FIXME **Le PAD pour proposer une amรฉlioration ร  cette page :** https://pad.zenk-security.com/p/merci ====== Android ====== **Documentation** ๐Ÿ›  awesome-mobile-security awesome https://github.com/vaib25vicky/awesome-mobile-security ๐Ÿ›  Mobile Application Penetration Testing Cheat Sheet https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet ๐Ÿ›  OWASP Mobile Security Testing Guide https://mobile-security.gitbook.io/mobile-security-testing-guide/ ๐Ÿ›  Android Hacking for BugBounty https://youtu.be/4h2XjIw16Dg **Metasploit generated APK file into another APK** ๐Ÿ›  A quick and dirty python script to embed a Metasploit generated APK file into another APK. https://github.com/yoda66/AndroidEmbedIT **Static Analysis** ๐Ÿ›  JD-GUI - https://github.com/java-decompiler/jd-gui - JD-GUI is a standalone graphical utility that displays Java source codes of โ€œ.classโ€ files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. ๐Ÿ›  Pidcat-ex - https://github.com/healthluck/pidcat-ex- Pidcat - Colored logcat script which only shows log entries for a specific application package. ๐Ÿ›  AndroBugs Framework - https://github.com/AndroBugs/AndroBugs_Framework- AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less than 2 minutes per scan in average) and more accurate. ๐Ÿ›  ApkTool - https://github.com/iBotPeaches/Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with an app easier because of project-like file structure and automation of some repetitive tasks like building apk, etc. ๐Ÿ›  Amandroid โ€“ A Static Analysis Framework](http://pag.arguslab.org/argus-saf) ๐Ÿ›  Androwarn โ€“ Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application](https://github.com/maaaaz/androwarn/) ๐Ÿ›  APK Analyzer โ€“ Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser) ๐Ÿ›  APK Inspector โ€“ A Powerful GUI Tool](https://github.com/honeynet/apkinspector/) ๐Ÿ›  Droid Hunter โ€“ Android application vulnerability analysis and Android pentest tool](https://github.com/hahwul/droid-hunter) ๐Ÿ›  Error Prone โ€“ Static Analysis Tool](https://github.com/google/error-prone) ๐Ÿ›  Findbugs โ€“ Find Bugs in Java Programs](http://findbugs.sourceforge.net/downloads.html) ๐Ÿ›  Find Security Bugs โ€“ A SpotBugs plugin for security audits of Java web applications.](https://github.com/find-sec-bugs/find-sec-bugs/) ๐Ÿ›  Flow Droid โ€“ FlowDroid data flow analysis tool. FlowDroid statically computes data flows in Android apps and Java programs. Its goal is to provide researchers and practitioners with a tool and library on which they can base their own research projects and product implementations](https://github.com/secure-software-engineering/FlowDroid) ๐Ÿ›  Smali/Baksmali โ€“ Assembler/Disassembler for the dex format](https://github.com/JesusFreke/smali) ๐Ÿ›  Smali-CFGs โ€“ Smali Control Flow Graphโ€™s](https://github.com/EugenioDelfa/Smali-CFGs) ๐Ÿ›  SPARTA โ€“ Static Program Analysis for Reliable Trusted Apps](https://www.cs.washington.edu/sparta) ๐Ÿ›  Thresher โ€“ To check heap reachability properties](https://plv.colorado.edu/projects/thresher/) ๐Ÿ›  Vector Attack Scanner โ€“ To search vulnerable points to attack](https://github.com/Sukelluskello/VectorAttackScanner) ๐Ÿ›  Gradle Static Analysis Plugin](https://github.com/novoda/gradle-static-analysis-plugin) ๐Ÿ›  Checkstyle โ€“ A tool for checking Java source code](https://github.com/checkstyle/checkstyle) ๐Ÿ›  PMD โ€“ An extensible multilanguage static code analyzer](https://github.com/pmd/pmd) ๐Ÿ›  Soot โ€“ A Java Optimization Framework](https://github.com/Sable/soot) ๐Ÿ›  Android Quality Starter](https://github.com/pwittchen/android-quality-starter) ๐Ÿ›  QARK โ€“ Tool to look for several security related Android application vulnerabilities](https://github.com/linkedin/qark) ๐Ÿ›  Infer โ€“ A Static Analysis tool for Java, C, C++ and Objective-C](https://github.com/facebook/infer) ๐Ÿ›  Android Check โ€“ Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check) ๐Ÿ›  FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea) **Dynamic Analysis** ๐Ÿ›  Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker) ๐Ÿ›  AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/) ๐Ÿ›  AppAudit - A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid) ๐Ÿ›  CuckooDroid - Extension of Cuckoo Sandbox the Open Source software](https://github.com/idanr1986/cuckoo-droid) ๐Ÿ›  DroidBox - Dynamic analysis of Android applications](https://code.google.com/p/droidbox/) ๐Ÿ›  Droid-FF - Android File Fuzzing Framework](https://github.com/antojoseph/droid-ff) ๐Ÿ›  Drozer](https://www.mwrinfosecurity.com/products/drozer/) ๐Ÿ›  Marvin - Analyzes Android applications and allows tracking of an app](https://github.com/programa-stic/marvin-django) ๐Ÿ›  Inspeckage](https://github.com/ac-pm/Inspeckage) ๐Ÿ›  PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid) ๐Ÿ›  AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b) ๐Ÿ›  Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2) ๐Ÿ›  Cutter - Free and Open Source RE Platform powered by radare2](https://cutter.re/) ๐Ÿ›  ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://github.com/Konloch/bytecode-viewer or https://bytecodeviewer.com/) ๐Ÿ›  Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) ๐Ÿ›  CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/) ๐Ÿ›  Magisk v20.2 - Root & Universal Systemless Interface](https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445) **Android Online APK Analyzers** ๐Ÿ›  [android-lint-summary](https://github.com/passy/android-lint-summary) - Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once. ๐Ÿ›  Welcome to Android Application Security Series. This series contains some blog post about different types of vulnerabilities which are possible in Android Applicationโ€™s and there exploitation methods. https://manifestsecurity.com/android-application-security/ ๐Ÿ›  ImmuniWebยฎ Mobile App Scanner - https://www.immuniweb.com/mobile/ - test security and privacy of mobile apps (iOS & Android). ๐Ÿ›  Quixxi - https://vulnerabilitytest.quixxi.com/ - free Mobile App Vulnerability Scanner for Android & iOS. ๐Ÿ›  Ostorlab - https://www.ostorlab.co/scan/mobile/ - analyzes mobile application to identify vulnerabilities and potential weaknesses.