140 Open source projects that are alternatives of or similar to Ovaa

Django application that performs SAST and Malware Analysis for Android APKs

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Oversecured Vulnerable iOS App

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

pure python remote adb scanner + nmap scan module

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Android process memory dump tool without ndk.

Scanning APK file for URIs, endpoints & secrets.

An application to assist in the organization and prioritization of software security activities.

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

A vulnerable version of Rails that follows the OWASP Top 10

Web path scanner

Android Mobile Device Hardening

Radare2 and Frida better together.

A big list of Android Hackerone disclosed reports and other resources.

A fast and elegant extension for VSCode used for iOSre projects.

A curated list of Android Security materials and resources For Pentesters and Bug Hunters

VyAPI - A cloud based vulnerable hybrid Android App

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Hand-crafted Frida examples

HTML5 WebSocket message fuzzer

android proxy setting tool

"Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" ACSAC 2019

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

[OUTDATED & UNSUPPORTED] Droid Watcher - Android Spy Application

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

All-in-one tool for managing vulnerability reports from AppSec pipelines

软件安全工程师技能表

Testowanie oprogramowania - Książka dla początkujących testerów

OWASP ZAP Add-ons

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

A Collection of Secure Mobile Development Best Practices

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.

An app showcase of some techniques to improve Android app security

Documentation:

w3af: web application attack and audit framework, the open source web vulnerability scanner.

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Integrates Dependency-Check reports into SonarQube

axplorer - Android Permission Mappings

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

Android apk/sdk Scan包括android apk/sdk 安全审计代码扫描以及国内政策扫描

The OWASP ZAP core project

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

👓 Every link ever to Android Developer site.