DVHMA Damn Vulnerable Hybrid Mobile App Logo

DVHMA Damn Vulnerable Hybrid Mobile App

0
Free
Visit Website

DVHMA is an hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely. Motivation and Scope This app is developed to study pitfalls in developing hybrid apps, e.g., using Apache Cordova or SAP Kapsel, securely. Currently, the main focus is to develop a deeper understanding of injection vulnerabilities that exploit the JavaScript to Java bridge. Installation Prerequisites We assume that the Android SDK (https://developer.android.com/sdk/index.html) and Apache Cordova (https://cordova.apache.org/), version 8.0.0 (later versions might work) Moreover, we assume a basic familiarity with the build system of Apache Cordova. Building DVHMA Setting Environment Variables export ANDROID_HOME=<Android SDK Installation Directory> export PATH=$ANDROID_HOME/tools:$PATH export PATH=$ANDROID_HOME/platform-tools:$PATH Compiling DVHMA cd DVHMA-Featherweight cordova plugin add ../plugins/DVHMA-Storage cordova plugin add ../plugins/DVHMA-WebIntent cordova plugin add ../plugins/DVHMA-WebIntent

FEATURES

ALTERNATIVES

Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.

A repository of open-source plugins for Rapid7 InsightConnect

A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.

Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.

A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.

Scans Alpine base images for vulnerabilities using Multi Stage builds in Docker 17.05

A categorized collection of bug bounty write-ups for various vulnerabilities.

A tool that checks for hijackable packages in NPM and Python Pypi registries