Outils d'utilisateurs

Outils du Site


android

Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

android [2020/01/03 22:34]
M0N5T3R [Android]
android [2020/05/22 19:05] (Version actuelle)
M0N5T3R
Ligne 4: Ligne 4:
  
 ====== Android ====== ====== Android ======
 +
 +
 +**Documentation**
  
 🛠 awesome-mobile-security awesome https://github.com/vaib25vicky/awesome-mobile-security 🛠 awesome-mobile-security awesome https://github.com/vaib25vicky/awesome-mobile-security
  
-🛠 [android-lint-summary](https://github.com/passy/android-lint-summary) - Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once. 
  
-🛠 [FlowDroid](https://github.com/secure-software-engineering/soot-infoflow-android) - static taint analysis tool for Android applications 
  
-🛠 [paprika](https://github.com/GeoffreyHecht/paprika) A toolkit to detect some code smells in analyzed Android applications.+🛠 Mobile Application Penetration Testing Cheat Sheet https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet
  
-🛠 [qark](https://github.com/linkedin/qark) - Tool to look for several security related Android application vulnerabilities 
  
 +🛠 OWASP Mobile Security Testing Guide https://mobile-security.gitbook.io/mobile-security-testing-guide/
  
 +🛠 Android Hacking for BugBounty https://youtu.be/4h2XjIw16Dg
  
-🛠 AndroBugs Framework - AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less than 2 minutes per scan in average) and more accurate.+**Metasploit generated APK file into another APK**
  
 +🛠 A quick and dirty python script to embed a Metasploit generated APK file into another APK.  https://github.com/yoda66/AndroidEmbedIT
  
-🛠 Androguard - Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !) 
-androapkinfo 
-androarsc 
-androauto 
-androaxml 
-androcsign 
-androdd 
-androdiff 
-androdis 
-androgui 
  
 +**Static Analysis**
  
-🛠 Androwarn - Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. 
  
 +🛠 JD-GUI - https://github.com/java-decompiler/jd-gui - JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.
  
-🛠 ApkTool - A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with an app easier because of project-like file structure and automation of some repetitive tasks like building apk, etc. 
  
  
-🛠 ByteCode Viewer Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more.It's written completely in Java, and it's open sourced.+🛠 Pidcat-ex https://github.com/healthluck/pidcat-ex-  
 +Pidcat - Colored logcat script which only shows log entries for a specific application package
  
  
-🛠 dex2jar Convert .dex file to .class files (zipped as jar) +🛠 AndroBugs Framework https://github.com/AndroBugs/AndroBugs_Framework-  AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applicationsNo splendid GUI interface, but the most efficient (less than 2 minutes per scan in averageand more accurate.
-d2j-dex2jar +
-d2j-dex2smali +
-d2j-jar2dex +
-d2j-decrypt-string+
  
  
-🛠 Jadx Dex to Java decompiler +🛠 ApkTool https://github.com/iBotPeaches/Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with an app easier because of project-like file structure and automation of some repetitive tasks like building apk, etc. 
-jadx +
-jadx-gui+
  
  
-🛠 JD-GUI - JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. 
  
 +🛠 Amandroid – A Static Analysis Framework](http://pag.arguslab.org/argus-saf)
  
 +🛠 Androwarn –  Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application](https://github.com/maaaaz/androwarn/)
  
-🛠 jd-gui +🛠 APK Analyzer – Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser)
-Pidcat - Colored logcat script which only shows log entries for a specific application package+
  
-🛠 Mobile Application Penetration Testing Cheat Sheet https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet+🛠 APK Inspector – A Powerful GUI Tool](https://github.com/honeynet/apkinspector/)
  
 +🛠 Droid Hunter – Android application vulnerability analysis and Android pentest tool](https://github.com/hahwul/droid-hunter)
  
-🛠 OWASP Mobile Security Testing Guide https://mobile-security.gitbook.io/mobile-security-testing-guide/+🛠 Error Prone – Static Analysis Tool](https://github.com/google/error-prone) 
 + 
 +🛠 Findbugs – Find Bugs in Java Programs](http://findbugs.sourceforge.net/downloads.html) 
 + 
 +🛠 Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.](https://github.com/find-sec-bugs/find-sec-bugs/) 
 + 
 +🛠 Flow Droid – FlowDroid data flow analysis tool. FlowDroid statically computes data flows in Android apps and Java programs. Its goal is to provide researchers and practitioners with a tool and library on which they can base their own research projects and product implementations](https://github.com/secure-software-engineering/FlowDroid) 
 + 
 +🛠 Smali/Baksmali – Assembler/Disassembler for the dex format](https://github.com/JesusFreke/smali) 
 + 
 +🛠 Smali-CFGs – Smali Control Flow Graph’s](https://github.com/EugenioDelfa/Smali-CFGs) 
 + 
 +🛠 SPARTA – Static Program Analysis for Reliable Trusted Apps](https://www.cs.washington.edu/sparta) 
 + 
 +🛠 Thresher – To check heap reachability properties](https://plv.colorado.edu/projects/thresher/) 
 + 
 +🛠 Vector Attack Scanner – To search vulnerable points to attack](https://github.com/Sukelluskello/VectorAttackScanner) 
 + 
 +🛠 Gradle Static Analysis Plugin](https://github.com/novoda/gradle-static-analysis-plugin) 
 + 
 +🛠 Checkstyle – A tool for checking Java source code](https://github.com/checkstyle/checkstyle) 
 + 
 +🛠 PMD – An extensible multilanguage static code analyzer](https://github.com/pmd/pmd) 
 + 
 +🛠 Soot – A Java Optimization Framework](https://github.com/Sable/soot) 
 + 
 +🛠 Android Quality Starter](https://github.com/pwittchen/android-quality-starter) 
 + 
 + 
 +🛠 QARK – Tool to look for several security related Android application vulnerabilities](https://github.com/linkedin/qark) 
 + 
 +🛠 Infer – A Static Analysis tool for Java, C, C++ and Objective-C](https://github.com/facebook/infer) 
 + 
 +🛠 Android Check – Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check) 
 + 
 +🛠 FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea) 
 + 
 +**Dynamic Analysis** 
 + 
 + 
 +🛠 Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker) 
 + 
 +🛠 AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/
 + 
 +🛠 AppAudit A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid) 
 + 
 +🛠 CuckooDroid - Extension of Cuckoo Sandbox the Open Source software](https://github.com/idanr1986/cuckoo-droid) 
 + 
 +🛠 DroidBox - Dynamic analysis of Android applications](https://code.google.com/p/droidbox/) 
 + 
 +🛠 Droid-FF - Android File Fuzzing Framework](https://github.com/antojoseph/droid-ff) 
 + 
 +🛠 Drozer](https://www.mwrinfosecurity.com/products/drozer/) 
 + 
 +🛠 Marvin - Analyzes Android applications and allows tracking of an app](https://github.com/programa-stic/marvin-django) 
 + 
 +🛠 Inspeckage](https://github.com/ac-pm/Inspeckage) 
 + 
 +🛠 PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid) 
 + 
 +🛠 AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b) 
 + 
 +🛠 Radare2 Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2) 
 + 
 +🛠 Cutter - Free and Open Source RE Platform powered by radare2](https://cutter.re/) 
 + 
 +🛠 ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://github.com/Konloch/bytecode-viewer  or https://bytecodeviewer.com/) 
 + 
 +🛠 Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) 
 + 
 +🛠 CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/) 
 + 
 +🛠 Magisk v20.2 - Root & Universal Systemless Interface](https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445) 
 + 
 + 
 +**Android Online APK Analyzers** 
 + 
 + 
 +🛠 [android-lint-summary](https://github.com/passy/android-lint-summary) - Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.
  
-🛠 Android Hacking for BugBounty https://youtu.be/4h2XjIw16Dg 
  
 🛠 Welcome to Android Application Security Series. This series contains some blog post about different types of vulnerabilities which are possible in Android Application’s and there exploitation methods.  🛠 Welcome to Android Application Security Series. This series contains some blog post about different types of vulnerabilities which are possible in Android Application’s and there exploitation methods. 
 https://manifestsecurity.com/android-application-security/ https://manifestsecurity.com/android-application-security/
  
-🛠 https://www.immuniweb.com/mobile/ ImmuniWeb® Mobile App Scanner - test security and privacy of mobile apps (iOS & Android).+🛠 ImmuniWeb® Mobile App Scanner - https://www.immuniweb.com/mobile/ - test security and privacy of mobile apps (iOS & Android).
  
-🛠 https://vulnerabilitytest.quixxi.com/ Quixxi - free Mobile App Vulnerability Scanner for Android & iOS.+🛠 Quixxi - https://vulnerabilitytest.quixxi.com/ - free Mobile App Vulnerability Scanner for Android & iOS.
  
-🛠 https://www.ostorlab.co/scan/mobile/ Ostorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.+🛠 Ostorlab - https://www.ostorlab.co/scan/mobile/ - analyzes mobile application to identify vulnerabilities and potential weaknesses.
  
android.1578087284.txt.gz · Dernière modification: 2020/01/03 22:34 par M0N5T3R