dora: Find exposed API keys based on RegEx
dora Find exposed API keys based on RegEx and get exploitation methods for some of the keys that are found. Features Blazing fast as we are using ripgrep in the backend Exploit/PoC steps for...
Category: Smartphone PenTest
Mariana Trench: security focused static analysis platform targeting Android
Mariana Trench Mariana Trench is a security-focused static analysis platform targeting Android. The tool provides an extensible global taint analysis similar to pre-existing tools like Pysa for Python. The tool leverages existing static analysis infrastructure (e.g, SPARTA)...
stacs v0.5.1 releases: Static Token And Credential Scanner
Static Token And Credential Scanner STACS is a YARA-powered static credential scanner that supports binary file formats, analysis of nested archives, composable rulesets and ignores lists, and SARIF reporting. What does STACS support? Currently,...
AdbNet: An Exploitation-Framework for android devices
AdbNet A Framework that allows you to search for vulnerable android devices across the world and exploit them. Features: – Post-Exploitation modules to control and tinker with the device you are connected to. –...
InsecureShop: Intentionally designed Vulnerable Android Application
InsecureShop InsecureShop is an Android application that is designed to be intentionally vulnerable. The aim of creating this app is to teach developers and security professionals about the vulnerabilities that are present in modern...
Solitude: privacy analysis tool
Solitude Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating user privacy within...
BlackDex v3.2 releases: Android unpack tool
BlackDex BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in...
Ruse: making human’ photos unusable for facial recognition systems
Ruse Mobile camera-based application that attempts to alter photos to preserve their utility to humans while making them unusable for facial recognition systems. Usage example The app is developed as a camera-based app, allowing...
ipa-medit v0.2.3 releases: memory search and patch tool for resigned ipa
ipa-medit Ipa-medit is a memory search and patch tool for resigned ipa without jailbreak. It was created for mobile game security testing. Motivation Memory modification is the easiest way to cheat in games, it...
mobsfscan v0.3.4 releases: find insecure code patterns in your Android and iOS source code
mobsfscan mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered...
iPwn: exploiting and gaining access to iOS devices
iPwn A Framework meant for the exploitation of iOS devices. iPwn is a framework meant for exploiting and gaining access to iOS devices. It also has an extension that is a mini-framework called ‘iSteal’...
allsafe v1.4 releases: Intentionally vulnerable Android application
Allsafe Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and...
Vulnerable Banking Application for Android
Damn Vulnerable Bank Damn Vulnerable Bank Android Application aims to provide an interface for everyone to get a detailed understanding of the internal and security aspects of android applications. Features Sign up Login My...
AndroGoat: Learn Android Application Security Testing
AndroGoat AndroGoat is purposely developed an open-source vulnerable/insecure app using Kotlin. Security Testers/Professionals/Enthusiasts, Developers…etc. can use this application to understand and defend the vulnerabilities in the Android platform. This is the first vulnerable app...
toothpicker: an in-process, coverage-guided fuzzer for iOS
ToothPicker ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically target iOS’s Bluetooth daemon bluetoothd and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be...
