Outils d'utilisateurs

Outils du Site


android

Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

android [2019/10/19 19:49]
m0n5t3r
android [2020/05/22 19:05] (Version actuelle)
M0N5T3R
Ligne 1: Ligne 1:
  
-**Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci+FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci
  
  
-🛠 [android-lint-summary](https://github.com/passy/android-lint-summary) - Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.+====== Android ======
  
-🛠 [FlowDroid](https://github.com/secure-software-engineering/soot-infoflow-android) - static taint analysis tool for Android applications 
  
-🛠 [paprika](https://github.com/GeoffreyHecht/paprika) - A toolkit to detect some code smells in analyzed Android applications.+**Documentation**
  
-🛠 [qark](https://github.com/linkedin/qark) Tool to look for several security related Android application vulnerabilities+🛠 awesome-mobile-security awesome https://github.com/vaib25vicky/awesome-mobile-security
  
  
  
-🛠 AndroBugs Framework AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less than 2 minutes per scan in average) and more accurate. +🛠 Mobile Application Penetration Testing Cheat Sheet https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet
-    Author: AndroBugs +
-    Author: GPLv3+
  
  
-🛠 Androguard Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !) +🛠 OWASP Mobile Security Testing Guide https://mobile-security.gitbook.io/mobile-security-testing-guide/
-Author: Anthony Desnos +
-License: Apache v2.0 +
-androapkinfo +
-androarsc +
-androauto +
-androaxml +
-androcsign +
-androdd +
-androdiff +
-androdis +
-androgui+
  
-Androwarn - Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. +🛠 Android Hacking for BugBounty https://youtu.be/4h2XjIw16Dg
-Author: Thomas D +
-License: GPLv3+
  
-ApkTool - A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with an app easier because of project-like file structure and automation of some repetitive tasks like building apk, etc. +**Metasploit generated APK file into another APK**
-Author: Connor Tumbleson, Ryszard Wiśniewski +
-License: Apache v2.0+
  
-ByteCode Viewer - Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more.It's written completely in Java, and it's open sourced. +🛠 A quick and dirty python script to embed a Metasploit generated APK file into another APK.  https://github.com/yoda66/AndroidEmbedIT
-Author: konloch +
-License: GPLv3+
  
-dex2jar - Convert .dex file to .class files (zipped as jar) 
-Author: Bob Pan 
-License: Apache v2.0 
-d2j-dex2jar 
-d2j-dex2smali 
-d2j-jar2dex 
-d2j-decrypt-string 
  
-Jadx - Dex to Java decompiler +**Static Analysis**
-Author: skylot +
-License: Apache +
-jadx +
-jadx-gui+
  
-JD-GUI - JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. 
-License: Free for Non-Commercial Use 
  
 +🛠 JD-GUI - https://github.com/java-decompiler/jd-gui - JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.
  
-jd-gui+ 
 + 
 +🛠 Pidcat-ex - https://github.com/healthluck/pidcat-ex
 Pidcat - Colored logcat script which only shows log entries for a specific application package.  Pidcat - Colored logcat script which only shows log entries for a specific application package. 
 +
 +
 +🛠 AndroBugs Framework - https://github.com/AndroBugs/AndroBugs_Framework-  AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less than 2 minutes per scan in average) and more accurate.
 +
 +
 +🛠 ApkTool - https://github.com/iBotPeaches/Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with an app easier because of project-like file structure and automation of some repetitive tasks like building apk, etc. 
 +
 +
 +
 +🛠 Amandroid – A Static Analysis Framework](http://pag.arguslab.org/argus-saf)
 +
 +🛠 Androwarn –  Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application](https://github.com/maaaaz/androwarn/)
 +
 +🛠 APK Analyzer – Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser)
 +
 +🛠 APK Inspector – A Powerful GUI Tool](https://github.com/honeynet/apkinspector/)
 +
 +🛠 Droid Hunter – Android application vulnerability analysis and Android pentest tool](https://github.com/hahwul/droid-hunter)
 +
 +🛠 Error Prone – Static Analysis Tool](https://github.com/google/error-prone)
 +
 +🛠 Findbugs – Find Bugs in Java Programs](http://findbugs.sourceforge.net/downloads.html)
 +
 +🛠 Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.](https://github.com/find-sec-bugs/find-sec-bugs/)
 +
 +🛠 Flow Droid – FlowDroid data flow analysis tool. FlowDroid statically computes data flows in Android apps and Java programs. Its goal is to provide researchers and practitioners with a tool and library on which they can base their own research projects and product implementations](https://github.com/secure-software-engineering/FlowDroid)
 +
 +🛠 Smali/Baksmali – Assembler/Disassembler for the dex format](https://github.com/JesusFreke/smali)
 +
 +🛠 Smali-CFGs – Smali Control Flow Graph’s](https://github.com/EugenioDelfa/Smali-CFGs)
 +
 +🛠 SPARTA – Static Program Analysis for Reliable Trusted Apps](https://www.cs.washington.edu/sparta)
 +
 +🛠 Thresher – To check heap reachability properties](https://plv.colorado.edu/projects/thresher/)
 +
 +🛠 Vector Attack Scanner – To search vulnerable points to attack](https://github.com/Sukelluskello/VectorAttackScanner)
 +
 +🛠 Gradle Static Analysis Plugin](https://github.com/novoda/gradle-static-analysis-plugin)
 +
 +🛠 Checkstyle – A tool for checking Java source code](https://github.com/checkstyle/checkstyle)
 +
 +🛠 PMD – An extensible multilanguage static code analyzer](https://github.com/pmd/pmd)
 +
 +🛠 Soot – A Java Optimization Framework](https://github.com/Sable/soot)
 +
 +🛠 Android Quality Starter](https://github.com/pwittchen/android-quality-starter)
 +
 +
 +🛠 QARK – Tool to look for several security related Android application vulnerabilities](https://github.com/linkedin/qark)
 +
 +🛠 Infer – A Static Analysis tool for Java, C, C++ and Objective-C](https://github.com/facebook/infer)
 +
 +🛠 Android Check – Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check)
 +
 +🛠 FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea)
 +
 +**Dynamic Analysis**
 +
 +
 +🛠 Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker)
 +
 +🛠 AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/)
 +
 +🛠 AppAudit - A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid)
 +
 +🛠 CuckooDroid - Extension of Cuckoo Sandbox the Open Source software](https://github.com/idanr1986/cuckoo-droid)
 +
 +🛠 DroidBox - Dynamic analysis of Android applications](https://code.google.com/p/droidbox/)
 +
 +🛠 Droid-FF - Android File Fuzzing Framework](https://github.com/antojoseph/droid-ff)
 +
 +🛠 Drozer](https://www.mwrinfosecurity.com/products/drozer/)
 +
 +🛠 Marvin - Analyzes Android applications and allows tracking of an app](https://github.com/programa-stic/marvin-django)
 +
 +🛠 Inspeckage](https://github.com/ac-pm/Inspeckage)
 +
 +🛠 PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid)
 +
 +🛠 AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b)
 +
 +🛠 Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2)
 +
 +🛠 Cutter - Free and Open Source RE Platform powered by radare2](https://cutter.re/)
 +
 +🛠 ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://github.com/Konloch/bytecode-viewer  or https://bytecodeviewer.com/)
 +
 +🛠 Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)
 +
 +🛠 CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/)
 +
 +🛠 Magisk v20.2 - Root & Universal Systemless Interface](https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445)
 +
 +
 +**Android Online APK Analyzers**
 +
 +
 +🛠 [android-lint-summary](https://github.com/passy/android-lint-summary) - Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.
 +
 +
 +🛠 Welcome to Android Application Security Series. This series contains some blog post about different types of vulnerabilities which are possible in Android Application’s and there exploitation methods. 
 +https://manifestsecurity.com/android-application-security/
 +
 +🛠 ImmuniWeb® Mobile App Scanner - https://www.immuniweb.com/mobile/ - test security and privacy of mobile apps (iOS & Android).
 +
 +🛠 Quixxi - https://vulnerabilitytest.quixxi.com/ - free Mobile App Vulnerability Scanner for Android & iOS.
 +
 +🛠 Ostorlab - https://www.ostorlab.co/scan/mobile/ - analyzes mobile application to identify vulnerabilities and potential weaknesses.
 +
android.1571507383.txt.gz · Dernière modification: 2019/10/19 19:49 par m0n5t3r