Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
218 lines (137 sloc) 5.67 KB

Android Vulnerability

Mining Tools

viaLab

https://www.viaprotect.com/lab/community-edition/

drozer

http://labs.mwrinfosecurity.com/tools/drozer/

Mercury

http://labs.mwrinfosecurity.com/tools/2012/03/16/mercury/

An Android application security assessment framework, likes the Metasploit for PC software security.

It consist of a server, which running on Android device for collecting information and launching exploit, and a client, which running on PC as a CUI program. It support automatically assessment through modules, the extensible python scripts.

Code: https://github.com/mwrlabs/mercury

Slide: https://www.blackhat.com/html/bh-eu-12/bh-eu-12-archives.html#erasmus

User Guide: http://labs.mwrinfosecurity.com/assets/300/mercury-user-guide-v1.1.pdf

Dev Guide: https://github.com/mwrlabs/mercury/wiki/Developer-documentation

AFE

http://afe-framework.com

https://github.com/xysec/afe

ASEF

https://code.google.com/p/asef/

androwarn

https://github.com/maaaaz/androwarn

apkstatic

https://code.google.com/p/apkstatics/

X-Ray

http://www.xray.io

CodeSonar

http://www.grammatech.com/products/codesonar/overview.html

FindBugs

http://findbugs.sourceforge.net

PMD

http://pmd.sourceforge.net

GoatDroid

https://github.com/jackMannino/OWASP-GoatDroid-Project

apkstatics

https://code.google.com/p/apkstatics/

Manitree

https://github.com/antitree/manitree

Blog entry: http://intrepidusgroup.com/insight/2011/11/manitree-androidmanifest-xml-auditor/

c-ray

http://code.google.com/p/c-ray/

Smartphone Pentest Framework (SPF)

https://github.com/georgiaw/Smartphone-Pentest-Framework

bytecode scanner

http://www.dexlabs.org/bytecodescanner/

androidAuditTools

https://github.com/wuntee/androidAuditTools

smartphonesdumbapps

http://code.google.com/p/smartphonesdumbapps/

seek-for-android

http://code.google.com/p/seek-for-android/

dSploit

http://www.dsploit.net

android-ssl-bypass

https://github.com/iSECPartners/android-ssl-bypass

SEDDroid

http://202.117.54.232:8080

DroidBench – Benchmarks

http://sseblog.ec-spride.de/android/droidbench/

address-sanitizer

http://code.google.com/p/address-sanitizer/

YSO Mobile Security Framework

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis.

https://github.com/ajinabraham/YSO-Mobile-Security-Framework

Grab-n-Run

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

https://github.com/lukeFalsina/Grab-n-Run

melkor-android

An Android port of the melkor ELF fuzzer

https://github.com/anestisb/melkor-android

andsploit

https://github.com/andsploit/andsploit

Sandy

Sandy is an open-source Samsung phone encryption assessment framework. Sandy has different modules that allow you to carry out different attack scenarios against encrypted Samsung phones.

https://github.com/donctl/sandy

Exploits and PoCs

ADB-Backup-APK-Injection

Android ADB backup APK Injection POC

https://github.com/irsl/ADB-Backup-APK-Injection

byeselinux

Android kernel module to bypass SELinux at boot

https://github.com/dosomder/byeselinux

SNS-thief

POC of vulnerabilities in Samsung's SNS application.

https://github.com/programa-stic/SNS-thief

ROP-without-Return-on-ARM-android-

reproduce the experiment in the report.

https://github.com/ch0psticks/ROP-without-Return-on-ARM-android-

lgosp-poc

LG On Screen Phone authentication bypass PoC (CVE-2014-8757)

https://github.com/irsl/lgosp-poc

CVE-2014-4322_poc

https://github.com/retme7/CVE-2014-4322_poc

CVE-2014-7911_poc

https://github.com/retme7/CVE-2014-7911_poc

FakeID_poc_by_retme_bug_13678484

https://github.com/retme7/FakeID_poc_by_retme_bug_13678484

launchAnyWhere_poc_by_retme_bug_7699048

https://github.com/retme7/launchAnyWhere_poc_by_retme_bug_7699048

broadAnyWhere_poc_by_retme_bug_17356824

https://github.com/retme7/broadAnyWhere_poc_by_retme_bug_17356824

ComponentSuperAccessor

A project combine launchAnyWhere and broadAnyWhere two exploits.

https://github.com/boyliang/ComponentSuperAccessor

Android-InsecureBankv2

Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities

https://github.com/dineshshetty/Android-InsecureBankv2

libfutex_exploit

CVE-2014-3153 exploit

https://github.com/android-rooting-tools/libfutex_exploit

ComponentHijackingExploit

https://github.com/daoyuan14/ComponentHijackingExploit

FakeID_poc_by_retme_bug_13678484

https://github.com/boyliang/FakeID_poc_by_retme_bug_13678484

Android_FakeID_Exploit

https://github.com/boyliang/Android_FakeID_Exploit

EvernoteExtractor

This POC demostrate are very easy steal notes from Evernote Android Version

https://github.com/JhetoX/EvernoteExtractor

kilroy

A combination of weaknesses in the android GPU driver (kgsl) and ion as deployed on snapdragon devices allow access to physical memory to non-privileged user.

https://github.com/robclark/kilroy

break_setresuid

Run root shell through CVE-2012-4220

https://github.com/poliva/break_setresuid

ZeroSMS

Android >=2.3 Class 0 SMS Proof of concept

https://github.com/stars?direction=desc&page=14&sort=created

zysploit

Exploit for setuid() vulnerability in Android Zygote

https://github.com/unrevoked/zysploit

AndroidZipArbitrage

Exploit for Android Zip bugs: 8219321, 9695860, and 9950697

libexploit

https://github.com/android-rooting-tools/libexploit

Known Vulnerabilities

Android漏洞信息库

http://android.scap.org.cn/index.html