mirror of
https://github.com/ashishb/android-security-awesome.git
synced 2024-12-24 22:25:25 +00:00
cc8f31fb21
Changes some google links to github links
8.2 KiB
8.2 KiB
android-security-awesome
A collection of android security related resources.
A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.
ONLINE ANALYZERS
- AndroTotal
- Anubis
- App 360 scan
- CopperDroid
- Comdroid
- Dexter
- Foresafe
- Mobile app insight
- Mobile-Sandbox
- Sandroid
- Tracedroid
- Visual Threat
- Android Sandbox
- Mobile Malware Sandbox
- Stowaway – seems to be dead now
STATIC ANALYSIS TOOLS
- Androwarn
- ApkAnalyser
- APKInspector
- Droid Intent Data Flow Analysis for Information Leakage
- Several tools from PSU
- Smali CFG generator
- FlowDroid
- Android Decompiler – not free
- PSCout - A tool that extracts the permission specification from the Android OS source code using static analysis
DYNAMIC ANALYSIS TOOLS
- Android DBI frameowork
- Android Malware Analysis Toolkit - (linux distro) Earlier it use to be an online analyzer
- AppUse – custom build for pentesting
- Cobradroid – custom image for malware analysis
- ViaLab Community Edition
- Droidbox
- Mercury
- Drozer
- Taintdroid - requires AOSP compilation
- Xposed - equivalent of doing Stub based code injection but without any modifications to the binary
- Android Hooker - API Hooking of java methods triggered by any Android application (requires the Substrate Framework)
- Android tamer - custom image
- Droidscope - custom image for dynamic analysis
- Crowdroid – unable to find the actual tool
- AuditdAndroid – android port of auditd, not under active development anymore
- Android Security Evaluation Framework - not under active development anymore
- Android Reverse Engineering – ARE (android reverse engineering) not under active development anymore
- Ijiami (Chinese) - seems dead now
- Aurasium – rewrites the android app to add security policy, seems dead now
- Android Linux Kernel modules
- Appie- Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines.
REVERSE ENGINEERING
- Smali/Baksmali – apk decompilation
- emacs syntax coloring for smali files
- vim syntax coloring for smali files
- AndBug
- Androguard – powerful, integrates well with other tools
- Apktool – really useful for compilation/decompilation (uses smali)
- Android Framework for Exploitation
- Bypass signature and permission checks for IPCs
- Android OpenDebug – make any application on device debuggable (using cydia substrate).
- Dare – .dex to .class converter
- Dex2Jar
- Dedexer
- Fino
- Indroid – thread injection kit
- IntentFuzzer
- IntentSniffer
- Introspy
- Jad - Java decompiler
- JD-GUI - Java decompiler
- CFR - Java decompiler
- Krakatau - Java decompiler
- Procyon - Java decompiler
- Redexer – apk manipulation
- Smali viewer
- ZjDroid (no longer available), fork/mirror
- Simplify Android deobfuscator
- Bytecode viewer
Exploitable Vulnerabilties
- Vulnerability Google doc
- [Root Exploits (from Drozer issue #56)(https://github.com/mwrlabs/drozer/issues/56)
SAMPLE SOURCES
MISC TOOLS/READINGS
- smalihook
- APK-Downloader
- AXMLPrinter2 - to convert binary XML files to human-readable XML files
- An Android port of the melkor ELF fuzzer
- adb autocomplete
- Dalvik opcodes
- Opcodes table for quick reference
- A good collection of static analysis papers
- ExploitMe - for practice
- GoatDroid - for practice
- Android Labs - for practice
- mitmproxy
- dockerfile/androguard
Other Awesome Lists
Other amazingly awesome lists can be found in the awesome-awesomeness list.
Contributing
Your contributions are always welcome!