Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
android [2020/04/19 20:07] M0N5T3R |
android [2020/05/22 19:05] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 4: | Ligne 4: | ||
====== Android ====== | ====== Android ====== | ||
+ | |||
+ | |||
+ | **Documentation** | ||
🛠 awesome-mobile-security awesome https://github.com/vaib25vicky/awesome-mobile-security | 🛠 awesome-mobile-security awesome https://github.com/vaib25vicky/awesome-mobile-security | ||
Ligne 15: | Ligne 18: | ||
🛠 Android Hacking for BugBounty https://youtu.be/4h2XjIw16Dg | 🛠 Android Hacking for BugBounty https://youtu.be/4h2XjIw16Dg | ||
+ | |||
+ | **Metasploit generated APK file into another APK** | ||
+ | |||
+ | 🛠 A quick and dirty python script to embed a Metasploit generated APK file into another APK. https://github.com/yoda66/AndroidEmbedIT | ||
Ligne 36: | Ligne 43: | ||
🛠 Amandroid – A Static Analysis Framework](http://pag.arguslab.org/argus-saf) | 🛠 Amandroid – A Static Analysis Framework](http://pag.arguslab.org/argus-saf) | ||
+ | |||
🛠 Androwarn – Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application](https://github.com/maaaaz/androwarn/) | 🛠 Androwarn – Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application](https://github.com/maaaaz/androwarn/) | ||
+ | |||
🛠 APK Analyzer – Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser) | 🛠 APK Analyzer – Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser) | ||
+ | |||
🛠 APK Inspector – A Powerful GUI Tool](https://github.com/honeynet/apkinspector/) | 🛠 APK Inspector – A Powerful GUI Tool](https://github.com/honeynet/apkinspector/) | ||
+ | |||
🛠 Droid Hunter – Android application vulnerability analysis and Android pentest tool](https://github.com/hahwul/droid-hunter) | 🛠 Droid Hunter – Android application vulnerability analysis and Android pentest tool](https://github.com/hahwul/droid-hunter) | ||
+ | |||
🛠 Error Prone – Static Analysis Tool](https://github.com/google/error-prone) | 🛠 Error Prone – Static Analysis Tool](https://github.com/google/error-prone) | ||
+ | |||
🛠 Findbugs – Find Bugs in Java Programs](http://findbugs.sourceforge.net/downloads.html) | 🛠 Findbugs – Find Bugs in Java Programs](http://findbugs.sourceforge.net/downloads.html) | ||
+ | |||
🛠 Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.](https://github.com/find-sec-bugs/find-sec-bugs/) | 🛠 Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.](https://github.com/find-sec-bugs/find-sec-bugs/) | ||
+ | |||
🛠 Flow Droid – FlowDroid data flow analysis tool. FlowDroid statically computes data flows in Android apps and Java programs. Its goal is to provide researchers and practitioners with a tool and library on which they can base their own research projects and product implementations](https://github.com/secure-software-engineering/FlowDroid) | 🛠 Flow Droid – FlowDroid data flow analysis tool. FlowDroid statically computes data flows in Android apps and Java programs. Its goal is to provide researchers and practitioners with a tool and library on which they can base their own research projects and product implementations](https://github.com/secure-software-engineering/FlowDroid) | ||
+ | |||
🛠 Smali/Baksmali – Assembler/Disassembler for the dex format](https://github.com/JesusFreke/smali) | 🛠 Smali/Baksmali – Assembler/Disassembler for the dex format](https://github.com/JesusFreke/smali) | ||
+ | |||
🛠 Smali-CFGs – Smali Control Flow Graph’s](https://github.com/EugenioDelfa/Smali-CFGs) | 🛠 Smali-CFGs – Smali Control Flow Graph’s](https://github.com/EugenioDelfa/Smali-CFGs) | ||
+ | |||
🛠 SPARTA – Static Program Analysis for Reliable Trusted Apps](https://www.cs.washington.edu/sparta) | 🛠 SPARTA – Static Program Analysis for Reliable Trusted Apps](https://www.cs.washington.edu/sparta) | ||
+ | |||
🛠 Thresher – To check heap reachability properties](https://plv.colorado.edu/projects/thresher/) | 🛠 Thresher – To check heap reachability properties](https://plv.colorado.edu/projects/thresher/) | ||
+ | |||
🛠 Vector Attack Scanner – To search vulnerable points to attack](https://github.com/Sukelluskello/VectorAttackScanner) | 🛠 Vector Attack Scanner – To search vulnerable points to attack](https://github.com/Sukelluskello/VectorAttackScanner) | ||
+ | |||
🛠 Gradle Static Analysis Plugin](https://github.com/novoda/gradle-static-analysis-plugin) | 🛠 Gradle Static Analysis Plugin](https://github.com/novoda/gradle-static-analysis-plugin) | ||
+ | |||
🛠 Checkstyle – A tool for checking Java source code](https://github.com/checkstyle/checkstyle) | 🛠 Checkstyle – A tool for checking Java source code](https://github.com/checkstyle/checkstyle) | ||
+ | |||
🛠 PMD – An extensible multilanguage static code analyzer](https://github.com/pmd/pmd) | 🛠 PMD – An extensible multilanguage static code analyzer](https://github.com/pmd/pmd) | ||
+ | |||
🛠 Soot – A Java Optimization Framework](https://github.com/Sable/soot) | 🛠 Soot – A Java Optimization Framework](https://github.com/Sable/soot) | ||
+ | |||
🛠 Android Quality Starter](https://github.com/pwittchen/android-quality-starter) | 🛠 Android Quality Starter](https://github.com/pwittchen/android-quality-starter) | ||
+ | |||
+ | |||
🛠 QARK – Tool to look for several security related Android application vulnerabilities](https://github.com/linkedin/qark) | 🛠 QARK – Tool to look for several security related Android application vulnerabilities](https://github.com/linkedin/qark) | ||
+ | |||
🛠 Infer – A Static Analysis tool for Java, C, C++ and Objective-C](https://github.com/facebook/infer) | 🛠 Infer – A Static Analysis tool for Java, C, C++ and Objective-C](https://github.com/facebook/infer) | ||
+ | |||
🛠 Android Check – Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check) | 🛠 Android Check – Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check) | ||
+ | |||
🛠 FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea) | 🛠 FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea) | ||
**Dynamic Analysis** | **Dynamic Analysis** | ||
+ | |||
🛠 Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker) | 🛠 Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker) | ||
+ | |||
🛠 AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/) | 🛠 AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/) | ||
+ | |||
🛠 AppAudit - A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid) | 🛠 AppAudit - A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid) | ||
+ | |||
🛠 CuckooDroid - Extension of Cuckoo Sandbox the Open Source software](https://github.com/idanr1986/cuckoo-droid) | 🛠 CuckooDroid - Extension of Cuckoo Sandbox the Open Source software](https://github.com/idanr1986/cuckoo-droid) | ||
+ | |||
🛠 DroidBox - Dynamic analysis of Android applications](https://code.google.com/p/droidbox/) | 🛠 DroidBox - Dynamic analysis of Android applications](https://code.google.com/p/droidbox/) | ||
+ | |||
🛠 Droid-FF - Android File Fuzzing Framework](https://github.com/antojoseph/droid-ff) | 🛠 Droid-FF - Android File Fuzzing Framework](https://github.com/antojoseph/droid-ff) | ||
+ | |||
🛠 Drozer](https://www.mwrinfosecurity.com/products/drozer/) | 🛠 Drozer](https://www.mwrinfosecurity.com/products/drozer/) | ||
+ | |||
🛠 Marvin - Analyzes Android applications and allows tracking of an app](https://github.com/programa-stic/marvin-django) | 🛠 Marvin - Analyzes Android applications and allows tracking of an app](https://github.com/programa-stic/marvin-django) | ||
+ | |||
🛠 Inspeckage](https://github.com/ac-pm/Inspeckage) | 🛠 Inspeckage](https://github.com/ac-pm/Inspeckage) | ||
+ | |||
🛠 PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid) | 🛠 PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid) | ||
+ | |||
🛠 AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b) | 🛠 AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b) | ||
+ | |||
🛠 Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2) | 🛠 Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2) | ||
+ | |||
🛠 Cutter - Free and Open Source RE Platform powered by radare2](https://cutter.re/) | 🛠 Cutter - Free and Open Source RE Platform powered by radare2](https://cutter.re/) | ||
+ | |||
🛠 ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://github.com/Konloch/bytecode-viewer or https://bytecodeviewer.com/) | 🛠 ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://github.com/Konloch/bytecode-viewer or https://bytecodeviewer.com/) | ||
+ | |||
🛠 Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | 🛠 Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | ||
+ | |||
🛠 CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/) | 🛠 CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/) | ||
+ | |||
🛠 Magisk v20.2 - Root & Universal Systemless Interface](https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445) | 🛠 Magisk v20.2 - Root & Universal Systemless Interface](https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445) | ||