AppMon
Automated framework for monitoring and tampering system API calls of native macOS, iOS, and Android apps.
Profile web applications, sorting inputs into two categories based on discrepancies in the application's response time. This tool can be used to test and develop known-vulnerable applications. Installation: gem install timing_attack. Usage: timing_attack [options] -u <target> <inputs> -u, --url URL URL of endpoint to profile. 'INPUT' will be replaced with the attack string. -n, --number NUM Requests per input (default: 50). -c, --concurrency NUM Number of concurrent requests (default: 15). -t, --threshold NUM Minimum threshold, in seconds, for meaningfulness (default: 0.025). -p, --post Use POST, not GET. -q, --quiet Quiet mode (don't display progress bars). -b, --brute-force Brute force mode. -i, --inputs-file FILE Read inputs from specified file, one per line. --parameters STR JSON hash of URL parameters. 'INPUT' will be replaced with the attack string. --parameters-file FILE Name of file containing parameters as with --parameters. --headers STR JSON hash of headers. 'INPUT' will be replaced with the attack string. --headers-file FILE Name of file containing headers as with --headers. --body STR JSON hash of parameters to be included in the request body. 'INPUT'
Automated framework for monitoring and tampering system API calls of native macOS, iOS, and Android apps.
A static analysis tool for Android apps that detects malware and other malicious code
YLS Language Server for YARA Language with comprehensive features and Python 3.8 support.
ESLint plugin to prevent Trojan Source attacks.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
A lightweight web security auditing toolkit that simplifies security tasks and enhances productivity.