Sunday 28 July 2013

Android Application Tools For Security Testing

AVD Clone: Clone an Android Virtual Device for easy distribution through the Android SDK Manager. You can create an AVD preinstalled with the apps and settings you need, and distribute it to others by having them point their Android SDK Manager to your repository.  Tool made by Security Compass. Download

APKInspector : The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps. Download

Burp Suite:  It is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing

Androguard:   Create your own static analysis tool,; Analysis a bunch of android apps,; Analysis . Open source database of android malware.

Android Framework for Exploitation :
Smartphone Pentest Framework: Rather this tool allows you to assess the security of the smartphones in your environment in the manner you’ve come to expect with modern penetration testing tools.

Droid Pentest: Its help you to find all android apps for penetration testing and hacking so you can make complete penetration test platform .

Android SDK: A software development kit that enables developers to create applications for the Android platform. The Android SDK includes sample projects with source code.

DroidBox: Its developed to offer dynamic analysis of Android applications. The following information is shown in the results, generated when analysis is ended:
•    Hashes for the analyzed package
•    Incoming/outgoing network data
•    File read and write operations
•    Started services and loaded classes through DexClassLoader
•    Information leaks via the network, file and SMS
•    Circumvented permissions
•    Cryptography operations performed using Android API
•    Listing broadcast receivers
•    Sent SMS and phone calls
Additionally, two images are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.


Dex2jar: dex2jar is a lightweight package that provide you with four components in order to work with .dex and java .class files. dex-reader is designed to read the Dalvik Executable (.dex/.odex) format. It has a light weight API similar with ASM.

Jd-gui: JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer