All Projects → B3nac → Injuredandroid

B3nac / Injuredandroid

Licence: apache-2.0
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Programming Languages

kotlin
9241 projects

Projects that are alternatives of or similar to Injuredandroid

Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+60.57%)
Mutual labels:  pentesting, ctf, security-testing, bug-bounty
Spellbook
Micro-framework for rapid development of reusable security tools
Stars: ✭ 53 (-83.28%)
Mutual labels:  pentesting, ctf, bug-bounty
Pentesting toolkit
🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️
Stars: ✭ 1,268 (+300%)
Mutual labels:  pentesting, ctf, vulnerabilities
Nightingale
It's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-62.46%)
Mutual labels:  bug-bounty, vulnerabilities
myplanet
🌕 myPlanet android app reads data from 🌎 for offline use as well as it collect usage data and sends them back to the Planet.
Stars: ✭ 17 (-94.64%)
Mutual labels:  apk, android-studio
apkutil
a useful utility for android app security testing
Stars: ✭ 52 (-83.6%)
Mutual labels:  android-security, security-testing
Fastdex
🚀 加快 apk 的编译速度 🚀
Stars: ✭ 1,457 (+359.62%)
Mutual labels:  apk, android-studio
mobileAudit
Django application that performs SAST and Malware Analysis for Android APKs
Stars: ✭ 140 (-55.84%)
Mutual labels:  apk, android-security
ructfe-2019
RuCTFE 2019. Developed with ♥ by HackerDom team
Stars: ✭ 24 (-92.43%)
Mutual labels:  ctf, vulnerabilities
penetration testing
🎩 [penetration testing Book], Kali Magic, Cryptography, Hash Crack, Botnet, Rootkit, Malware, Spyware, Python, Go, C|EH.
Stars: ✭ 57 (-82.02%)
Mutual labels:  vulnerabilities, security-testing
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-95.58%)
Mutual labels:  pentesting, vulnerabilities
Android-WebView-in-Kotlin
Native Android WebView Example in Kotlin. Website to android app github open source template.
Stars: ✭ 87 (-72.56%)
Mutual labels:  webview, android-studio
Apkleaks
Scanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+753.94%)
Mutual labels:  apk, android-security
Angular-Cordova-Google-PlayStore-Publish
How to publish Angular app to Google Play Store using Cordova
Stars: ✭ 25 (-92.11%)
Mutual labels:  apk, android-studio
Inshorts Clone The News App
inshorts News App Clone with flutter and newsapi.org API
Stars: ✭ 145 (-54.26%)
Mutual labels:  apk, webview
Little-Ruler
A game engine that can be built for Android and Windows.
Stars: ✭ 16 (-94.95%)
Mutual labels:  apk, android-studio
phdctf-2017
PHDays Online CTF 2017. Developed with ♥ by Hackerdom team
Stars: ✭ 22 (-93.06%)
Mutual labels:  ctf, vulnerabilities
qctf-school-2018
QCTF School 2018. Developed with ♥ by Hackerdom team
Stars: ✭ 13 (-95.9%)
Mutual labels:  ctf, vulnerabilities
Dumpall
一款信息泄漏利用工具,适用于.git/.svn源代码泄漏和.DS_Store泄漏
Stars: ✭ 250 (-21.14%)
Mutual labels:  pentesting, bug-bounty
Apk Dependency Graph Plugin
Displays dependencies between classes as fancy graph.
Stars: ✭ 36 (-88.64%)
Mutual labels:  apk, android-studio

InjuredAndroid - CTF

A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity.

Now available on Google Play! https://play.google.com/store/apps/details?id=b3nac.injuredandroid


Setup for a physical device

  1. Download the latest release injuredandroid.apk from the releases or Google Play.

  2. Enable USB debugging on your Android test phone.

  3. Connect your phone and your pc with a usb cable.

  4. Install via adb if installing from releases. adb install InjuredAndroid.apk. Note: You need to use the absolute path to the .apk file or be in the same directory.

Setup for an Android Emulator using Android Studio

  1. Use adb to pull the apk off of your device or install after downloading the latest release apk.

  2. Start the emulator from Android Studio (I recommend downloading an emulator with Google APIs so root adb can be enabled).

  3. Drag and drop the .apk file on the emulator and InjuredAndroid.apk will install.


Build from source

  1. git clone https://github.com/B3nac/InjuredAndroid.git

  2. Create local.properties for the flutter_module

Example for Windows:

sdk.dir=C:\\Users\\B3nac\\AppData\\Local\\Android\\Sdk
flutter.sdk=C:\\Users\\YourUsername\\PathTo\\flutter

Example for Linux:

sdk.dir=/home/username/Android/Sdk
flutter.sdk=/home/username/flutter
  1. Set the Flutter path in Android Studio

File -> Settings -> Languages ​​& Frameworks -> Flutter

  1. Enable Dart Support in Android Studio

  2. Run flutter pub get to import the flutter dependencies

  3. Download the Android NDK that is required for the Assembly flag.

  4. Now you should be able to compile the latest release of InjuredAndroid!


Tips and CTF Overview

Decompiling the Android app is highly recommended.

  • XSSTEST is just for fun and to raise awareness on how WebViews can be made vulnerable to XSS.

  • The login flags just need the flag submitted.

  • The flags without a submit that demonstrate concepts will automatically register in the "Flags Overview" Activity.

  • The exclamatory buttons on the bottom right will give users up to three tips for each flag.

Good luck and have fun! :D


Spoilers

Looking at the source code of the applications in the InjuredAndroid directory, InjuredAndroid-FlagWalkthroughs.md file, or binary source code in the Binaries directory will spoil some if not all of the ctf challenges.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].