Dexcalibur[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (+279.26%)
Rms Runtime Mobile SecurityRuntime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Stars: ✭ 1,194 (+784.44%)
requests-ip-rotatorA Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.
Stars: ✭ 323 (+139.26%)
ReconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+621.48%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+1260.74%)
MjolnerCycript backend powered by Frida.
Stars: ✭ 11 (-91.85%)
Awesome FridaAwesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
Stars: ✭ 2,025 (+1400%)
ApkleaksScanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+1905.19%)
MedusaBinary instrumentation framework based on FRIDA
Stars: ✭ 258 (+91.11%)
EngineDroidefense: Advance Android Malware Analysis Framework
Stars: ✭ 386 (+185.93%)
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (+423.7%)
PinaakA vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan
Stars: ✭ 69 (-48.89%)
reFlutterFlutter Reverse Engineering Framework
Stars: ✭ 698 (+417.04%)
PayloadsallthethingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+24277.04%)
AppmonDocumentation:
Stars: ✭ 1,157 (+757.04%)
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (+368.89%)
AllaboutbugbountyAll about bug bounty (bypasses, payloads, and etc)
Stars: ✭ 758 (+461.48%)
Pentest GuidePenetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+874.81%)
JaelesThe Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+694.81%)
NightingaleIt's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-11.85%)
AirspyAirSpy - Frida-based tool for exploring and tracking the evolution of Apple's AirDrop protocol implementation on i/macOS, from the server's perspective. Released during BH USA 2019 Training https://www.nowsecure.com/event/advanced-frida-and-radare-a-hackers-delight/
Stars: ✭ 116 (-14.07%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+7464.44%)
R2frida WikiThis repo aims at providing practical examples on how to use r2frida
Stars: ✭ 168 (+24.44%)
MeduzaA more or less universal SSL unpinning tool for iOS
Stars: ✭ 240 (+77.78%)
ipsourcebypassThis Python script can be used to bypass IP source restrictions using HTTP headers.
Stars: ✭ 326 (+141.48%)
frida setupOne-click installer for Frida and Burp certs for SSL Pinning bypass
Stars: ✭ 47 (-65.19%)
R2fridaRadare2 and Frida better together.
Stars: ✭ 610 (+351.85%)
frida-android-unpinningA Frida script to disable SSL certificate pinning in a target application
Stars: ✭ 186 (+37.78%)
Bugs-feedBug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (-33.33%)
letsencrypt-fastThe fastest way to test/generate/renew Let's Encrypt SSL certificates!!! Requires root access and a live webserver to run the script at.
Stars: ✭ 25 (-81.48%)
PayloadsAllA list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (-77.04%)
WhoEnumMass querying whois records
Stars: ✭ 24 (-82.22%)
frida-mono-apiAll the mono c exports, ready to be used in frida!
Stars: ✭ 57 (-57.78%)
iInjectTool to automate the process of embedding dynamic libraries into iOS applications from GNU/Linux
Stars: ✭ 64 (-52.59%)
akamai-toolkitA set of tools to work on Akamai v1 anti-bot solution. Current supported version: 1.70
Stars: ✭ 215 (+59.26%)
boxerBoxer: A fast directory bruteforce tool written in Python with concurrency.
Stars: ✭ 15 (-88.89%)
InventusInventus is a spider designed to find subdomains of a specific domain by crawling it and any subdomains it discovers.
Stars: ✭ 80 (-40.74%)
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+254.07%)
urldedupePass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
Stars: ✭ 208 (+54.07%)
JustEvadeBroJustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
Stars: ✭ 63 (-53.33%)
sortcheckTool for detecting violations of ordering axioms in qsort/bsearch callbacks.
Stars: ✭ 23 (-82.96%)
KaliIntelligenceSuiteKali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by executing standard penetration testing tools. The collected data is internally stored in a structured manner to allow the fast identification and visualisation of the collected information.
Stars: ✭ 58 (-57.04%)
remote-adb-scanpure python remote adb scanner + nmap scan module
Stars: ✭ 19 (-85.93%)
bhedakA replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
Stars: ✭ 77 (-42.96%)
zap-sonar-pluginIntegrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (-51.11%)
VPS-Bug-Bounty-ToolsScript that automates the installation of the main tools used for web application penetration testing and Bug Bounty.
Stars: ✭ 44 (-67.41%)
proofable-imageBuild trust into your image by creating a blockchain certificate for it
Stars: ✭ 17 (-87.41%)
akamai-arl-hackScript to test open Akamai ARL vulnerability.
Stars: ✭ 70 (-48.15%)
juice-shopOWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+5480%)
Jira-LensFast and customizable vulnerability scanner For JIRA written in Python
Stars: ✭ 185 (+37.04%)
Poseidonstealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device objects.
Stars: ✭ 189 (+40%)