Androwarn is a static analysis tool for Android applications that examines Dalvik bytecode to identify potentially malicious behaviors. The tool utilizes the androguard library to perform comprehensive analysis of Android APK files without executing the application. It examines various aspects of application behavior including telephony identifier access, device settings manipulation, geolocation data collection, network connection interfaces, telephony services usage, audio and video interception capabilities, remote connection establishment, and personal information management (PIM) data access. Androwarn generates detailed reports with configurable technical detail levels, allowing security analysts to understand the potential risks associated with Android applications. The tool focuses on detecting behaviors that could indicate malicious intent or privacy violations, making it useful for mobile application security assessment and malware research. The static analysis approach means the tool can examine applications without requiring them to be executed in a live environment, providing a safe method for initial security evaluation of Android applications.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A sandbox for quickly sandboxing known or unknown families of Android Malware
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A collaborative malware analysis framework with various features for automated analysis tasks.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
A program to manage yara ruleset in a database with support for different databases and configuration options.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.