Explore 46 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.
A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.
A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.
APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.
APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.
AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.
AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
A security checklist based on OWASP standards that provides comprehensive guidelines for designing, testing, and releasing secure Android applications.
A security checklist based on OWASP standards that provides comprehensive guidelines for designing, testing, and releasing secure Android applications.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
AppMon is a Frida-based automated framework for monitoring and tampering with system API calls across macOS, iOS, and Android applications.
AppMon is a Frida-based automated framework for monitoring and tampering with system API calls across macOS, iOS, and Android applications.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.
AMExtractor is an Android memory acquisition tool that dumps physical device memory using /dev/kmem without requiring kernel source code.
A security policy enforcement framework for Android applications that uses bytecode rewriting and in-place reference monitoring to inject security controls into APK files.
A security policy enforcement framework for Android applications that uses bytecode rewriting and in-place reference monitoring to inject security controls into APK files.
QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.
QARK is a static analysis tool that scans Android applications for security vulnerabilities and can generate proof-of-concept exploits for discovered issues.
DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.
DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.
AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.
AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.
An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.
Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.
Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.
A command-line tool for downloading Android APK files from the Appland platform via npm installation.
A command-line tool for downloading Android APK files from the Appland platform via npm installation.
FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.
FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.
CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.
A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.
A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.
Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.
Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.
A forensic toolkit for analyzing Android and iOS devices to detect potential spyware infections and security compromises using indicators of compromise.
A forensic toolkit for analyzing Android and iOS devices to detect potential spyware infections and security compromises using indicators of compromise.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
A collection of security reports and resources documenting various Android application vulnerabilities including hardcoded credentials, insecure deeplinks, and code execution flaws.
A collection of security reports and resources documenting various Android application vulnerabilities including hardcoded credentials, insecure deeplinks, and code execution flaws.
Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.
Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.
ReFlutter is a reverse engineering framework that uses patched Flutter libraries to enable dynamic analysis and traffic monitoring of Flutter mobile applications on Android and iOS platforms.
ReFlutter is a reverse engineering framework that uses patched Flutter libraries to enable dynamic analysis and traffic monitoring of Flutter mobile applications on Android and iOS platforms.
A command-line Android APK vulnerability analyzer written in Rust that decompresses and scans APK files using rule-based detection to identify security issues.
A command-line Android APK vulnerability analyzer written in Rust that decompresses and scans APK files using rule-based detection to identify security issues.
A Java-based API tool for programmatically searching and downloading Android applications from Google Play Store with Galaxy S3 device compatibility.
A Java-based API tool for programmatically searching and downloading Android applications from Google Play Store with Galaxy S3 device compatibility.
A Bash completion script that provides auto-completion functionality for Android SDK command-line tools including adb, emulator, fastboot, and repo.
A Bash completion script that provides auto-completion functionality for Android SDK command-line tools including adb, emulator, fastboot, and repo.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.
Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.
Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.