1. [Androwarn](https://github.com/maaaaz/androwarn/) - detect and warn the user about potential malicious behaviours developed by an Android application.
2. [ApkAnalyser](https://github.com/sonyxperiadev/ApkAnalyser)
3. [APKInspector](https://github.com/honeynet/apkinspector/)
4. [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm)
5. [DroidLegacy](https://bitbucket.org/srl/droidlegacy)
7. [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs)
8. [FlowDroid](https://blogs.uni-paderborn.de/sse/tools/flowdroid/)
9. [Android Decompiler](https://www.pnfsoftware.com/) – not free
10. [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis
11. [Amandroid](http://amandroid.sireum.org/)
12. [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis
13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications
14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc.
15. [SPARTA](https://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](https://types.cs.washington.edu/checker-framework/)
16. [ConDroid](https://github.com/JulianSchuette/ConDroid) - Performs a combination of symbolic + concrete execution of the app
17. [DroidRA](https://github.com/serval-snt-uni-lu/DroidRA)
18. [RiskInDroid](https://github.com/ClaudiuGeorgiu/RiskInDroid) - A tool for calculating the risk of Android apps based on their permissions, with online demo available.
19. [SUPER](https://github.com/SUPERAndroidAnalyzer/super) - Secure, Unified, Powerful and Extensible Rust Android Analyzer
20. [ClassyShark](https://github.com/google/android-classyshark) - Standalone binary inspection tool which can browse any Android executable and show important infos.
21. [StaCoAn](https://github.com/vincentcox/StaCoAn) - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool was created with a big focus on usability and graphical guidance in the user interface.
22. [JAADAS](https://github.com/flankerhqd/JAADAS) - Joint intraprocedure and interprocedure program analysis tool to find vulnerabilities in Android apps, built on Soot and Scala
23. ~~[Several tools from PSU](http://siis.cse.psu.edu/tools.html)~~
24. [Quark-Engine](https://github.com/quark-engine/quark-engine) - An Obfuscation-Neglect Android Malware Scoring System
Enjoy! Follow us for more...
No comments:
Post a Comment