mirror of
https://github.com/vaib25vicky/awesome-mobile-security.git
synced 2024-10-01 06:35:35 -04:00
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
androidandroid-securityawesomeawesome-listbugbountyhackinghacking-toolsiosios-securitymobilemobile-securitypentestingredteamresourcesreverse-engineeringsecurity-tools
README.md |
awesome-mobile-security
A curated list of Mobile Security materials and resources.
Maintained by @vaib25vicky with contributions from the security and developer communities.
Contributing
Please refer to the contributing guide for details.
Android
-
- An Android Hacking Primer
- Secure an Android Device
- Security tips
- OWASP Mobile Security Testing Guide
- Security Testing for Android Cross Platform Application
- Dive deep into Android Application Security
- Pentesting Android Apps Using Frida
- Mobile Security Testing Guide
- Mobile Application Penetration Testing Cheat Sheet
- ANDROID APPLICATIONS REVERSING 101
- Android Security Guidelines
- [Amandroid – A Static Analysis FrameworkA(http://pag.arguslab.org/argus-saf)
- Androwarn – Yet Another Static Code Analyzer
- APK Analyzer – Static and Virtual Analysis Tool
- APK Inspector – A Powerful GUI Toolndroid WebView Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/)
- OWASP Mobile Top 10
-
Books (https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md)
-
-
[Static Analysis]
- Amandroid – A Static Analysis Framework
- Androwarn – Yet Another Static Code Analyzer
- APK Analyzer – Static and Virtual Analysis Tool
- APK Inspector – A Powerful GUI Tool
- Droid Hunter – Android application vulnerability analysis and Android pentest tool
- Error Prone – Static Analysis Tool
- Findbugs – Find Bugs in Java Programs
- Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.
- Flow Droid – Static Data Flow Tracker
- Smali/Baksmali – Assembler/Disassembler for the dex format
- Smali-CFGs – Smali Control Flow Graph’s
- SPARTA – Static Program Analysis for Reliable Trusted Apps
- Thresher – To check heap reachability properties
- Vector Attack Scanner – To search vulnerable points to attack
- Gradle Static Analysis Plugin
- Checkstyle – A tool for checking Java source code
- PMD – An extensible multilanguage static code analyzer
- Soot – A Java Optimization Framework
- Android Quality Starter
- QARK – Quick Android Review Kit
- Infer – A Static Analysis tool for Java, C, C++ and Objective-C
- Android Check – Static Code analysis plugin for Android Project
- FindBugs-IDEA Static byte code analysis to look for bugs in Java code
-
[Dynamic Analysis]
- Android Hooker - Opensource project for dynamic analyses of Android applications
- AppAudit - Online tool ( including an API) uses dynamic and static analysis
- AppAudit - A bare-metal analysis tool on Android devices
- CuckooDroid - Extension of Cuckoo Sandbox the Open Source software
- DroidBox - Dynamic analysis of Android applications
- Droid-FF - Android File Fuzzing Framework
- Drozer
- Marvin - Analyzes Android applications and allows tracking of an app
- Inspeckage
- PATDroid - Collection of tools and data structures for analyzing Android applications
- []
- AndroL4b - Android security virtual machine based on ubuntu-mate
- Radare2 - Unix-like reverse engineering framework and commandline tools
- ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
- Mobile-Security-Framework MobSF
- CobraDroid - Custom build of the Android operating system geared specifically for application security
-
[Android Online APK Analyzers]
-
-
[Misc.]