APKDeepLens APKDeepLens is a Python-based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration...
The Damne Vulnerable Android Components – DVAC Damn Vulnerable Android Components (DVAC) is an educational Android application intentionally designed to expose and demonstrate vulnerabilities related to various Android components such as Activities, Intents, Content...
medusa MEDUSA is an extensible and modularized framework that automates processes and techniques practiced during the dynamic analysis of Android and iOS Applications. Some of the framework’s features are the following: Tracing and instrumentation of API calls...
QCSuper QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G (and for certain models 5G) radio frames, among other things. It will allow you to generate PCAP captures of it using either...
drozer drozer is a security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Android Runtime,...
apkLeaks Scanning APK file for URIs, endpoints & secrets. Installation Linux $ sudo apt-get install libssl-dev swig -y OSX $ brew install openssl swig Windows You need to install: OpenSSL, and swig-win. To install apkLeaks,...
apk.sh apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding, and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources...
Android BugBazaar: Your mobile appsec playground to Explore, Exploit, Excel BugBazaar is a comprehensive mobile application intentionally designed to be vulnerable, featuring over 30 vulnerabilities. Developed to emulate real-world scenarios, it includes more than...
MORF – Mobile Reconnaissance Framework Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information within mobile applications. It is...
Runtime Mobile Security Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime. You can easily dump all the loaded classes...
Mobile Security Framework Mobile Security Framework (MobSF) is an intelligent, all-in-one open-source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security...
About Ghost Framework Ghost Framework is an Android post-exploitation framework that exploits the Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device...
apkInspector apkInspector is a tool designed to provide detailed insights into the zip structure of APK files, offering the capability to extract the content and decode the AndroidManifest.xml file. What sets APKInspector apart is...
APKscan Scan for secrets, endpoints, and other sensitive data after decompiling and deobfuscating Android files. (.apk, .xapk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, .jadx.kts). Why use APKscan? Find Leaked Secrets APKs (Android Package Kits) often leak secrets due to...
AegiScan Aegi(s)Scan(er) is a static dataflow analysis framework for iOS application binaries, which can be used to facilitate vulnerability scanning. Design AegiScan utilizes top-down type propagation to resolve Objective-C MsgSend calls, thereby reconstructing the call...
fsmon FileSystem Monitor utility that runs on Linux, Android, iOS, and OSX. Backends fsmon filesystem information is taken from different backends depending on the operating system and apis available. This is the list of...
