113 Open source projects that are alternatives of or similar to OversecuredVulnerableiOSApp

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Oversecured Vulnerable Android App

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.

log for articles and info in android for every developer

Intentionally vulnerable Android application.

A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries.

Scanning APK file for URIs, endpoints & secrets.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.

VyAPI - A cloud based vulnerable hybrid Android App

GSM Scanner, RTL-SDR, StingWatch, Meteor

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Hand-crafted Frida examples

Git All the Payloads! A collection of web attack payloads.

In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

The OWASP ZAP Heads Up Display (HUD)

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

This project is about creating and publishing threat model examples.

A fast and elegant extension for VSCode used for iOSre projects.

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

A simple Java command-line utility to mirror the CVE JSON data from NIST.

GSM Assessment Toolkit - A security evaluation framework for GSM networks

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Django application that performs SAST and Malware Analysis for Android APKs

Mobile penetration testing android & iOS command cheatsheet

Android process memory dump tool without ndk.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

PowerAuth Mobile SDK for adds capability for authentication and transaction signing into the mobile apps (ios, watchos, android).

A simple Java command-line utility to mirror the entire contents of VulnDB.

pure python remote adb scanner + nmap scan module

Documentation:

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Source code for Hacker101.com - a free online web and mobile security class.

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

This repository contains links to awesome security articles.

🎯 RFI/LFI Payload List

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Testowanie oprogramowania - Książka dla początkujących testerów

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

A Collection of Secure Mobile Development Best Practices

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Flutter Reverse Engineering Framework

Various analysis of Android stalkerware

A repository for scripting a mobile attack toolchain

Unofficial frida extension for VSCode

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…