Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+7300%)
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+1231.16%)
OvaaOversecured Vulnerable Android App
Stars: ✭ 152 (+10.14%)
vapivAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
Stars: ✭ 674 (+388.41%)
PivaaCreated by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
Stars: ✭ 71 (-48.55%)
allsafeIntentionally vulnerable Android application.
Stars: ✭ 135 (-2.17%)
mobiletrackersA repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries.
Stars: ✭ 118 (-14.49%)
ApkleaksScanning APK file for URIs, endpoints & secrets.
Stars: ✭ 2,707 (+1861.59%)
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (+412.32%)
KicsFind security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Stars: ✭ 189 (+36.96%)
powerauth-cryptoPowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.
Stars: ✭ 48 (-65.22%)
VyapiVyAPI - A cloud based vulnerable hybrid Android App
Stars: ✭ 75 (-45.65%)
SDR-DetectorGSM Scanner, RTL-SDR, StingWatch, Meteor
Stars: ✭ 56 (-59.42%)
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (+25.36%)
BadIntentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Stars: ✭ 316 (+128.99%)
PayloadsGit All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+1973.91%)
SSI Extra MaterialsIn my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Stars: ✭ 42 (-69.57%)
Dexcalibur[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (+271.01%)
Zap HudThe OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201 (+45.65%)
BlisqyVersion 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
Stars: ✭ 179 (+29.71%)
Threat Model CookbookThis project is about creating and publishing threat model examples.
Stars: ✭ 159 (+15.22%)
IosreextensionA fast and elegant extension for VSCode used for iOSre projects.
Stars: ✭ 139 (+0.72%)
AdhritAndroid Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Stars: ✭ 399 (+189.13%)
Nist Data MirrorA simple Java command-line utility to mirror the CVE JSON data from NIST.
Stars: ✭ 135 (-2.17%)
gsm-assessment-toolkitGSM Assessment Toolkit - A security evaluation framework for GSM networks
Stars: ✭ 60 (-56.52%)
Rms Runtime Mobile SecurityRuntime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Stars: ✭ 1,194 (+765.22%)
mobileAuditDjango application that performs SAST and Malware Analysis for Android APKs
Stars: ✭ 140 (+1.45%)
dumproidAndroid process memory dump tool without ndk.
Stars: ✭ 55 (-60.14%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-7.25%)
powerauth-mobile-sdkPowerAuth Mobile SDK for adds capability for authentication and transaction signing into the mobile apps (ios, watchos, android).
Stars: ✭ 27 (-80.43%)
vulndb-data-mirrorA simple Java command-line utility to mirror the entire contents of VulnDB.
Stars: ✭ 36 (-73.91%)
remote-adb-scanpure python remote adb scanner + nmap scan module
Stars: ✭ 19 (-86.23%)
AppmonDocumentation:
Stars: ✭ 1,157 (+738.41%)
grapefruit(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
Stars: ✭ 633 (+358.7%)
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+8773.91%)
PidrilaPython Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-9.42%)
ipa-meditMemory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
Stars: ✭ 141 (+2.17%)
Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Stars: ✭ 908 (+557.97%)
Sast ScanScan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Stars: ✭ 234 (+69.57%)
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Stars: ✭ 633 (+358.7%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+35.51%)
YawastYAWAST ...where a pentest starts. Security Toolkit for Web-based Applications
Stars: ✭ 181 (+31.16%)
Web MethodologyMethodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
Stars: ✭ 142 (+2.9%)
Grapefruit(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
Stars: ✭ 235 (+70.29%)
KurukshetraKurukshetra - A framework for teaching secure coding by means of interactive problem solving.
Stars: ✭ 131 (-5.07%)
BadintentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Stars: ✭ 303 (+119.57%)
Oob ServerA Bind9 server for pentesters to use for Out-of-Band vulnerabilities
Stars: ✭ 125 (-9.42%)
SecurityratOWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (-16.67%)
reFlutterFlutter Reverse Engineering Framework
Stars: ✭ 698 (+405.8%)
mobilehacktoolsA repository for scripting a mobile attack toolchain
Stars: ✭ 61 (-55.8%)
Vscode FridaUnofficial frida extension for VSCode
Stars: ✭ 221 (+60.14%)
Gda Android Reversing ToolGDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…
Stars: ✭ 2,332 (+1589.86%)