Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code. Vulnerabilities Covered: * Code Execution via Malicious App * Steal Files via Webview using XHR request * Steal Files using Fileprovider via Intents * Steal Password ResetTokens/MagicLoginLinks * Webview Xss via Exported Activity * Webview Xss via DeepLink Intent * Sniffing Between Two Applications * Reading User Email via Broadcasts To Get started: * Install the APK from the repository and play around * Find the areas where you think this can be exploited Note: If you want to use your own firebase project for authentication, clone the repo and remove the google-services.json and add your project one.
FEATURES
SIMILAR TOOLS
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
Donate to your favorite open-source projects and charities using PayPal
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A collection of Ansible roles for hardening various systems and services
A script that checks for common best-practices around deploying Docker containers in production.
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
A tool that checks for hijackable packages in NPM and Python Pypi registries
A vulnerable web site in NodeJS for testing security source code analyzers.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.