FSquaDRA
FSquaDRA is a detection tool designed to identify repackaged Android applications through similarity analysis. The tool operates on the principle that repackaged applications typically maintain the visual appearance and functionality of their original counterparts while potentially containing malicious modifications. It computes Jaccard similarity coefficients by analyzing the set of file digests contained within Android package (APK) files. The detection process leverages pre-computed digests that are generated during the Android application signing process, which significantly reduces the computational overhead required for APK comparison operations. This approach allows for faster analysis compared to methods that require real-time digest computation. FSquaDRA was developed at the University of Trento and the research findings were presented at the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy. The tool can be built as a JAR file for deployment and execution.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.