87 Open source projects that are alternatives of or similar to BadIntent

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Documentation:

Android process memory dump tool without ndk.

Turn your Burp suite into headless active web application vulnerability scanner

GSM Assessment Toolkit - A security evaluation framework for GSM networks

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

pure python remote adb scanner + nmap scan module

Mobile penetration testing android & iOS command cheatsheet

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.

Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】

Flutter Reverse Engineering Framework

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Django application that performs SAST and Malware Analysis for Android APKs

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

PowerAuth Mobile SDK for adds capability for authentication and transaction signing into the mobile apps (ios, watchos, android).

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Automate security tests using Burp Suite.

Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

Oversecured Vulnerable Android App

A Collection of Secure Mobile Development Best Practices

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

Source code for Hacker101.com - a free online web and mobile security class.

A fast and elegant extension for VSCode used for iOSre projects.

A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

Burp extension intended to compact Burp extension tabs by hijacking them to own tab.

PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

log for articles and info in android for every developer

Oversecured Vulnerable iOS App

GSM Scanner, RTL-SDR, StingWatch, Meteor

VyAPI - A cloud based vulnerable hybrid Android App

Intentionally vulnerable Android application.

Unofficial frida extension for VSCode

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries.

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Hand-crafted Frida examples

Security checks pack for Burp Suite

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

A Burp Extender for checking for struts 2 RCE vulnerabilities.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

Various analysis of Android stalkerware

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Burp Suite extension to passively scan for applications revealing server error messages

Scanning APK file for URIs, endpoints & secrets.

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Burp extension for automated handling of CSRF tokens

A repository for scripting a mobile attack toolchain

Testowanie oprogramowania - Książka dla początkujących testerów

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.