Application Security

Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.

Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.

Argus-SAF is a static analysis framework for security vetting Android applications.

Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.

A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.

A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.

A full python tool for analyzing Android files with various functionalities.

A CSP plugin for hapi with per-route configuration options.

A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.

CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.

A tool for reverse engineering Android apk files.

A Python-based Burp Suite extension that integrates Yara scanning capabilities for detecting patterns and signatures in web application traffic using custom Yara rules.

A standalone binary inspection tool for Android developers with support for various formats and dependencies.

A key and secret validation workflow tool built in Rust, supporting over 30 providers and exporting to JSON or CSV.

A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.

CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

Code to prevent a managed .NET debugger/profiler from working.

A lightweight library for device identification and fingerprinting, written in Kotlin and 100% crash-free.

ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.

A centralized platform for managing open source components and automating software supply chain security.

Automate software supply chain security by blocking malicious open source components

ESLint plugin to prevent Trojan Source attacks.

A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.