CFGScanDroid
CFGScanDroid is a utility for comparing control flow graph (CFG) signatures to the control flow graphs of Android methods. It was designed as a scanner for malicious applications. Building: If you do not have Maven installed: sudo apt-get install maven (If you're on a non-Debian OS, I believe in you and your ability to get Maven installed.) If you have Maven, the build script should run the correct command: ./build.sh This will create a file: target/CFGScanDroid-0.1-jar-with-dependencies.jar Running: java -jar target/CFGScanDroid-0.1-jar-with-dependencies.jar USAGE: Must have one of (-d|-s|-l|-r) and you should probably specify some DEX files (-f) to use too ESSENTIALS: -f, -dex-files DEX file(s) to run -d, -dump-sigs Dump signature for each method of each DEX file -s, -sig-file A file containing signatures -r, -raw-signature Pass a signature in raw on the command line -l, -load-sigs-from-dex DEX file(s) whose methods to scan with SCAN MODES: -e, -exact-match Only match complete signature CFG to function CFG -p, -partial-match Find the signature graph
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Akamai App & API Protector is an integrated security solution that safeguards web applications and APIs against various cyber threats using edge computing and adaptive technologies.
A popular free security tool for automatically finding security vulnerabilities in web applications
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
A Rust-based command-line tool for analyzing .apk files to detect vulnerabilities.
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
A device security analysis platform that provides comprehensive vulnerability scanning, SBOM management, and supply chain security monitoring for connected devices and their components.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.