1610 Open source projects that are alternatives of or similar to Mobile Security Framework Mobsf

Django application that performs SAST and Malware Analysis for Android APKs

Scanning APK file for URIs, endpoints & secrets.

Radare2 and Frida better together.

Defund the Police.

Static and dynamic Android application security analysis

The DevSecOps toolset for REST APIs

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Droidefense: Advance Android Malware Analysis Framework

A hackable malware sandbox for the 21st Century

Setup scripts for my Malware Analysis VMs

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Oversecured Vulnerable iOS App

pure python remote adb scanner + nmap scan module

汽车/安卓/固件/代码安全测试工具集

Intentionally vulnerable Android application.

guardrails.cs.virginia.edu

Android process memory dump tool without ndk.

A list of awesome malware detection tools

Integrate SonarQube scanner to GitHub Actions

Various analysis of Android stalkerware

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

As easy as /aitch-tee-tee-pie/ 🥧 Modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more. https://twitter.com/httpie

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)

Integrates OWASP Zed Attack Proxy reports into SonarQube

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

RAIR: RAdare In Rust

An ethereum evm bytecode disassembler and static/dynamic analysis tool

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

A graph-based static-dynamic hybrid DEX code analysis tool

APIs REST simulando loja virtual para servir de estudo de testes de API de forma manual ou automatizada

The radare2 + frida book for Mobile Application assessment

Deploy, update, and stage your WAFs while managing them centrally via FMS.

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

TIRO - A hybrid iterative deobfuscation framework for Android applications

OPEM (Open Source PEM Fuel Cell Simulation Tool)

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

A Simple PE File Heuristics Scanners

All that is required to run MobSF in the ci

🐺 Malware analysis platform

🐺 Malware analysis platform

Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules

secureCodeBox (SCB) - continuous secure delivery out of the box

Binary instrumentation framework based on FRIDA

Your performance & security consultant, an artisan command away.

⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

软件安全工程师技能表

Application Security Automation

An analysis tool for Python that blurs the line between testing and type systems.

Andromeda - Interactive Reverse Engineering Tool for Android Applications

Vulnerability Patterns Detector for C# and VB.NET

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.