CFGScanDroid Logo

CFGScanDroid

0
Free
Visit Website

CFGScanDroid is a utility for comparing control flow graph (CFG) signatures to the control flow graphs of Android methods. It was designed as a scanner for malicious applications. Building: If you do not have Maven installed: sudo apt-get install maven (If you're on a non-Debian OS, I believe in you and your ability to get Maven installed.) If you have Maven, the build script should run the correct command: ./build.sh This will create a file: target/CFGScanDroid-0.1-jar-with-dependencies.jar Running: java -jar target/CFGScanDroid-0.1-jar-with-dependencies.jar USAGE: Must have one of (-d|-s|-l|-r) and you should probably specify some DEX files (-f) to use too ESSENTIALS: -f, -dex-files DEX file(s) to run -d, -dump-sigs Dump signature for each method of each DEX file -s, -sig-file A file containing signatures -r, -raw-signature Pass a signature in raw on the command line -l, -load-sigs-from-dex DEX file(s) whose methods to scan with SCAN MODES: -e, -exact-match Only match complete signature CFG to function CFG -p, -partial-match Find the signature graph

FEATURES

ALTERNATIVES

IronBee is an open source project building a universal web application security sensor.

A web security tool that scans for vulnerabilities and known attacks.

A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.

A tool for identifying potential security vulnerabilities in web applications

Automatically redirect users from www to non-www for a secure connection.

Cross-site scripting labs for web application security enthusiasts

A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.

CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.