DVHMA Damn Vulnerable Hybrid Mobile App Logo

DVHMA Damn Vulnerable Hybrid Mobile App

0
Free
Visit Website

DVHMA is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely. Motivation and Scope This app is developed to study pitfalls in developing hybrid apps, e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the main focus is to develop a deeper understanding of injection vulnerabilities that exploit the JavaScript to Java bridge. Installation Prerequisites We assume that the Android SDK (https://developer.android.com/sdk/index.html) and Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later versions might work) Moreover, we assume a basic familiarity with the build system of Apache Cordova. Building DVHMA Setting Environment Variables export ANDROID_HOME=<Android SDK Installation Directory> export PATH=$ANDROID_HOME/tools:$PATH export PATH=$ANDROID_HOME/platform-tools:$PATH Compiling DVHMA cd DVHMA-Featherweight cordova plugin add ../plugins/DVHMA-Storage cordova plugin add ../plugins/DVHMA-WebIntent cordova plugin add ../plugins/DVHMA-WebIntent

FEATURES

ALTERNATIVES

A tool that checks for hijackable packages in NPM and Python Pypi registries

A tool for detecting and exploiting Android application vulnerabilities

A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.

A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.

A fuzzer for detecting open redirect vulnerabilities

A vulnerable Android application demonstrating various security issues and vulnerabilities

All-in-one vulnerability intelligence platform for prioritizing remediation efforts and driving security strategies.

A framework for building code injection vulnerability testbeds

PINNED