android-security

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)

Scanning APK file for URIs, endpoints & secrets.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

A big list of Android Hackerone disclosed reports and other resources.

Radare2 and Frida better together.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

A curated list of Android Security materials and resources For Pentesters and Bug Hunters

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

软件安全工程师技能表

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

CWAC-Security: Helping You Help Your Users Defend Their Data

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

CWAC-NetSecurity: Simplifying Secure Internet Access

Android Security Resources.

memory search and patch tool on debuggable apk without root & ndk

Oversecured Vulnerable Android App

Android library to reveal or obfuscate strings and assets at runtime

Swiss army knife for identifying and fingerprinting Android devices.

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

"Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" ACSAC 2019

An app showcase of some techniques to improve Android app security

Android apk/sdk Scan包括android apk/sdk 安全审计代码扫描以及国内政策扫描

[OUTDATED & UNSUPPORTED] Droid Watcher - Android Spy Application

Android Mobile Device Hardening

A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.

[WIP] Simple mobile applications sandbox file browser tool. Powered with [frida.re](https://www.frida.re).