Awesome List Updates on Sep 21, 2017

5 awesome lists updated today.

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor

1. Awesome Preact

Contents / Components

• Preact Side Effect (⭐10) - Create components whose nested prop changes map to a global side effect.

• Preact Tiny Atom (⭐3) - Preact Integration with Tiny Atom (⭐116).

2. Awesome Angular

Free / Google Developer Experts

• ngx-admin (⭐25k) - Customizable admin dashboard template based on Angular 10+.

3. Awesome Android

Emulators

• BlueStacks

4. Android Security Awesome

Tools / Static Analysis Tools

• ApkAnalyser (⭐1k)

• APKInspector (⭐826)

• Droid Intent Data Flow Analysis for Information Leakage

• DroidLegacy

• FlowDroid

• Android Decompiler – not free

• Amandroid

• SmaliSCA (⭐316) - Smali Static Code Analysis

• CFGScanDroid (⭐58) - Scans and compares CFG against CFG of malicious applications

• Madrolyzer (⭐100) - extracts actionable data like C&C, phone number etc.

• SPARTA - verifies (proves) that an app satisfies an information-flow security policy; built on the Checker Framework

• DroidRA (⭐50)

• RiskInDroid (⭐130) - A tool for calculating the risk of Android apps based on their permissions, with an online demo available.

• SUPER (⭐416) - Secure, Unified, Powerful and Extensible Rust Android Analyzer

• ClassyShark (⭐7.5k) - Standalone binary inspection tool which can browse any Android executable and show important info.

• Smali CFG generator

Tools / App Vulnerability Scanners

• AndroBugs (⭐1.1k)

• Nogotofail (⭐2.9k)

Tools / Dynamic Analysis Tools

• Mobile-Security-Framework MobSF (⭐17k) - Mobile Security Framework is an intelligent, all-in-one open-source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

• AppUse – custom build for penetration testing

• Drozer (⭐3.7k)

• Xposed - equivalent of doing Stub-based code injection but without any modifications to the binary

• Inspeckage (⭐2.8k) - Android Package Inspector - dynamic analysis with API hooks, start unexported activities, and more. (Xposed Module)

• Android Hooker (⭐408) - Dynamic Java code instrumentation (requires the Substrate Framework)

• ProbeDroid (⭐196) - Dynamic Java code instrumentation

• DECAF (⭐794) - Dynamic Executable Code Analysis Framework based on QEMU (DroidScope is now an extension to DECAF)

• CuckooDroid (⭐577) - Android extension for Cuckoo sandbox

• Mem (⭐64) - Memory analysis of Android (root required)

• Crowdroid – unable to find the actual tool

• AuditdAndroid (⭐44) – android port of auditd, not under active development anymore

• Android Security Evaluation Framework - not under active development anymore

• Aurasium (⭐36) – Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.

• Android Linux Kernel modules (⭐205)

• StaDynA (⭐20) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.

• DroidAnalytics (⭐28) - incomplete

• Vezir Project (⭐101) - Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis

• MARA (⭐616) - Mobile Application Reverse Engineering and Analysis Framework

• Android Tamer - Virtual / Live Platform for Android Security Professionals

Tools / Reverse Engineering

• emacs syntax coloring for smali files (⭐32)

• vim syntax coloring for smali files

• AndBug (⭐596)

• Androguard (⭐5.1k) – powerful, integrates well with other tools

• Apktool – really useful for compilation/decompilation (uses smali)

• Android Framework for Exploitation (⭐183)

• Bypass signature and permission checks for IPCs (⭐81)

• Android OpenDebug (⭐130) – make any application on the device debuggable (using cydia substrate).

• Dex2Jar (⭐12k) - dex to jar converter

• Enjarify (⭐2.7k) - dex to jar converter from Google

• Fino (⭐105)

• Frida - inject javascript to explore applications and a GUI tool (⭐174) for it

• Indroid – thread injection kit

• Introspy (⭐463)

• Jad - Java decompiler

• JD-GUI (⭐14k) - Java decompiler

• CFR - Java decompiler

• Krakatau (⭐2k) - Java decompiler

• FernFlower (⭐3.4k) - Java decompiler

• Redexer (⭐161) – apk manipulation

• Bytecode viewer (⭐14k)

• Radare2 (⭐20k)

Tools / Fuzz Testing

• Radamsa Fuzzer (⭐64)

• Honggfuzz (⭐3k)

• Media Fuzzing Framework for Android (⭐330)

• AndroFuzz (⭐37)

Tools / Market Crawlers

• Aptoide downloader (Node) (⭐23) - download apps from Aptoide third-party Android market

• Appland downloader (Node) (⭐15) - download apps from Appland third-party Android market

Tools / Misc Tools

• AXMLPrinter2 - to convert binary XML files to human-readable XML files

• adb autocomplete (⭐248)

Academic/Research/Publications/Books / Research Papers

• A good collection of static analysis papers

Exploits/Vulnerabilities/Bugs / List

• Android's reported security vulnerabilities

• AOSP - Issue tracker

• OWASP Mobile Top 10 2016

• Exploit Database - click search

• Vulnerability Google Doc

• Google Android Security Team’s Classifications for Potentially Harmful Applications (Malware)

• Android Devices Security Patch Status

Exploits/Vulnerabilities/Bugs / Malware

• Android Malware Github repo (⭐1k)

• Android Malware Genome Project - contains 1260 malware samples categorized into 49 different malware families, free for research purposes.

• Contagio Mobile Malware Mini Dump

5. Awesome Dotnet Core

Books / Workflow

• .NET Core in Action

• The little ASP.NET Core

• Prev: Sep 22, 2017
• Next: Sep 20, 2017