Application Security

A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.

A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.

Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.

Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.

ReFlutter is a reverse engineering framework that uses patched Flutter libraries to enable dynamic analysis and traffic monitoring of Flutter mobile applications on Android and iOS platforms.

NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.

A security feature to prevent unexpected manipulation of fetched resources.

A command-line Android APK vulnerability analyzer written in Rust that decompresses and scans APK files using rule-based detection to identify security issues.

Curiefense is an application security platform that extends Envoy proxy to protect web applications and APIs against SQL injection, XSS, DDoS, and other common threats.

XGuardian XARA Security Scanner for OSX with URL scheme, Bundle ID, and keychain hijack checks.

A Java-based API tool for programmatically searching and downloading Android applications from Google Play Store with Galaxy S3 device compatibility.

A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.

FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.

DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.

A secrets detection tool that scans GitHub, GitLab, and Bitbucket repositories to identify API keys, access tokens, and other sensitive information in source code.

Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.

A static analysis tool for Android apps that detects malware and other malicious code

A PHP 5.x polyfill for random_bytes() and random_int() created by Paragon Initiative Enterprises.

Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.

A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.

ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.

A library for generating random numbers and strings of various strengths, useful in security contexts.

Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.

A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.