This is a tool to analyze android, linux and windows, to detect points to attack, as intents, receivers, services, processes and libraries.
This tool uses a static analysis methods to do this, the vector attack founded by this tool, can be attacked by fuzzing methods to discover vulnerabilities..
More security researchers, bug hunters, exploit writers, malware developers find a problems as unsecure compilation flags, methods/functions exposes, with this tool is more easy, this tool search by you automatically.
It is well known in the world of IT Security, that have been created countermeasures and memory protections to prevent easily create exploits and prevent programmers to write programs that execute arbitrary code, as RELRO, PAX, ASLR, PIE, NX, SSP, StackCanary and others, this tool search this flags to do the job.
For now this tool only check ELF Binary Format, searching RELRO, PAX, PIE, ASLR, NX, RPATH, RUNPATH, StackCanary and FORTIFY SOURCE protections.
Coming soon i publish this app in the Google Play with a free / pay version, but I prefer to publish it as open source, for the benefit of the community, it's just that I need to raise money to pay my debts and things related to my health, If anyone can assist me with this project to move the OpenSource, his advice would be welcome ...
Features about this project:
- Analysis apk and so/elf
- Extract apk and so/elf
- Scanner AIDL (Android Interface Definition Language)
- Analysis ssl pining and man in the middle
- Disassemble resources and sources
- Mapping classes, methods and imports
- Analysis backendless (MBaaS - Mobile Backend As A Service) libs
- Analysis Network traffic
- Analysis crash on classes
- CA certificates extractor, APK embedded certificates and Url certificate catcher.
- Analysis cryptografic API's
- Analysis intent filters
- Analysis file system permissions
- Analysis SH (Shell Scripts)
- Analysis webview xss and injections.
- Crash log view
- Dinamic code injection
- Fuzzing on intents and native libs (SO/ELF)
- Hooking native libs / java libs / JNI libs
- Analysis framework
- Url certificate catcher
- Analisys of reflexing code
- Shellcode detector
- Analysis apps vulnerable to cloning cards
- Scanner unsecure storage
- Hooking passing intents
- Hooking current activity
- Process Log Monitor
- Netstat log
- Detect keystores
- Detect websockets libs
- Detect url burned or hardcoded
- Regex analyzer, where the implements this
- How to Fix This Problem and unsecure practices
Preview: Vector Attack Scanner for Android:
Vector Attack Scanner: new UI:
This code was developed by me: Jheto Xekri
You can contact me in:
Profile web: http://about.me/jheto.xekri
or by Email: jheto.xekri@outlook.com
or by Whatsapp: +573122844198
or by Viber: +573122844198
or by Skype: jheto.xekri
Donations:
Coinbase: 1NzDu9iuZJPbsyQJxMFtk4YfWPMyVgNea1
Paypal: jheto.xekri@outlook.com