Awesome-Mirrors/awesome-mobile-security
1
0
Fork 0
mirror of https://github.com/vaib25vicky/awesome-mobile-security.git synced 2025-01-15 01:27:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Vaibhav 2020-01-03 17:01:48 +05:30 committed by GitHub
parent 0835707670
commit 0e245657b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 107 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

211
README.md
View File

@ -30,133 +30,136 @@
* [Android WebView Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/) * [Android WebView Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/)
* [OWASP Mobile Top 10](https://www.owasp.org/index.php/OWASP_Mobile_Top_10) * [OWASP Mobile Top 10](https://www.owasp.org/index.php/OWASP_Mobile_Top_10)
### Books ### Books
* [SEI CERT Android Secure Coding Standard](https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard) * [SEI CERT Android Secure Coding Standard](https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard)
* [Android Security Internals](https://www.oreilly.com/library/view/android-security-internals/9781457185496/) * [Android Security Internals](https://www.oreilly.com/library/view/android-security-internals/9781457185496/)
### Courses ### Courses
* [Learning-Android-Security](https://www.lynda.com/Android-tutorials/Learning-Android-Security/689762-2.html) * [Learning-Android-Security](https://www.lynda.com/Android-tutorials/Learning-Android-Security/689762-2.html)
* [Mobile Application Security and Penetration Testing](https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/) * [Mobile Application Security and Penetration Testing](https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/)
### Tools ### Tools
* [Static Analysis](#static) #### Static Analysis
* [Amandroid A Static Analysis Framework](http://pag.arguslab.org/argus-saf)
* [Androwarn Yet Another Static Code Analyzer](https://github.com/maaaaz/androwarn/) * [Amandroid A Static Analysis Framework](http://pag.arguslab.org/argus-saf)
* [APK Analyzer Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser) * [Androwarn Yet Another Static Code Analyzer](https://github.com/maaaaz/androwarn/)
* [APK Inspector A Powerful GUI Tool](https://github.com/honeynet/apkinspector/) * [APK Analyzer Static and Virtual Analysis Tool](https://github.com/sonyxperiadev/ApkAnalyser)
* [Droid Hunter Android application vulnerability analysis and Android pentest tool](https://github.com/hahwul/droid-hunter) * [APK Inspector A Powerful GUI Tool](https://github.com/honeynet/apkinspector/)
* [Error Prone Static Analysis Tool](https://github.com/google/error-prone) * [Droid Hunter Android application vulnerability analysis and Android pentest tool](https://github.com/hahwul/droid-hunter)
* [Findbugs Find Bugs in Java Programs](http://findbugs.sourceforge.net/downloads.html) * [Error Prone Static Analysis Tool](https://github.com/google/error-prone)
* [Find Security Bugs A SpotBugs plugin for security audits of Java web applications.](https://github.com/find-sec-bugs/find-sec-bugs/) * [Findbugs Find Bugs in Java Programs](http://findbugs.sourceforge.net/downloads.html)
* [Flow Droid Static Data Flow Tracker](https://github.com/secure-software-engineering/FlowDroid) * [Find Security Bugs A SpotBugs plugin for security audits of Java web applications.](https://github.com/find-sec-bugs/find-sec-bugs/)
* [Smali/Baksmali Assembler/Disassembler for the dex format](https://github.com/JesusFreke/smali) * [Flow Droid Static Data Flow Tracker](https://github.com/secure-software-engineering/FlowDroid)
* [Smali-CFGs Smali Control Flow Graphs](https://github.com/EugenioDelfa/Smali-CFGs) * [Smali/Baksmali Assembler/Disassembler for the dex format](https://github.com/JesusFreke/smali)
* [SPARTA Static Program Analysis for Reliable Trusted Apps](https://www.cs.washington.edu/sparta) * [Smali-CFGs Smali Control Flow Graphs](https://github.com/EugenioDelfa/Smali-CFGs)
* [Thresher To check heap reachability properties](https://plv.colorado.edu/projects/thresher/) * [SPARTA Static Program Analysis for Reliable Trusted Apps](https://www.cs.washington.edu/sparta)
* [Vector Attack Scanner To search vulnerable points to attack](https://github.com/Sukelluskello/VectorAttackScanner) * [Thresher To check heap reachability properties](https://plv.colorado.edu/projects/thresher/)
* [Gradle Static Analysis Plugin](https://github.com/novoda/gradle-static-analysis-plugin) * [Vector Attack Scanner To search vulnerable points to attack](https://github.com/Sukelluskello/VectorAttackScanner)
* [Checkstyle A tool for checking Java source code](https://github.com/checkstyle/checkstyle) * [Gradle Static Analysis Plugin](https://github.com/novoda/gradle-static-analysis-plugin)
* [PMD An extensible multilanguage static code analyzer](https://github.com/pmd/pmd) * [Checkstyle A tool for checking Java source code](https://github.com/checkstyle/checkstyle)
* [Soot A Java Optimization Framework](https://github.com/Sable/soot) * [PMD An extensible multilanguage static code analyzer](https://github.com/pmd/pmd)
* [Android Quality Starter](https://github.com/pwittchen/android-quality-starter) * [Soot A Java Optimization Framework](https://github.com/Sable/soot)
* [QARK Quick Android Review Kit](https://github.com/linkedin/qark) * [Android Quality Starter](https://github.com/pwittchen/android-quality-starter)
* [Infer A Static Analysis tool for Java, C, C++ and Objective-C](https://github.com/facebook/infer) * [QARK Quick Android Review Kit](https://github.com/linkedin/qark)
* [Android Check Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check) * [Infer A Static Analysis tool for Java, C, C++ and Objective-C](https://github.com/facebook/infer)
* [FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea) * [Android Check Static Code analysis plugin for Android Project](https://github.com/noveogroup/android-check)
* [FindBugs-IDEA Static byte code analysis to look for bugs in Java code](https://plugins.jetbrains.com/plugin/3847-findbugs-idea)
* [Dynamic Analysis](#dynamic) #### Dynamic Analysis
* [Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker)
* [AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/) * [Android Hooker - Opensource project for dynamic analyses of Android applications](https://github.com/AndroidHooker/hooker)
* [AppAudit - A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid) * [AppAudit - Online tool ( including an API) uses dynamic and static analysis](http://appaudit.io/)
* [CuckooDroid - Extension of Cuckoo Sandbox the Open Source software](https://github.com/idanr1986/cuckoo-droid) * [AppAudit - A bare-metal analysis tool on Android devices](https://github.com/ucsb-seclab/baredroid)
* [DroidBox - Dynamic analysis of Android applications](https://code.google.com/p/droidbox/) * [CuckooDroid - Extension of Cuckoo Sandbox the Open Source software](https://github.com/idanr1986/cuckoo-droid)
* [Droid-FF - Android File Fuzzing Framework](https://github.com/antojoseph/droid-ff) * [DroidBox - Dynamic analysis of Android applications](https://code.google.com/p/droidbox/)
* [Drozer](https://www.mwrinfosecurity.com/products/drozer/) * [Droid-FF - Android File Fuzzing Framework](https://github.com/antojoseph/droid-ff)
* [Marvin - Analyzes Android applications and allows tracking of an app](https://github.com/programa-stic/marvin-django) * [Drozer](https://www.mwrinfosecurity.com/products/drozer/)
* [Inspeckage](https://github.com/ac-pm/Inspeckage) * [Marvin - Analyzes Android applications and allows tracking of an app](https://github.com/programa-stic/marvin-django)
* [PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid) * [Inspeckage](https://github.com/ac-pm/Inspeckage)
* [AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b) * [PATDroid - Collection of tools and data structures for analyzing Android applications](https://github.com/mingyuan-xia/PATDroid)
* [Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2) * [AndroL4b - Android security virtual machine based on ubuntu-mate](https://github.com/sh4hin/Androl4b)
* [ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://bytecodeviewer.com/) * [Radare2 - Unix-like reverse engineering framework and commandline tools](https://github.com/radareorg/radare2)
* [Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) * [yteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](https://bytecodeviewer.com/)
* [CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/) * [Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)
* [CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/)
* [Android Online APK Analyzers](#online) #### Android Online APK Analyzers
* [Android Observatory APK Scan](https://androidobservatory.org/upload)
* [Android APK Decompiler](http://www.decompileandroid.com/) * [Android Observatory APK Scan](https://androidobservatory.org/upload)
* [AndroTotal](http://andrototal.org/) * [Android APK Decompiler](http://www.decompileandroid.com/)
* [NVISO ApkScan](https://apkscan.nviso.be/) * [AndroTotal](http://andrototal.org/)
* [VirusTotal](https://www.virustotal.com/#/home/upload) * [NVISO ApkScan](https://apkscan.nviso.be/)
* [Scan Your APK](https://scanyourapk.com/) * [VirusTotal](https://www.virustotal.com/#/home/upload)
* [AVC Undroid](https://undroid.av-comparatives.org/index.php) * [Scan Your APK](https://scanyourapk.com/)
* [OPSWAT](https://metadefender.opswat.com/#!/) * [AVC Undroid](https://undroid.av-comparatives.org/index.php)
* [ImmuniWeb Mobile App Scanner](https://www.htbridge.com/mobile/) * [OPSWAT](https://metadefender.opswat.com/#!/)
* [Ostor Lab](https://www.ostorlab.co/scan/mobile/) * [ImmuniWeb Mobile App Scanner](https://www.htbridge.com/mobile/)
* [Quixxi](https://quixxisecurity.com/) * [Ostor Lab](https://www.ostorlab.co/scan/mobile/)
* [TraceDroid](http://tracedroid.few.vu.nl/submit.php) * [Quixxi](https://quixxisecurity.com/)
* [Visual Threat](http://www.visualthreat.com/UIupload.action) * [TraceDroid](http://tracedroid.few.vu.nl/submit.php)
* [App Critique](https://appcritique.boozallen.com/) * [Visual Threat](http://www.visualthreat.com/UIupload.action)
* [App Critique](https://appcritique.boozallen.com/)
### Labs ### Labs
* [DIVA (Damn insecure and vulnerable App)](https://github.com/payatu/diva-android) * [DIVA (Damn insecure and vulnerable App)](https://github.com/payatu/diva-android)
* [SecurityShepherd](https://github.com/OWASP/SecurityShepherd) * [SecurityShepherd](https://github.com/OWASP/SecurityShepherd)
* [Damn Vulnerable Hybrid Mobile App (DVHMA)](https://github.com/logicalhacking/DVHMA) * [Damn Vulnerable Hybrid Mobile App (DVHMA)](https://github.com/logicalhacking/DVHMA)
* [OWASP-mstg](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes) * [OWASP-mstg](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes)
* [VulnerableAndroidAppOracle](https://github.com/dan7800/VulnerableAndroidAppOracle) * [VulnerableAndroidAppOracle](https://github.com/dan7800/VulnerableAndroidAppOracle)
* [Android InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2) * [Android InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2)
* [Purposefully Insecure and Vulnerable Android Application (PIIVA)](https://github.com/htbridge/pivaa) * [Purposefully Insecure and Vulnerable Android Application (PIIVA)](https://github.com/htbridge/pivaa)
* [Sieve app](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk) * [Sieve app](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk)
* [DodoVulnerableBank](https://github.com/CSPF-Founder/DodoVulnerableBank) * [DodoVulnerableBank](https://github.com/CSPF-Founder/DodoVulnerableBank)
* [Digitalbank](https://github.com/CyberScions/Digitalbank) * [Digitalbank](https://github.com/CyberScions/Digitalbank)
* [OWASP GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) * [OWASP GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project)
* [AppKnox Vulnerable Application](https://github.com/appknox/vulnerable-application) * [AppKnox Vulnerable Application](https://github.com/appknox/vulnerable-application)
* [Vulnerable Android Application](https://github.com/Lance0312/VulnApp) * [Vulnerable Android Application](https://github.com/Lance0312/VulnApp)
* [MoshZuk](https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apk) * [MoshZuk](https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apk)
* [Hackme Bank](http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx) * [Hackme Bank](http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx)
* [Android Security Labs](https://github.com/SecurityCompass/AndroidLabs) * [Android Security Labs](https://github.com/SecurityCompass/AndroidLabs)
* [Android-InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2) * [Android-InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2)
* [Android-security](https://github.com/rafaeltoledo/android-security) * [Android-security](https://github.com/rafaeltoledo/android-security)
### Talks ### Talks
* [One Step Ahead of Cheaters -- Instrumenting Android Emulators](https://www.youtube.com/watch?v=L3AniAxp_G4) * [One Step Ahead of Cheaters -- Instrumenting Android Emulators](https://www.youtube.com/watch?v=L3AniAxp_G4)
* [Vulnerable Out of the Box: An Evaluation of Android Carrier Devices](https://www.youtube.com/watch?v=R2brQvQeTvM) * [Vulnerable Out of the Box: An Evaluation of Android Carrier Devices](https://www.youtube.com/watch?v=R2brQvQeTvM)
* [Rock appround the clock: Tracking malware developers by Android](https://www.youtube.com/watch?v=wd5OU9NvxjU) * [Rock appround the clock: Tracking malware developers by Android](https://www.youtube.com/watch?v=wd5OU9NvxjU)
* [Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre](https://www.youtube.com/watch?v=ohjTWylMGEA) * [Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre](https://www.youtube.com/watch?v=ohjTWylMGEA)
* [Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets](https://www.youtube.com/watch?v=TDk2RId8LFo) * [Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets](https://www.youtube.com/watch?v=TDk2RId8LFo)
* [Honey, I Shrunk the Attack Surface Adventures in Android Security Hardening](https://www.youtube.com/watch?v=EkL1sDMXRVk) * [Honey, I Shrunk the Attack Surface Adventures in Android Security Hardening](https://www.youtube.com/watch?v=EkL1sDMXRVk)
* [Hide Android Applications in Images](https://www.youtube.com/watch?v=hajOlvLhYJY) * [Hide Android Applications in Images](https://www.youtube.com/watch?v=hajOlvLhYJY)
* [Scary Code in the Heart of Android](https://www.youtube.com/watch?v=71YP65UANP0) * [Scary Code in the Heart of Android](https://www.youtube.com/watch?v=71YP65UANP0)
* [Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android](https://www.youtube.com/watch?v=q_HibdrbIxo) * [Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android](https://www.youtube.com/watch?v=q_HibdrbIxo)
* [Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library](https://www.youtube.com/watch?v=s0Tqi7fuOSU) * [Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library](https://www.youtube.com/watch?v=s0Tqi7fuOSU)
* [Android FakeID Vulnerability Walkthrough](https://www.youtube.com/watch?v=5eJYCucZ-Tc) * [Android FakeID Vulnerability Walkthrough](https://www.youtube.com/watch?v=5eJYCucZ-Tc)
* [Unleashing D* on Android Kernel Drivers](https://www.youtube.com/watch?v=1XavjjmfZAY) * [Unleashing D* on Android Kernel Drivers](https://www.youtube.com/watch?v=1XavjjmfZAY)
* [The Smarts Behind Hacking Dumb Devices](https://www.youtube.com/watch?v=yU1BrY1ZB2o) * [The Smarts Behind Hacking Dumb Devices](https://www.youtube.com/watch?v=yU1BrY1ZB2o)
* [Overview of common Android app vulnerabilities](https://www.bugcrowd.com/resources/webinars/overview-of-common-android-app-vulnerabilities/) * [Overview of common Android app vulnerabilities](https://www.bugcrowd.com/resources/webinars/overview-of-common-android-app-vulnerabilities/)
* [Android Dev Summit 2019](https://developer.android.com/dev-summit) * [Android Dev Summit 2019](https://developer.android.com/dev-summit)
* [Android security architecture](https://www.youtube.com/watch?v=3asW-nBU-JU) * [Android security architecture](https://www.youtube.com/watch?v=3asW-nBU-JU)
### Misc. ### Misc.
* [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md) * [Android-Reports-and-Resources](https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md)
* [android-security-awesome](https://github.com/ashishb/android-security-awesome) * [android-security-awesome](https://github.com/ashishb/android-security-awesome)
## IOS ## IOS
### General ### General
### Tools ### Tools
### Talks ### Talks
### Labs ### Labs
### Courses ### Courses
### Books ### Books
### Misc. ### Misc.