Static Analysis Tools



1. [Androwarn](https://github.com/maaaaz/androwarn/) - detect and warn the user about potential malicious behaviours developed by an Android application.

2. [ApkAnalyser](https://github.com/sonyxperiadev/ApkAnalyser)

3. [APKInspector](https://github.com/honeynet/apkinspector/)

4. [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm)

5. [DroidLegacy](https://bitbucket.org/srl/droidlegacy)

7. [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs)

8. [FlowDroid](https://blogs.uni-paderborn.de/sse/tools/flowdroid/)

9. [Android Decompiler](https://www.pnfsoftware.com/) – not free

10. [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis

11. [Amandroid](http://amandroid.sireum.org/)

12. [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis

13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications

14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc.

15. [SPARTA](https://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](https://types.cs.washington.edu/checker-framework/)

16. [ConDroid](https://github.com/JulianSchuette/ConDroid) - Performs a combination of symbolic + concrete execution of the app

17. [DroidRA](https://github.com/serval-snt-uni-lu/DroidRA)

18. [RiskInDroid](https://github.com/ClaudiuGeorgiu/RiskInDroid) - A tool for calculating the risk of Android apps based on their permissions, with online demo available.

19. [SUPER](https://github.com/SUPERAndroidAnalyzer/super) - Secure, Unified, Powerful and Extensible Rust Android Analyzer

20. [ClassyShark](https://github.com/google/android-classyshark) - Standalone binary inspection tool which can browse any Android executable and show important infos.

21. [StaCoAn](https://github.com/vincentcox/StaCoAn) - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool was created with a big focus on usability and graphical guidance in the user interface.

22. [JAADAS](https://github.com/flankerhqd/JAADAS) - Joint intraprocedure and interprocedure program analysis tool to find vulnerabilities in Android apps, built on Soot and Scala

23. ~~[Several tools from PSU](http://siis.cse.psu.edu/tools.html)~~

24. [Quark-Engine](https://github.com/quark-engine/quark-engine) - An Obfuscation-Neglect Android Malware Scoring System


Enjoy! Follow us for more... 

No comments:

Post a Comment

What is Prototype content functions in JavaScript Framework Programming.mp4

  Download now Enjoy! Follow us for more...