Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code. Vulnerabilities Covered: * Code Execution via Malicious App * Steal Files via Webview using XHR request * Steal Files using Fileprovider via Intents * Steal Password ResetTokens/MagicLoginLinks * Webview Xss via Exported Activity * Webview Xss via DeepLink Intent * Sniffing Between Two Applications * Reading User Email via Broadcasts To Get started: * Install the APK from the repository and play around * Find the areas where you think this can be exploited Note: If you want to use your own firebase project for authentication, clone the repo and remove the google-services.json and add your project one.
FEATURES
SIMILAR TOOLS
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
Nmap is an essential network scanning tool used for network security auditing and status monitoring.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.