http://www.droidaholic.com/security/
=================================
Security Tools
ONLINE ANALYZERS
AndroTotal – http://andrototal.org/ Anubis – http://anubis.iseclab.org/
App 360 scan – http://www.app360scan.com/
CopperDroid – http://copperdroid.isg.rhul.ac.uk/copperdroid/
Dexter – https://dexter.bluebox.com/
Foresafe – http://www.foresafe.com/scan
Mobile app insight – http://www.mobile-app-insight.org
Mobile-Sandbox – http://mobile-sandbox.com
Sandroid – http://sanddroid.xjtu.edu.cn/
Tracedroid – http://tracedroid.few.vu.nl/
Visual Threat – http://www.visualthreat.com/
Android Sandbox -http://www.androidsandbox.net/
App 360 scan – http://www.app360scan.com/
CopperDroid – http://copperdroid.isg.rhul.ac.uk/copperdroid/
Dexter – https://dexter.bluebox.com/
Foresafe – http://www.foresafe.com/scan
Mobile app insight – http://www.mobile-app-insight.org
Mobile-Sandbox – http://mobile-sandbox.com
Sandroid – http://sanddroid.xjtu.edu.cn/
Tracedroid – http://tracedroid.few.vu.nl/
Visual Threat – http://www.visualthreat.com/
Android Sandbox -http://www.androidsandbox.net/
STATIC ANALYSIS TOOLS
Android Decompiler – http://www.android-decompiler.com/
Androwarn – https://github.com/maaaaz/androwarn/
ApkAnalyser – https://github.com/sonyxperiadev/ApkAnalyser
APKInspector – https://github.com/honeynet/apkinspector/
Droid Intent Data Flow Analysis for Information Leakage -https://www.cert.org/secure-coding/tools/didfail.cfm
Several tools from PSU – http://siis.cse.psu.edu/tools.html
Smali CFG generator – http://code.google.com/p/smali-cfgs/
DYNAMIC ANALYSIS TOOLS
Androwarn – https://github.com/maaaaz/androwarn/
ApkAnalyser – https://github.com/sonyxperiadev/ApkAnalyser
APKInspector – https://github.com/honeynet/apkinspector/
Droid Intent Data Flow Analysis for Information Leakage -https://www.cert.org/secure-coding/tools/didfail.cfm
Several tools from PSU – http://siis.cse.psu.edu/tools.html
Smali CFG generator – http://code.google.com/p/smali-cfgs/
DYNAMIC ANALYSIS TOOLS
Android DBI frameowork –http://www.mulliner.org/blog/blosxom.cgi/security/androiddbiv02.html – Android Dynamic Binary Instrumentation
Android Malware Analysis Toolkit –http://www.mobilemalware.com.br/amat/download.html (linux distro) Earlier it use to be an online analyzer at http://dunkelheit.com.br/amat/analysis/index_en.html
Android Reverse Engineering – https://redmine.honeynet.org/projects/are/wiki – ARE (android reverse engineering) does not seem to be under active development anymore
Android Security Evaluation Framework – https://code.google.com/p/asef/
AppUse – https://appsec-labs.com/AppUse – custom build for pentesting
AuditdAndroid – https://github.com/nwhusted/AuditdAndroid – android port of auditd, does not seem to be active development anymore
Cobradroid – http://thecobraden.com/projects/cobradroid/ – custom image for malware analysis
Crowdroid – http://www.ida.liu.se/labs/rtslab/publications/2011/spsm11-burguera.pdf – unable to find the actual tool
Droidbox – http://code.google.com/p/droidbox/
Mercury – http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/
https://labs.mwrinfosecurity.com/tools/drozer/ – Drozer
Taintdroid – http://appanalysis.org/download.html (requires AOSP compilation)
Xposed – developers.com/showthread.php?t=1574401 (equivalent of doing Stub based code injection but without any modifications to the binary)
Aurasium – http://www.aurasium.com/ – rewrites the android app to add security policy, seems dead now
REVERSE ENGINEERING
Android Malware Analysis Toolkit –http://www.mobilemalware.com.br/amat/download.html (linux distro) Earlier it use to be an online analyzer at http://dunkelheit.com.br/amat/analysis/index_en.html
Android Reverse Engineering – https://redmine.honeynet.org/projects/are/wiki – ARE (android reverse engineering) does not seem to be under active development anymore
Android Security Evaluation Framework – https://code.google.com/p/asef/
AppUse – https://appsec-labs.com/AppUse – custom build for pentesting
AuditdAndroid – https://github.com/nwhusted/AuditdAndroid – android port of auditd, does not seem to be active development anymore
Cobradroid – http://thecobraden.com/projects/cobradroid/ – custom image for malware analysis
Crowdroid – http://www.ida.liu.se/labs/rtslab/publications/2011/spsm11-burguera.pdf – unable to find the actual tool
Droidbox – http://code.google.com/p/droidbox/
Mercury – http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/
https://labs.mwrinfosecurity.com/tools/drozer/ – Drozer
Taintdroid – http://appanalysis.org/download.html (requires AOSP compilation)
Xposed – developers.com/showthread.php?t=1574401 (equivalent of doing Stub based code injection but without any modifications to the binary)
Aurasium – http://www.aurasium.com/ – rewrites the android app to add security policy, seems dead now
REVERSE ENGINEERING
Smali/Baksmali http://code.google.com/p/smali/ – apk decompilation
coloring for smali files
emacs: https://github.com/strazzere/Emacs-Smali
vim: http://codetastrophe.com/smali.vim
AndBug – https://github.com/swdunlop/AndBug
Androguard – http://code.google.com/p/androguard/ – powerful, integrates well with other tools
Apktool – http://code.google.com/p/android-apktool/ – really useful for compilation/decompilation (uses smali)
Android Framework for Exploitation – https://github.com/xysec/AFE
https://github.com/iSECPartners/Android-KillPermAndSigChecks – Bypass signature and permission checks for IPCs.
Android OpenDebug – https://github.com/iSECPartners/Android-OpenDebug – make any application on device debuggable (using cydia substrate).
Dare – http://siis.cse.psu.edu/dare/index.html – .dex to .class converter
Dex2Jar – http://code.google.com/p/dex2jar/
Dedexer – http://dedexer.sourceforge.net
Fino – https://github.com/sysdream/fino
Indroid – https://bitbucket.org/aseemjakhar/indroid – thread injection kit
IntentFuzzer – https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx
IntentSniffer – https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx
Introspy – https://github.com/iSECPartners/Introspy-Android
Jad – http://www.varaneckas.com/jad
JD-GUI – http://java.decompiler.free.fr/?q=jdgui
Redexer – https://github.com/plum-umd/redexer – apk manipulation
Smali viewer – http://blog.avlyun.com/wp-content/uploads/2014/04/SmaliViewer.zip
coloring for smali files
emacs: https://github.com/strazzere/Emacs-Smali
vim: http://codetastrophe.com/smali.vim
AndBug – https://github.com/swdunlop/AndBug
Androguard – http://code.google.com/p/androguard/ – powerful, integrates well with other tools
Apktool – http://code.google.com/p/android-apktool/ – really useful for compilation/decompilation (uses smali)
Android Framework for Exploitation – https://github.com/xysec/AFE
https://github.com/iSECPartners/Android-KillPermAndSigChecks – Bypass signature and permission checks for IPCs.
Android OpenDebug – https://github.com/iSECPartners/Android-OpenDebug – make any application on device debuggable (using cydia substrate).
Dare – http://siis.cse.psu.edu/dare/index.html – .dex to .class converter
Dex2Jar – http://code.google.com/p/dex2jar/
Dedexer – http://dedexer.sourceforge.net
Fino – https://github.com/sysdream/fino
Indroid – https://bitbucket.org/aseemjakhar/indroid – thread injection kit
IntentFuzzer – https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx
IntentSniffer – https://www.isecpartners.com/tools/mobile-security/intent-sniffer.aspx
Introspy – https://github.com/iSECPartners/Introspy-Android
Jad – http://www.varaneckas.com/jad
JD-GUI – http://java.decompiler.free.fr/?q=jdgui
Redexer – https://github.com/plum-umd/redexer – apk manipulation
Smali viewer – http://blog.avlyun.com/wp-content/uploads/2014/04/SmaliViewer.zip
Test beds
Android cluster toolkit. https://github.com/jduck/android-cluster-toolkit
Android application testing http://www.vogella.com/tutorials/AndroidTesting/article.html
Android Unit and Integration testing https://github.com/thecodepath/android_guides/wiki/Android-Unit-and-Integration-testing
Roboelectric http://robolectric.org/index.html
robotium https://code.google.com/p/robotium/
SAMPLE SOURCES
contagio mini dump – http://contagiominidump.blogspot.com
Open Source database –http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares
MISC TOOLS/READINGS
APK-Downloader – http://codekiem.com/2012/02/24/apk-downloader/
AXMLPrinter2 http://code.google.com/p/android4me/downloads/detail?name=AXMLPrinter2.jar - to convert binary XML files to human-readable XML files
adb autocomplete http://romannurik-code.googlecode.com/git/misc/bash_completion/adb
Dalvik opcodes – http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
Dalvik opcodes – http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html
Opcodes table for quick reference – http://xchg.info/corkami/opcodes_tables.pdf
A good collection of static analysis papers –http://tthtlc.wordpress.com/2011/09/01/static-analysis-of-android-applications/
ExploitMe http://securitycompass.github.io/AndroidLabs/setup.html - for practice
GoatDroid https://github.com/jackMannino/OWASP-GoatDroid-Project - for practice
Android Labs http://securitycompass.github.io/AndroidLabs/setup.html - for practice
ExploitMe http://securitycompass.github.io/AndroidLabs/setup.html - for practice
GoatDroid https://github.com/jackMannino/OWASP-GoatDroid-Project - for practice
Android Labs http://securitycompass.github.io/AndroidLabs/setup.html - for practice
Không có nhận xét nào:
Đăng nhận xét