opcodes_tables.pdf) 9. [ExploitMe](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice 10. [GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) - for practice 11. [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice From 4d98c417e5fc163a69ccfea268144c7812db63d2 Mon Sep 17 00:00:00 2001 From: thuxnder Date: Sat, 14 Nov 2015 14:22:13 +0100 Subject: [PATCH 28/37] link fix pointing to original site, mirror is down. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e46fbad..a7e1f02 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 2. [Anubis](http://anubis.iseclab.org/) 3. [App 360 scan](http://www.app360scan.com/) 4. [CopperDroid](http://copperdroid.isg.rhul.ac.uk/copperdroid/) -6. [Dexter](https://dexter.bluebox.com/) +6. [Dexter](http://dexter.dexlabs.org/) 7. [Foresafe](http://www.foresafe.com/scan) 8. [Mobile app insight](http://www.mobile-app-insight.org) 9. [Mobile-Sandbox](http://mobile-sandbox.com) From 6f0cd78c5e9de99dacc684e24abd914ecc939d03 Mon Sep 17 00:00:00 2001 From: ReadmeCritic Date: Sat, 14 Nov 2015 18:07:34 -0800 Subject: [PATCH 29/37] Put back APP VULNERABILITY SCANNERS --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ecd1e5e..17e4969 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,10 @@ A lot of work is happening in academia and industry on tools to perform dynamic 13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications 14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. 15. [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) -16. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues + +## APP VULNERABILITY SCANNERS +1. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues +2. [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework) ## DYNAMIC ANALYSIS TOOLS From 9d6cec44ab374ce2b0e72a44bb9516fbd5be18f5 Mon Sep 17 00:00:00 2001 From: tuomao Date: Sun, 15 Nov 2015 11:24:04 +0800 Subject: [PATCH 30/37] chagne readme.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 272e7d2..c976018 100644 --- a/README.md +++ b/README.md @@ -134,8 +134,8 @@ A lot of work is happening in academia and industry on tools to perform dynamic 2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) 3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) 4. [Admire](http://admire.necst.it/) -5. [MalGenome](http://www.malgenomeproject.org/policy.html) - maintained by Yajin Zhou(North Carolina State University),contains 1260 malware samples categorized into 49 different malware families,free for research purpose. -6. [VirusTotal Malware Intelligence Service](https://www.virustotal.com/en/about/terms-of-service/) - powered by ViusTotal,not free +5. [MalGenome](http://www.malgenomeproject.org/policy.html) - contains 1260 malware samples categorized into 49 different malware families, free for research purpose. +6. [VirusTotal Malware Intelligence Service](https://www.virustotal.com/en/about/contact/) - powered by VirusTotal,not free ## Reading material From df675d8ea50d1637ebbb93993e334fad3c52c883 Mon Sep 17 00:00:00 2001 From: masbog Date: Sat, 5 Dec 2015 21:06:10 +0700 Subject: [PATCH 31/37] Update smali url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2956f8a..e570525 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 4. [APKInspector](https://github.com/honeynet/apkinspector/) 5. [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm) 6. [Several tools from PSU](http://siis.cse.psu.edu/tools.html) -7. [Smali CFG generator](http://code.google.com/p/smali-cfgs/) +7. [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs) 8. [FlowDroid](http://sseblog.ec-spride.de/tools/flowdroid/) 9. [Android Decompiler](https://www.pnfsoftware.com/) – not free 10. [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis From 39fbd9dd969cd48234347d055dfdca0c7b02b008 Mon Sep 17 00:00:00 2001 From: Ashish Bhatia Date: Mon, 21 Dec 2015 01:11:26 -0800 Subject: [PATCH 32/37] Added .travis.yml --- .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..310fd20 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,7 @@ +language: ruby +rvm: + - 2.2 +before_script: + - gem install awesome_bot +script: + - awesome_bot README.md From 48cadfdc6b5d0e3325b2cae4a28bbfa56a372f29 Mon Sep 17 00:00:00 2001 From: jiezhi <917603573@qq.com> Date: Mon, 28 Dec 2015 11:49:38 +0800 Subject: [PATCH 33/37] format sequence number --- README.md | 195 +++++++++++++++++++++++++++--------------------------- 1 file changed, 99 insertions(+), 96 deletions(-) diff --git a/README.md b/README.md index 54749d7..80ce3e8 100644 --- a/README.md +++ b/README.md @@ -9,25 +9,29 @@ A lot of work is happening in academia and industry on tools to perform dynamic ## ONLINE ANALYZERS 1. [AndroTotal](http://andrototal.org/) -2. [Anubis](http://anubis.iseclab.org/) -3. [App 360 scan](http://www.app360scan.com/) -4. [CopperDroid](http://copperdroid.isg.rhul.ac.uk/copperdroid/) -6. [Dexter](https://dexter.bluebox.com/) -7. [Foresafe](http://www.foresafe.com/scan) -8. [Mobile app insight](http://www.mobile-app-insight.org) -9. [Mobile-Sandbox](http://mobile-sandbox.com) -10. [Sandroid](http://sanddroid.xjtu.edu.cn/) -11. [Tracedroid](http://tracedroid.few.vu.nl/) -12. [Visual Threat](http://www.visualthreat.com/) -13. [Android Sandbox](http://www.androidsandbox.net/) -14. [Mobile Malware Sandbox](http://www.mobilemalware.com.br/analysis/index_en.php) -15. [MobiSec Eacus](http://www.mobiseclab.org/eacus.jsp) -15. [IBM Security AppScan Mobile Analyzer](https://appscan.bluemix.net/mobileAnalyzer) - not free -16. [NVISO ApkScan](http://apkscan.nviso.be/) -17. [AVC UnDroid](http://www.av-comparatives.org/avc-analyzer/) -18. [Ijiami (Chinese)](http://safe.ijiami.cn/) -14. [Stowaway](http://www.android-permissions.org/) – seems to be dead now -15. [Comdroid](http://www.comdroid.org/) - seems to be dead now +* [Anubis](http://anubis.iseclab.org/) +* [App 360 scan](http://www.app360scan.com/) +* [CopperDroid](http://copperdroid.isg.rhul.ac.uk/copperdroid/) +* [Dexter](https://dexter.bluebox.com/) +* [Foresafe](http://www.foresafe.com/scan) +* [Mobile app insight](http://www.mobile-app-insight.org) +* [Mobile-Sandbox](http://mobile-sandbox.com) +* [Sandroid](http://sanddroid.xjtu.edu.cn/) +* [Tracedroid](http://tracedroid.few.vu.nl/) +* [Visual Threat](http://www.visualthreat.com/) +* [Android Sandbox](http://www.androidsandbox.net/) +* [Mobile Malware Sandbox](http://www.mobilemalware.com.br/analysis/index_en.php) +* [MobiSec Eacus](http://www.mobiseclab.org/eacus.jsp) +* [IBM Security AppScan Mobile Analyzer](https://appscan.bluemix.net/mobileAnalyzer) - not free +* [NVISO ApkScan](http://apkscan.nviso.be/) +* [AVC UnDroid](http://www.av-comparatives.org/avc-analyzer/) +* [Ijiami](http://safe.ijiami.cn/) +* [Stowaway](http://www.android-permissions.org/) – seems to be dead now +* [Comdroid](http://www.comdroid.org/) - seems to be dead now +* [Fireeye](https://fireeye.ijinshan.com/)- max 60MB +* [habo](http://habo.qq.com/) +* [Virustotal](https://www.virustotal.com/)-max 128MB + ## STATIC ANALYSIS TOOLS @@ -50,70 +54,70 @@ A lot of work is happening in academia and industry on tools to perform dynamic ## DYNAMIC ANALYSIS TOOLS 1. [Android DBI frameowork](http://www.mulliner.org/blog/blosxom.cgi/security/androiddbiv02.html) -2. [Android Malware Analysis Toolkit](http://www.mobilemalware.com.br/amat/download.html) - (linux distro) Earlier it use to be an [online analyzer](http://dunkelheit.com.br/amat/analysis/index_en.html) -5. [AppUse](https://appsec-labs.com/AppUse) – custom build for pentesting -7. [Cobradroid](http://thecobraden.com/projects/cobradroid/) – custom image for malware analysis -8. [ViaLab Community Edition](https://viaforensics.com/product-updates/introducing-vialab-community-edition.html) -9. [Droidbox](http://code.google.com/p/droidbox/) -10. [Mercury](http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/) -11. [Drozer](https://labs.mwrinfosecurity.com/tools/drozer/) -12. [Taintdroid](http://appanalysis.org/download.html) - requires AOSP compilation -13. [Xposed](http://forum.xda-developers.com/showthread.php?t=1574401) - equivalent of doing Stub based code injection but without any modifications to the binary -15. [Android Hooker](https://github.com/AndroidHooker/hooker) - API Hooking of java methods triggered by any Android application (requires the Substrate Framework) -16. [Android tamer](https://androidtamer.com/) - custom image -17. [Droidscope](https://code.google.com/p/decaf-platform/wiki/DroidScope) - custom image for dynamic analysis -18. [CuckooDroid](https://github.com/idanr1986/cuckoo-droid) - Android extension for Cuckoo sandbox -19. [Mem](https://github.com/MobileForensicsResearch/mem) - Memory analysis of Android (root required) -16. [Crowdroid](http://www.ida.liu.se/labs/rtslab/publications/2011/spsm11-burguera.pdf) – unable to find the actual tool -16. [AuditdAndroid](https://github.com/nwhusted/AuditdAndroid) – android port of auditd, not under active development anymore -16. [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore -18. [Android Reverse Engineering](https://redmine.honeynet.org/projects/are/wiki) – ARE (android reverse engineering) not under active development anymore -16. [Aurasium](https://github.com/xurubin/aurasium) – Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor. -17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) -18. -18. [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. -19. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. -20. [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete +* [Android Malware Analysis Toolkit](http://www.mobilemalware.com.br/amat/download.html) - (linux distro) Earlier it use to be an [online analyzer](http://dunkelheit.com.br/amat/analysis/index_en.html) +* [AppUse](https://appsec-labs.com/AppUse) – custom build for pentesting +* [Cobradroid](http://thecobraden.com/projects/cobradroid/) – custom image for malware analysis +* [ViaLab Community Edition](https://viaforensics.com/product-updates/introducing-vialab-community-edition.html) +* [Droidbox](http://code.google.com/p/droidbox/) +* [Mercury](http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/) +* [Drozer](https://labs.mwrinfosecurity.com/tools/drozer/) +* [Taintdroid](http://appanalysis.org/download.html) - requires AOSP compilation +* [Xposed](http://forum.xda-developers.com/showthread.php?t=1574401) - equivalent of doing Stub based code injection but without any modifications to the binary +* [Android Hooker](https://github.com/AndroidHooker/hooker) - API Hooking of java methods triggered by any Android application (requires the Substrate Framework) +* [Android tamer](https://androidtamer.com/) - custom image +* [Droidscope](https://code.google.com/p/decaf-platform/wiki/DroidScope) - custom image for dynamic analysis +* [CuckooDroid](https://github.com/idanr1986/cuckoo-droid) - Android extension for Cuckoo sandbox +* [Mem](https://github.com/MobileForensicsResearch/mem) - Memory analysis of Android (root required) +* [Crowdroid](http://www.ida.liu.se/labs/rtslab/publications/2011/spsm11-burguera.pdf) – unable to find the actual tool +* [AuditdAndroid](https://github.com/nwhusted/AuditdAndroid) – android port of auditd, not under active development anymore +* [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore +* [Android Reverse Engineering](https://redmine.honeynet.org/projects/are/wiki) – ARE (android reverse engineering) not under active development anymore +* [Aurasium](https://github.com/xurubin/aurasium) – Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor. +* [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) +* +* [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. +* [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. +* [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete ## REVERSE ENGINEERING 1. [Smali/Baksmali](http://code.google.com/p/smali/) – apk decompilation -3. [emacs syntax coloring for smali files](https://github.com/strazzere/Emacs-Smali) -4. [vim syntax coloring for smali files](http://codetastrophe.com/smali.vim) -5. [AndBug](https://github.com/swdunlop/AndBug) -6. [Androguard](https://github.com/androguard/androguard) – powerful, integrates well with other tools -7. [Apktool](http://code.google.com/p/android-apktool/) – really useful for compilation/decompilation (uses smali) -8. [Android Framework for Exploitation](https://github.com/xysec/AFE) -9. [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks) -10. [Android OpenDebug](https://github.com/iSECPartners/Android-OpenDebug) – make any application on device debuggable (using cydia substrate). -11. [Dare](http://siis.cse.psu.edu/dare/index.html) – .dex to .class converter -12. [Dex2Jar](http://code.google.com/p/dex2jar/) - dex to jar converter -13. [Enjarify](https://github.com/google/enjarify) - dex to jar converter from Google -13. [Dedexer](http://dedexer.sourceforge.net) -14. [Fino](https://github.com/sysdream/fino) -15. [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit -17. [IntentSniffer](https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx) -18. [Introspy](https://github.com/iSECPartners/Introspy-Android) -19. [Jad]( http://www.varaneckas.com/jad) - Java decompiler -20. [JD-GUI](https://github.com/java-decompiler/jd-gui) - Java decompiler -21. [CFR](http://www.benf.org/other/cfr/) - Java decompiler -22. [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler -23. [Procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - Java decompiler -24. [FernFlower](https://github.com/fesh0r/fernflower) - Java decompiler -21. [Redexer](https://github.com/plum-umd/redexer) – apk manipulation -22. [Smali viewer](http://blog.avlyun.com/wp-content/uploads/2014/04/SmaliViewer.zip) -23. [ZjDroid](https://github.com/BaiduSecurityLabs/ZjDroid) (no longer available), [fork/mirror](https://github.com/yangbean9/ZjDroid) -24. [Simplify Android deobfuscator](https://github.com/CalebFenton/simplify) -25. [Bytecode viewer](https://github.com/Konloch/bytecode-viewer) -26. [Krakatau](https://github.com/Storyyeller/Krakatau) +* [emacs syntax coloring for smali files](https://github.com/strazzere/Emacs-Smali) +* [vim syntax coloring for smali files](http://codetastrophe.com/smali.vim) +* [AndBug](https://github.com/swdunlop/AndBug) +* [Androguard](https://github.com/androguard/androguard) – powerful, integrates well with other tools +* [Apktool](http://code.google.com/p/android-apktool/) – really useful for compilation/decompilation (uses smali) +* [Android Framework for Exploitation](https://github.com/xysec/AFE) +* [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks) +* [Android OpenDebug](https://github.com/iSECPartners/Android-OpenDebug) – make any application on device debuggable (using cydia substrate). +* [Dare](http://siis.cse.psu.edu/dare/index.html) – .dex to .class converter +* [Dex2Jar](http://code.google.com/p/dex2jar/) - dex to jar converter +* [Enjarify](https://github.com/google/enjarify) - dex to jar converter from Google +* [Dedexer](http://dedexer.sourceforge.net) +* [Fino](https://github.com/sysdream/fino) +* [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit +* [IntentSniffer](https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx) +* [Introspy](https://github.com/iSECPartners/Introspy-Android) +* [Jad]( http://www.varaneckas.com/jad) - Java decompiler +* [JD-GUI](https://github.com/java-decompiler/jd-gui) - Java decompiler +* [CFR](http://www.benf.org/other/cfr/) - Java decompiler +* [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler +* [Procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - Java decompiler +* [FernFlower](https://github.com/fesh0r/fernflower) - Java decompiler +* [Redexer](https://github.com/plum-umd/redexer) – apk manipulation +* [Smali viewer](http://blog.avlyun.com/wp-content/uploads/2014/04/SmaliViewer.zip) +* [ZjDroid](https://github.com/BaiduSecurityLabs/ZjDroid) (no longer available), [fork/mirror](https://github.com/yangbean9/ZjDroid) +* [Simplify Android deobfuscator](https://github.com/CalebFenton/simplify) +* [Bytecode viewer](https://github.com/Konloch/bytecode-viewer) +* [Krakatau](https://github.com/Storyyeller/Krakatau) ## FUZZ TESTING 1. [IntentFuzzer](https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx) -2. [Radamsa Fuzzer](https://github.com/anestisb/radamsa-android) -3. [Honggfuzz](https://github.com/google/honggfuzz) -4. [An Android port of the melkor ELF fuzzer](https://github.com/anestisb/melkor-android) -5. [Media Fuzzing Framework for Android](https://github.com/fuzzing/MFFA) +* [Radamsa Fuzzer](https://github.com/anestisb/radamsa-android) +* [Honggfuzz](https://github.com/google/honggfuzz) +* [An Android port of the melkor ELF fuzzer](https://github.com/anestisb/melkor-android) +* [Media Fuzzing Framework for Android](https://github.com/fuzzing/MFFA) ##APP REPACKAGING DETECTORS @@ -123,43 +127,43 @@ A lot of work is happening in academia and industry on tools to perform dynamic 1. [Vulnerability Google doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html) -2. [Root Exploits (from Drozer issue +* [Root Exploits (from Drozer issue #56)](https://github.com/mwrlabs/drozer/issues/56) ## SAMPLE SOURCES 1. [contagio mini dump](http://contagiominidump.blogspot.com) -2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) -3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) -4. [Admire](http://admire.necst.it/) +* [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) +* [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) +* [Admire](http://admire.necst.it/) ## Reading material 1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html) -2. [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) -3. [A good collection of static analysis papers](http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) +* [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) +* [A good collection of static analysis papers](http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) ## MARKET CRAWLERS 1. [Google play crawler (Java)](https://github.com/Akdeniz/google-play-crawler) -2. [Google play crawler (Python)](https://github.com/egirault/googleplay-api) -2. [Google play crawler (Node) ](https://github.com/dweinstein/node-google-play) - get app details and download apps from official Google Play Store. -3. [Aptoide downloader (Node)](https://github.com/dweinstein/node-aptoide) - download apps from Aptoide third-party Android market -4. [Appland downloader (Node)](https://github.com/dweinstein/node-appland) - download apps from Appland third-party Android market +* [Google play crawler (Python)](https://github.com/egirault/googleplay-api) +* [Google play crawler (Node) ](https://github.com/dweinstein/node-google-play) - get app details and download apps from official Google Play Store. +* [Aptoide downloader (Node)](https://github.com/dweinstein/node-aptoide) - download apps from Aptoide third-party Android market +* [Appland downloader (Node)](https://github.com/dweinstein/node-appland) - download apps from Appland third-party Android market ## MISC TOOLS 1. [smalihook](http://androidcracking.blogspot.com/2011/03/original-smalihook-java-source.html) -2. [APK-Downloader](http://codekiem.com/2012/02/24/apk-downloader/) -3. [AXMLPrinter2](http://code.google.com/p/android4me/downloads/detail?name=AXMLPrinter2.jar) - to convert binary XML files to human-readable XML files -5. [adb autocomplete](https://romannurik-code.googlecode.com/git/bash_completion/adb) -6. [Dalvik opcodes](http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html) -7. [Opcodes table for quick reference](http://xchg.info/corkami/opcodes_tables.pdf) -9. [ExploitMe](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice -10. [GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) - for practice -11. [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice -12. [mitmproxy](https://github.com/mitmproxy/mitmproxy) -13. [dockerfile/androguard](https://github.com/dweinstein/dockerfile-androguard) +* [APK-Downloader](http://codekiem.com/2012/02/24/apk-downloader/) +* [AXMLPrinter2](http://code.google.com/p/android4me/downloads/detail?name=AXMLPrinter2.jar) - to convert binary XML files to human-readable XML files +* [adb autocomplete](https://romannurik-code.googlecode.com/git/bash_completion/adb) +* [Dalvik opcodes](http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html) +* [Opcodes table for quick reference](http://xchg.info/corkami/opcodes_tables.pdf) +* [ExploitMe](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice +* [GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) - for practice +* [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice +* [mitmproxy](https://github.com/mitmproxy/mitmproxy) +* [dockerfile/androguard](https://github.com/dweinstein/dockerfile-androguard) # Other Awesome Lists Other amazingly awesome lists can be found in the @@ -167,4 +171,3 @@ Other amazingly awesome lists can be found in the # Contributing Your contributions are always welcome! - From 84fdb86a4980b96ecd001828d5306d5a541cbb3f Mon Sep 17 00:00:00 2001 From: jiezhi <917603573@qq.com> Date: Mon, 28 Dec 2015 15:37:07 +0800 Subject: [PATCH 34/37] add limit of habo and fire eye --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b21e270..32cf679 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,8 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [Ijiami](http://safe.ijiami.cn/) * [Stowaway](http://www.android-permissions.org/) – seems to be dead now * [Comdroid](http://www.comdroid.org/) - seems to be dead now -* [Fireeye](https://fireeye.ijinshan.com/)- max 60MB -* [habo](http://habo.qq.com/) +* [Fireeye](https://fireeye.ijinshan.com/)- max 60MB 15/day +* [habo](http://habo.qq.com/) 10/day * [Virustotal](https://www.virustotal.com/)-max 128MB From 34b749bf11a92710471406bff08e0b554183f518 Mon Sep 17 00:00:00 2001 From: jiezhi <917603573@qq.com> Date: Mon, 28 Dec 2015 15:45:42 +0800 Subject: [PATCH 35/37] fix conflict --- README.md | 137 ++---------------------------------------------------- 1 file changed, 3 insertions(+), 134 deletions(-) diff --git a/README.md b/README.md index 32cf679..d4d0404 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic ## ONLINE ANALYZERS 1. [AndroTotal](http://andrototal.org/) -<<<<<<< HEAD * [Anubis](http://anubis.iseclab.org/) * [App 360 scan](http://www.app360scan.com/) * [CopperDroid](http://copperdroid.isg.rhul.ac.uk/copperdroid/) @@ -50,53 +49,17 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications * [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. * [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) -* [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues -======= -2. [Anubis](http://anubis.iseclab.org/) -3. [App 360 scan](http://www.app360scan.com/) -4. [CopperDroid](http://copperdroid.isg.rhul.ac.uk/copperdroid/) -6. [Dexter](http://dexter.dexlabs.org/) -7. [Foresafe](http://www.foresafe.com/scan) -8. [Mobile app insight](http://www.mobile-app-insight.org) -9. [Mobile-Sandbox](http://mobile-sandbox.com) -10. [Sandroid](http://sanddroid.xjtu.edu.cn/) -11. [Tracedroid](http://tracedroid.few.vu.nl/) -12. [Visual Threat](http://www.visualthreat.com/) -13. [Android Sandbox](http://www.androidsandbox.net/) -14. [Mobile Malware Sandbox](http://www.mobilemalware.com.br/analysis/index_en.php) -15. [MobiSec Eacus](http://www.mobiseclab.org/eacus.jsp) -15. [IBM Security AppScan Mobile Analyzer](https://appscan.bluemix.net/mobileAnalyzer) - not free -16. [NVISO ApkScan](https://apkscan.nviso.be/) -17. [AVC UnDroid](http://www.av-comparatives.org/avc-analyzer/) -14. [Stowaway](http://www.android-permissions.org/) – seems to be dead now -15. [Comdroid](http://www.comdroid.org/) - seems to be dead now -## STATIC ANALYSIS TOOLS -2. [Androwarn](https://github.com/maaaaz/androwarn/) -3. [ApkAnalyser](https://github.com/sonyxperiadev/ApkAnalyser) -4. [APKInspector](https://github.com/honeynet/apkinspector/) -5. [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm) -6. [Several tools from PSU](http://siis.cse.psu.edu/tools.html) -7. [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs) -8. [FlowDroid](http://sseblog.ec-spride.de/tools/flowdroid/) -9. [Android Decompiler](https://www.pnfsoftware.com/) – not free -10. [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis -11. [Amandroid](http://amandroid.sireum.org/) -12. [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis -13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications -14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. -15. [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) ## APP VULNERABILITY SCANNERS 1. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues -2. [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework) ->>>>>>> ashishb/master +* [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework) + ## DYNAMIC ANALYSIS TOOLS 1. [Android DBI frameowork](http://www.mulliner.org/blog/blosxom.cgi/security/androiddbiv02.html) -<<<<<<< HEAD * [Android Malware Analysis Toolkit](http://www.mobilemalware.com.br/amat/download.html) - (linux distro) Earlier it use to be an [online analyzer](http://dunkelheit.com.br/amat/analysis/index_en.html) * [AppUse](https://appsec-labs.com/AppUse) – custom build for pentesting * [Cobradroid](http://thecobraden.com/projects/cobradroid/) – custom image for malware analysis @@ -121,39 +84,10 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. * [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. * [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete -======= -2. [Android Malware Analysis Toolkit](http://www.mobilemalware.com.br/amat/download.html) - (linux distro) Earlier it use to be an [online analyzer](http://dunkelheit.com.br/amat/analysis/index_en.html) -5. [AppUse](https://appsec-labs.com/AppUse/) – custom build for pentesting -7. [Cobradroid](https://www.thecobraden.com/projects/cobradroid/) – custom image for malware analysis -8. [ViaLab Community Edition](https://www.nowsecure.com/product-updates/introducing-vialab-community-edition.html%23viaforensics) -9. [Droidbox](http://code.google.com/p/droidbox/) -10. [Mercury](http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/) -11. [Drozer](https://www.mwrinfosecurity.com/products/drozer/) -12. [Taintdroid](http://appanalysis.org/download.html) - requires AOSP compilation -13. [Xposed](http://forum.xda-developers.com/showthread.php?t=1574401) - equivalent of doing Stub based code injection but without any modifications to the binary -15. [Android Hooker](https://github.com/AndroidHooker/hooker) - API Hooking of java methods triggered by any Android application (requires the Substrate Framework) -16. [Android tamer](https://androidtamer.com/) - custom image -17. [Droidscope](https://code.google.com/p/decaf-platform/wiki/DroidScope) - custom image for dynamic analysis -18. [CuckooDroid](https://github.com/idanr1986/cuckoo-droid) - Android extension for Cuckoo sandbox -19. [Mem](https://github.com/MobileForensicsResearch/mem) - Memory analysis of Android (root required) -16. [Crowdroid](http://www.ida.liu.se/labs/rtslab/publications/2011/spsm11-burguera.pdf) – unable to find the actual tool -16. [AuditdAndroid](https://github.com/nwhusted/AuditdAndroid) – android port of auditd, not under active development anymore -16. [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore -18. [Android Reverse Engineering](https://redmine.honeynet.org/projects/are/wiki) – ARE (android reverse engineering) not under active development anymore -19. [Ijiami (Chinese)](http://safe.ijiami.cn/) - seems dead now -16. [Aurasium](http://www.aurasium.com/) – rewrites the android app to add security policy, seems dead now -17. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms) -18. -18. [Appie](https://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. -19. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. -20. [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete -21. [Vezir Project](https://github.com/oguzhantopgul/Vezir-Project) - Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis ->>>>>>> ashishb/master ## REVERSE ENGINEERING 1. [Smali/Baksmali](http://code.google.com/p/smali/) – apk decompilation -<<<<<<< HEAD * [emacs syntax coloring for smali files](https://github.com/strazzere/Emacs-Smali) * [vim syntax coloring for smali files](http://codetastrophe.com/smali.vim) * [AndBug](https://github.com/swdunlop/AndBug) @@ -190,44 +124,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [Honggfuzz](https://github.com/google/honggfuzz) * [An Android port of the melkor ELF fuzzer](https://github.com/anestisb/melkor-android) * [Media Fuzzing Framework for Android](https://github.com/fuzzing/MFFA) -======= -3. [emacs syntax coloring for smali files](https://github.com/strazzere/Emacs-Smali) -4. [vim syntax coloring for smali files](http://codetastrophe.com/smali.vim) -5. [AndBug](https://github.com/swdunlop/AndBug) -6. [Androguard](https://github.com/androguard/androguard) – powerful, integrates well with other tools -7. [Apktool](http://code.google.com/p/android-apktool/) – really useful for compilation/decompilation (uses smali) -8. [Android Framework for Exploitation](https://github.com/appknox/AFE) -9. [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks) -10. [Android OpenDebug](https://github.com/iSECPartners/Android-OpenDebug) – make any application on device debuggable (using cydia substrate). -11. [Dare](http://siis.cse.psu.edu/dare/index.html) – .dex to .class converter -12. [Dex2Jar](https://github.com/pxb1988/dex2jar) - dex to jar converter -13. [Enjarify](https://github.com/google/enjarify) - dex to jar converter from Google -13. [Dedexer](http://dedexer.sourceforge.net) -14. [Fino](https://github.com/sysdream/fino) -15. [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit -17. [IntentSniffer](https://www.nccgroup.trust/us/about-us/resources/intent-sniffer/) -18. [Introspy](https://github.com/iSECPartners/Introspy-Android) -19. [Jad]( http://varaneckas.com/jad/) - Java decompiler -20. [JD-GUI](https://github.com/java-decompiler/jd-gui) - Java decompiler -21. [CFR](http://www.benf.org/other/cfr/) - Java decompiler -22. [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler -23. [Procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - Java decompiler -24. [FernFlower](https://github.com/fesh0r/fernflower) - Java decompiler -21. [Redexer](https://github.com/plum-umd/redexer) – apk manipulation -22. [Smali viewer](http://blog.avlyun.com/wp-content/uploads/2014/04/SmaliViewer.zip) -23. [ZjDroid](https://github.com/BaiduSecurityLabs/ZjDroid) (no longer available), [fork/mirror](https://github.com/yangbean9/ZjDroid) -24. [Simplify Android deobfuscator](https://github.com/CalebFenton/simplify) -25. [Bytecode viewer](https://github.com/Konloch/bytecode-viewer) -26. [Krakatau](https://github.com/Storyyeller/Krakatau) - -## FUZZ TESTING - -1. [IntentFuzzer](https://www.nccgroup.trust/us/about-us/resources/intent-fuzzer/) -2. [Radamsa Fuzzer](https://github.com/anestisb/radamsa-android) -3. [Honggfuzz](https://github.com/google/honggfuzz) -4. [An Android port of the melkor ELF fuzzer](https://github.com/anestisb/melkor-android) -5. [Media Fuzzing Framework for Android](https://github.com/fuzzing/MFFA) ->>>>>>> ashishb/master ##APP REPACKAGING DETECTORS @@ -244,7 +140,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic ## SAMPLE SOURCES 1. [contagio mini dump](http://contagiominidump.blogspot.com) -<<<<<<< HEAD * [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) * [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) * [Admire](http://admire.necst.it/) @@ -254,19 +149,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic 1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html) * [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) * [A good collection of static analysis papers](http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) -======= -2. [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) -3. [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) -4. [Admire](http://admire.necst.it/) -5. [MalGenome](http://www.malgenomeproject.org/policy.html) - contains 1260 malware samples categorized into 49 different malware families, free for research purpose. -6. [VirusTotal Malware Intelligence Service](https://www.virustotal.com/en/about/contact/) - powered by VirusTotal,not free - -## Reading material - -1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html) -2. [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) -3. [A good collection of static analysis papers](https://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) ->>>>>>> ashishb/master ## MARKET CRAWLERS @@ -279,7 +161,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic ## MISC TOOLS 1. [smalihook](http://androidcracking.blogspot.com/2011/03/original-smalihook-java-source.html) -<<<<<<< HEAD * [APK-Downloader](http://codekiem.com/2012/02/24/apk-downloader/) * [AXMLPrinter2](http://code.google.com/p/android4me/downloads/detail?name=AXMLPrinter2.jar) - to convert binary XML files to human-readable XML files * [adb autocomplete](https://romannurik-code.googlecode.com/git/bash_completion/adb) @@ -290,19 +171,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice * [mitmproxy](https://github.com/mitmproxy/mitmproxy) * [dockerfile/androguard](https://github.com/dweinstein/dockerfile-androguard) -======= -2. [APK-Downloader](http://codekiem.com/2012/02/24/apk-downloader/) -3. [AXMLPrinter2](http://code.google.com/p/android4me/downloads/detail?name=AXMLPrinter2.jar) - to convert binary XML files to human-readable XML files -5. [adb autocomplete](https://romannurik-code.googlecode.com/git/bash_completion/adb) -6. [Dalvik opcodes](http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html) -7. [Opcodes table for quick reference](http://www.xchg.info/corkami/opcodes_tables.pdf) -9. [ExploitMe](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice -10. [GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) - for practice -11. [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice -12. [mitmproxy](https://github.com/mitmproxy/mitmproxy) -13. [dockerfile/androguard](https://github.com/dweinstein/dockerfile-androguard) -14. [Android Vulnerability Test Suite](https://github.com/nowsecure/android-vts) - android-vts scans a device for set of vulnerabilities ->>>>>>> ashishb/master +* [Android Vulnerability Test Suite](https://github.com/nowsecure/android-vts) - android-vts scans a device for set of vulnerabilities # Other Awesome Lists Other amazingly awesome lists can be found in the From 8542fc57da3c8c9b3bf570f22e85d372ba7b67de Mon Sep 17 00:00:00 2001 From: jiezhi <917603573@qq.com> Date: Mon, 28 Dec 2015 16:05:55 +0800 Subject: [PATCH 36/37] Fix info lost from merge --- README.md | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index d4d0404..71d1472 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,6 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [habo](http://habo.qq.com/) 10/day * [Virustotal](https://www.virustotal.com/)-max 128MB - ## STATIC ANALYSIS TOOLS 1. [Androwarn](https://github.com/maaaaz/androwarn/) - detect and warn the user about potential malicious behaviours developped by an Android application. @@ -50,13 +49,10 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc. * [SPARTA](http://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](http://checkerframework.org/) - - ## APP VULNERABILITY SCANNERS 1. [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues * [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework) - ## DYNAMIC ANALYSIS TOOLS 1. [Android DBI frameowork](http://www.mulliner.org/blog/blosxom.cgi/security/androiddbiv02.html) @@ -84,6 +80,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [Appie](http://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines. * [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. * [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete +* [Vezir Project](https://github.com/oguzhantopgul/Vezir-Project) - Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis ## REVERSE ENGINEERING @@ -93,16 +90,16 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [AndBug](https://github.com/swdunlop/AndBug) * [Androguard](https://github.com/androguard/androguard) – powerful, integrates well with other tools * [Apktool](http://code.google.com/p/android-apktool/) – really useful for compilation/decompilation (uses smali) -* [Android Framework for Exploitation](https://github.com/xysec/AFE) +* [Android Framework for Exploitation](https://github.com/appknox/AFE) * [Bypass signature and permission checks for IPCs](https://github.com/iSECPartners/Android-KillPermAndSigChecks) * [Android OpenDebug](https://github.com/iSECPartners/Android-OpenDebug) – make any application on device debuggable (using cydia substrate). * [Dare](http://siis.cse.psu.edu/dare/index.html) – .dex to .class converter -* [Dex2Jar](http://code.google.com/p/dex2jar/) - dex to jar converter +* [Dex2Jar](https://github.com/pxb1988/dex2jar) - dex to jar converter * [Enjarify](https://github.com/google/enjarify) - dex to jar converter from Google * [Dedexer](http://dedexer.sourceforge.net) * [Fino](https://github.com/sysdream/fino) * [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit -* [IntentSniffer](https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx) +* [IntentSniffer](https://www.nccgroup.trust/us/about-us/resources/intent-sniffer/) * [Introspy](https://github.com/iSECPartners/Introspy-Android) * [Jad]( http://www.varaneckas.com/jad) - Java decompiler * [JD-GUI](https://github.com/java-decompiler/jd-gui) - Java decompiler @@ -119,7 +116,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic ## FUZZ TESTING -1. [IntentFuzzer](https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx) +1. [IntentFuzzer](https://www.nccgroup.trust/us/about-us/resources/intent-fuzzer/) * [Radamsa Fuzzer](https://github.com/anestisb/radamsa-android) * [Honggfuzz](https://github.com/google/honggfuzz) * [An Android port of the melkor ELF fuzzer](https://github.com/anestisb/melkor-android) @@ -133,9 +130,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 1. [Vulnerability Google doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html) -* [Root Exploits (from Drozer issue - #56)](https://github.com/mwrlabs/drozer/issues/56) - +* [Root Exploits (from Drozer issue56)](https://github.com/mwrlabs/drozer/issues/56) ## SAMPLE SOURCES @@ -143,12 +138,14 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [Open Source database](http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares) * [Drebin](http://user.informatik.uni-goettingen.de/~darp/drebin/) * [Admire](http://admire.necst.it/) +* [MalGenome](http://www.malgenomeproject.org/policy.html) - contains 1260 malware samples categorized into 49 different malware families, free for research purpose. +* [VirusTotal Malware Intelligence Service](https://www.virustotal.com/en/about/contact/) - powered by VirusTotal,not free ## Reading material 1. [Android Security (and Not) Internals](http://www.zhauniarovich.com/pubs.html) * [Android security related presentations](https://github.com/jacobsoo/AndroidSlides) -* [A good collection of static analysis papers](http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) +* [A good collection of static analysis papers](https://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/) ## MARKET CRAWLERS @@ -165,7 +162,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [AXMLPrinter2](http://code.google.com/p/android4me/downloads/detail?name=AXMLPrinter2.jar) - to convert binary XML files to human-readable XML files * [adb autocomplete](https://romannurik-code.googlecode.com/git/bash_completion/adb) * [Dalvik opcodes](http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html) -* [Opcodes table for quick reference](http://xchg.info/corkami/opcodes_tables.pdf) +* [Opcodes table for quick reference](http://www.xchg.info/corkami/opcodes_tables.pdf) * [ExploitMe](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice * [GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) - for practice * [Android Labs](http://securitycompass.github.io/AndroidLabs/setup.html) - for practice From 7dd08593b958adaa42a8b5bb40f57f1f102ecd46 Mon Sep 17 00:00:00 2001 From: jiezhi <917603573@qq.com> Date: Mon, 28 Dec 2015 16:12:42 +0800 Subject: [PATCH 37/37] Fix some urls --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 71d1472..1876ba0 100644 --- a/README.md +++ b/README.md @@ -39,9 +39,9 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [APKInspector](https://github.com/honeynet/apkinspector/) * [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm) * [Several tools from PSU](http://siis.cse.psu.edu/tools.html) -* [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs/) +* [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs) * [FlowDroid](http://sseblog.ec-spride.de/tools/flowdroid/) -* [Android Decompiler](http://www.android-decompiler.com/) – not free +* [Android Decompiler](https://www.pnfsoftware.com/) – not free * [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis * [Amandroid](http://amandroid.sireum.org/) * [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis @@ -101,7 +101,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic * [Indroid](https://bitbucket.org/aseemjakhar/indroid) – thread injection kit * [IntentSniffer](https://www.nccgroup.trust/us/about-us/resources/intent-sniffer/) * [Introspy](https://github.com/iSECPartners/Introspy-Android) -* [Jad]( http://www.varaneckas.com/jad) - Java decompiler +* [Jad]( http://varaneckas.com/jad/) - Java decompiler * [JD-GUI](https://github.com/java-decompiler/jd-gui) - Java decompiler * [CFR](http://www.benf.org/other/cfr/) - Java decompiler * [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler @@ -130,7 +130,7 @@ A lot of work is happening in academia and industry on tools to perform dynamic 1. [Vulnerability Google doc](https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html) -* [Root Exploits (from Drozer issue56)](https://github.com/mwrlabs/drozer/issues/56) +* [Root Exploits (from Drozer issue #56)](https://github.com/mwrlabs/drozer/issues/56) ## SAMPLE SOURCES