droid-sec's repositories
Inspeckage
Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
Metaphor
Metaphor - Stagefright with ASLR bypass
Android-Inline-Hook
thumb16 thumb32 arm32 inlineHook in Android
hooker
Hooker is an opensource project for dynamic analyses of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application.
Androl4b
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
AndroidAPIHooker
使用cydia substrate框架hook android的关键api,实时记录观察app后台运行时所调用的所有敏感函数,并生成json日志输出
arminject
An application to dynamically inject a shared object into a running process on ARM architectures.
scaredycat
Python script to generate a malicious MP4 file and start a CherryPy web server hosting a simple HTML page with the embedded file. Exploits another Stagefright vulnerability, the integer overflow (CVE-2015-3864).
stagefright
Python script to generate a malicious MP4 file exploiting the 'stsc' vulnerability (CVE-2015-1538-1 - Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution), and start reverse TCP listener on attacker machine.
ContentProviderHelper
A nice little Android app that helps developers to discover and query content providers.
android-vts
Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
Mobile-Security-Framework-MobSF
Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis.
stagefright-plugins
Stagefright Plugins for Android
lobotomy
Android Security Toolkit
MFFA
Media Fuzzing Framework for Android
ADB-Backup-APK-Injection
Android ADB backup APK Injection POC
fuzzer-android
Unnamed repository; edit this file 'description' to name the repository.
vector-exploit
Exploit repository
core-android
RCS Agent for Android
rcs-common
Common components for RCS backend
bifuz
Broadcast Intent FUZzing Framework for Android
AndroidEagleEye
An Xposed based module which is capable of hooking both Android system APIs and applications' methods.
process-explorer-app
The Android app containing the Process Explorer
JustTrustMe
An xposed module that disables SSL certificate checking for the purposes of auditing and app with cert pinning
android
cSploit - The most complete and advanced IT security professional toolkit on Android.
intent-intercept
Intent Intercept Android app
UltimateLogcat
Contains the source code of UltimateLogcat (https://play.google.com/store/apps/details?id=com.anrapps.ultimatelogcat)
Catlog
Logcat-reading app for Android
CVE-2014-7911_poc
Local root exploit for Nexus5 Android 4.4.4(KTU84P)