Vuldroid
Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code. Vulnerabilities Covered: * Code Execution via Malicious App * Steal Files via Webview using XHR request * Steal Files using Fileprovider via Intents * Steal Password ResetTokens/MagicLoginLinks * Webview Xss via Exported Activity * Webview Xss via DeepLink Intent * Sniffing Between Two Applications * Reading User Email via Broadcasts To Get started: * Install the APK from the repository and play around * Find the areas where you think this can be exploited Note: If you want to use your own firebase project for authentication, clone the repo and remove the google-services.json and add your project one.
FEATURES
SIMILAR TOOLS
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
Nmap is an essential network scanning tool used for network security auditing and status monitoring.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.