140 Open source projects that are alternatives of or similar to Ovaa

HTML5 WebSocket message fuzzer

A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

android proxy setting tool

GSM Assessment Toolkit - A security evaluation framework for GSM networks

"Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" ACSAC 2019

A Tool for Domain Flyovers

Some of my security stuff and vulnerabilities. Nothing advanced. More to come.

Verify your In-App Purchase receipts & protect your Apps from hacking, patching used by Piracy Apps like Lucky Patcher.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Nmap and NSE command line wrapper in the style of Metasploit

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

log for articles and info in android for every developer

[OUTDATED & UNSUPPORTED] Droid Watcher - Android Spy Application

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

This repository contains links to awesome security articles.

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.

A big list of Android Hackerone disclosed reports and other resources.

A simple Java command-line utility to mirror the entire contents of VulnDB.

Documentation for Essential Node.js Security

A curated list of Android Security materials and resources For Pentesters and Bug Hunters

Testowanie oprogramowania - Książka dla początkujących testerów

The OWASP ZAP core project

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Git All the Payloads! A collection of web attack payloads.

Embedded AppSec Best Practices

OWASP ZAP Add-ons

Some good resources for getting started with application security

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

A Collection of Secure Mobile Development Best Practices

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

In progress rough solutions to bWAPP / bee-box

Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.

Sample scan files for testing DefectDojo imports

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Integrates Dependency-Check reports into SonarQube

👓 Every link ever to Android Developer site.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

Various analysis of Android stalkerware

axplorer - Android Permission Mappings

A repository for scripting a mobile attack toolchain

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

Android apk/sdk Scan包括android apk/sdk 安全审计代码扫描以及国内政策扫描

CWAC-Security: Helping You Help Your Users Defend Their Data

Next generation web scanner

Swiss army knife for identifying and fingerprinting Android devices.

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

PINkman is a library to help implementing an authentication by a PIN code in a secure manner. The library derives hash from the user's PIN using Argon2 function and stores it in an encrypted file. The file is encrypted with the AES-256 algorithm in the GCM mode and keys are stored in the AndroidKeystore.