From 982134f7bece91fd519e588d586e2de526a7c594 Mon Sep 17 00:00:00 2001 From: Vaibhav <35214224+vaib25vicky@users.noreply.github.com> Date: Fri, 3 Jan 2020 01:16:17 +0530 Subject: [PATCH] Update README.md --- README.md | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0212382..f755c93 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ * [General](#general) - * [Articles](#articles) * [An Android Hacking Primer](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0) * [Secure an Android Device](https://source.android.com/security) * [Security tips](https://developer.android.com/training/articles/security-tips) @@ -22,19 +21,94 @@ * [Pentesting Android Apps Using Frida](https://www.notsosecure.com/pentesting-android-apps-using-frida/) * [Mobile Security Testing Guide](https://mobile-security.gitbook.io/mobile-security-testing-guide/) * [Mobile Application Penetration Testing Cheat Sheet](https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet) - + * [ANDROID APPLICATIONS REVERSING 101](https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit) + * [Android Security Guidelines](https://developer.box.com/en/guides/security/) + * [Amandroid – A Static Analysis FrameworkA(http://pag.arguslab.org/argus-saf) + * [Androwarn – Yet Another Static Code Analyzer](https://github.com/maaaaz/androwarn/) + * [APK Analyzer – Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser) + * [APK Inspector – A Powerful GUI Tool](https://github.com/honeynet/apkinspector/)ndroid WebView Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/) + * [OWASP Mobile Top 10](https://www.owasp.org/index.php/OWASP_Mobile_Top_10) + * [Books](#books) +(https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md) +* [https://github.com/ashishb/android-security-awesome](https://github.com/ashishb/android-security-awesome) + * [SEI CERT Android Secure Coding Standard](https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard) * [Android Security Internals](https://www.oreilly.com/library/view/android-security-internals/9781457185496/) - * [Classes](#classes) + * [Courses](#courses) + * [Learning-Android-Security](https://www.lynda.com/Android-tutorials/Learning-Android-Security/689762-2.html) + * [Mobile Application Security and Penetration Testing](https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/) + * [Tools](#tools) * [Static Analysis] + * [Amandroid – A Static Analysis Framework](http://pag.arguslab.org/argus-saf) + * [Androwarn – Yet Another Static Code Analyzer](https://github.com/maaaaz/androwarn/) + * [APK Analyzer – Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser) + * [APK Inspector – A Powerful GUI Tool](https://github.com/honeynet/apkinspector/) + * [Droid Hunter – Android application vulnerability analysis and Android pentest tool](https://github.com/hahwul/droid-hunter) + * [Error Prone – Static Analysis Tool](https://github.com/google/error-prone) + * [Findbugs – Find Bugs in Java Programs](http://findbugs.sourceforge.net/downloads.html) + * [Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.](https://github.com/find-sec-bugs/find-sec-bugs/) + * [Flow Droid – Static Data Flow Tracker](https://github.com/secure-software-engineering/FlowDroid) + * [Smali/Baksmali – Assembler/Disassembler for the dex format](https://github.com/JesusFreke/smali) + * [Smali-CFGs – Smali Control Flow Graph’s](https://github.com/EugenioDelfa/Smali-CFGs) + * [SPARTA – Static Program Analysis for Reliable Trusted Apps](https://www.cs.washington.edu/sparta) + * [Thresher – To check heap reachability properties](https://plv.colorado.edu/projects/thresher/) + * [Vector Attack Scanner – To search vulnerable points to attack](https://github.com/Sukelluskello/VectorAttackScanner) + * [Gradle Static Analysis Plugin](https://github.com/novoda/gradle-static-analysis-plugin) + * [Checkstyle – A tool for checking Java source code](https://github.com/checkstyle/checkstyle) + * [PMD – An extensible multilanguage static code analyzer](https://github.com/pmd/pmd) + * [Soot – A Java Optimization Framework](https://github.com/Sable/soot) + * [Android Quality Starter](https://github.com/pwittchen/android-quality-starter) + * [QARK – Quick Android Review Kit](https://github.com/linkedin/qark) + * [Infer – A Static Analysis tool for Java, C, C++ and Objective-C](https://github.com/facebook/infer) + * [Android Check – Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check) + * [FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea) + + * [Dynamic Analysis] + * [Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker) + * [AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/) + * [AppAudit - A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid) + * [CuckooDroid - Extension of Cuckoo Sandbox the Open Source software](https://github.com/idanr1986/cuckoo-droid) + * [DroidBox - Dynamic analysis of Android applications](https://code.google.com/p/droidbox/) + * [Droid-FF - Android File Fuzzing Framework](https://github.com/antojoseph/droid-ff) + * [Drozer](https://www.mwrinfosecurity.com/products/drozer/) + * [Marvin - Analyzes Android applications and allows tracking of an app](https://github.com/programa-stic/marvin-django) + * [Inspeckage](https://github.com/ac-pm/Inspeckage) + * [PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid) * [] + * [AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b) + * [Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2) + * [ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://bytecodeviewer.com/) + * [Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) + * [CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/) + + * [Android Online APK Analyzers] + * [Android Observatory APK Scan](https://androidobservatory.org/upload) + * [Android APK Decompiler](http://www.decompileandroid.com/) + * [AndroTotal](http://andrototal.org/) + * [NVISO ApkScan](https://apkscan.nviso.be/) + * [VirusTotal](https://www.virustotal.com/#/home/upload) + * [Scan Your APK](https://scanyourapk.com/) + * [AVC Undroid](https://undroid.av-comparatives.org/index.php) + * [OPSWAT](https://metadefender.opswat.com/#!/) + * [ImmuniWeb Mobile App Scanner](https://www.htbridge.com/mobile/) + * [Ostor Lab](https://www.ostorlab.co/scan/mobile/) + * [Quixxi](https://quixxisecurity.com/) + * [TraceDroid](http://tracedroid.few.vu.nl/submit.php) + * [Visual Threat](http://www.visualthreat.com/UIupload.action) + * [App Critique](https://appcritique.boozallen.com/) + + * [Misc.] + * [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md) + * [android-security-awesome](https://github.com/ashishb/android-security-awesome) + + * [iOS](#iOS) * [General](#general) * [Articles](#articles)