Application Security

A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.

A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.

ELFcrypt encrypts ELF binaries with obfuscation and anti-debugging features to protect against reverse engineering.

A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.

AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.

Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis with various tools and resources.

idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.

GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.

A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.

An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.

A Python tool for patching Dalvik bytecode in DEX files and assisting in Android application analysis

A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.

Identifies 137 malicious npm packages and gathers system information to a remote server.

A library of string validators and sanitizers.

OpenRASP is a runtime application self-protection solution that integrates into application servers to monitor and block threats in real-time using context-aware instrumentation.

Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.

npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.

APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.

SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

One stop shop for decompiling Android apps with a focus on regenerating R references.

Prevents you from committing passwords and other sensitive information to a git repository.

UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.

An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.

A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.