[Dica#04] Android Malware Analysis Tools

FORENSICS & REVERSING 

AFLogical – Android forensics tool developed by viaForensics
Amandroid – Is a static analysis framework for Android apps
Android backup extractor – Android backup extractor
Android Loadable Kernel Modules
Android SDK
Android4me – J2ME port of Google’s Android
Android-forensics – Open source Android Forensics app and framework
Android-random – Collection of extended examples for Android developers
Androwarn – Is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application
ApkAnalyser – Static, virtual analysis tool
Apk-extractor – Android Application (.apk) file extractor and Parser for Android Binary XML
Apkinspector – Powerful GUI tool for analysts to analyze the Android applications
Apk-recovery – Recover main resources from your .apk file
Audit tools
bunq fuzzer – Program for testing a mobile app by sending it semi-random inputs
Canhazaxs – A tool for enumerating the access to entries in the file system of an Android device
ConDroid – Symbolic/concolic execution of Android apps
DDMS – Dalvik Debug Monitor Server
Decaf-platform – DECAF Binary Analysis Platform
Device Monitor – Graphical user interface for several Android application debugging and analysis tools
Dexinfo – A very rudimentary Android DEX file parser
Dexter – Static android application analysis tool
Dexterity – Dex manipulation library
Dextools – Miscellaenous DEX (Dalvik Executable) tools
DidFail – Uses static analysis to detect potential leaks of sensitive information within a set of Android apps
Drozer – Comprehensive security audit and attack framework for Android
FindBugs – Find Bugs in Java Programs
Find Security Bugs – The FindBugs plugin for security audits of Java web applications.
FlowDroid – Is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications
Heimdall – Cross-platform open-source tool suite used to flash firmware (aka ROMs) onto Samsung mobile devices
Hidex – Demo application where a method named thisishidden() in class MrHyde is hidden from disassemblers but no called by the app
Hooker – Automated Dynamic Analysis of Android Applications
Maldrolyzer – Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers etc.)
mbfuzzer (Mobile Application Fuzzer via SSL MITM) – Mobile Application Fuzzer via SSL

MITM & NETWORK ANALYSIS

PScout – Analyzing the Android Permission Specification
Scalpel – A surgical debugging tool to uncover the layers under your app
SPARTA – Is building a toolset to verify the security of mobile phone applications
Apk Sign – Sign.jar automatically signs an apk with the Android test certificate.
SIIS Tools – This page contains a list of software tools created by the SIIS lab
Smali – An assembler/disassembler for Android’s dex format
Smali-CFGs – Smali Control Flow Graph’s
SmaliEx – A wrapper to get dex from oat
SmaliSCA – Static Code Analysis for Smali files
Soot – Java Optimization Framework
STAMP – STatic Analysis of Mobile Programs
Systrace – Analyze the performance capturing and displaying execution times of your applications and other Android system processes
TaintDroid – Tracking how apps use sensitive information required
Traceview – Graphical viewer for execution logs saved by your application
Undx – Bytecode translator
XML-apk-parser – Print AndroidManifest.xml directly from apk file

VULNERABILITIES

AndroBugs Framework – Is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
Devknox – Autocorrect security issues as you write code
JAADAS – Joint Advanced Defect assEsment for android applications
QARK – Quick Android Review Kit – This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.
Quixxi – Free automated vulnerability test.
SUPER Android Analyzer – Secure, Unified, Powerful and Extensible Rust Android Analyzer

FUZZING

IntentFuzzer – is a tool that can be used on any device using the Google Android operating system (OS)
Radamsa Fuzzer – An Android port of radamsa fuzzer
Honggfuzz – Security oriented fuzzer with powerful analysis options
Melkor – An Android port of the melkor ELF fuzzer
MFFA – Media Fuzzing Framework for Android
AndroFuzz – A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process

UNPACKERS / DEOBFUSCATORS

Android Unpacker – Android Unpacker presented at Defcon 22 – Android Hacker Protection Level 0
Dehoser – Unpacker for the HoseDex2Jar APK Protection which packs the original file inside the dex header
Kisskiss – Unpacker for various Android packers/protectors
Simplify – Generic Android Deobfuscator
ClassNameDeobfuscator – Simple script to parse through the .smali files produced by apktool and extract the .source annotation lines.

PACKERS / OBFUSCATORS

Allatori
APKfuscator – A generic DEX file obfuscator and munger
APKProtect
Bangcle
DexGuard – Optimizer and obfuscator for Android
HoseDex2Jar – Adds some instructions to the classes.dex file that Dex2Jar can not process
ProGuard – Shrinks, optimizes, and obfuscates the code by removing unused code and renaming classes, fields, and methods with semantically obscure names

REVERSE ENGINEERING 

AndBug – A Scriptable Android Debugger
AndroChef – Java Decompiler apk, dex, jar and java class-files
Androguard – powerful, integrates well with other tools
Android Framework for Exploitation
APK Studio – Android Reverse Engineering Tool By Vaibhav Pandey a.k.a VPZ
Apktool – really useful for compilation/decompilation (uses smali)
ART – GUI for all your decompiling and recompiling needs
Bypass signature and permission checks for IPCs
Android OpenDebug – make any application on device debuggable (using cydia substrate)
Dare – .dex to .class converter
Dava – Decompiler for arbitrary Java bytecode
DecoJer – Java Decompiler
Dex2Jar – dex to jar converter
Dex-decomplier – Dex decompiler
Enjarify – dex to jar converter from Google
Dedexer – is a disassembler tool for DEX files
Fino – Android small footprint inspection tool
Frida – inject javascript to explore applications and a GUI tool for it
Indroid – thread injection kit
IntentSniffer – is a tool that can be used on any device using the Google Android operating system (OS)
Introspy – Blackbox tool to help understand what an Android application is doing at runtime and assist in the identification of potential security issues
JAD – Java decompiler
JADX – Dex to Java decompiler
JD-GUI – Java decompiler
JEB Decompiler – The Interactive Android Decompiler
CFR – Java decompiler
Krakatau – Java decompiler
Luyten – Java Decompiler Gui for Procyon
Procyon – Java decompiler
FernFlower – Java decompiler
Redexer – apk manipulation
Smali viewer
Simplify Android deobfuscator – Generic Android Deobfuscator
Bytecode viewer – A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Radare2 – Unix-like reverse engineering framework and commandline tools
Reverse Android – Reverse-engineering tools for Android applications
Xenotix-APK-Decompiler – APK decompiler powered by dex2jar and JAD
ZjDroid – Android app dynamic reverse tool based on Xposed framework

NETWORK

Android tcpdump
Canape
Nogotofail
ProxyDroid
Wireshark

TOOLKITS

Android Malware Analysis Toolkit
Android Tamer
Androl4b
APK Resource Toolkit
Appie – Android Pentesting Portable Integrated Environment
AppUse
AuditdAndroid
CobraDroid
CuckooDroid
MARA_Framework
Mem
MobiSec
Open Source Android Forensics Toolkit
ProbeDroid
Santoku
Vezir-Project
viaLab Community Edition

FRAMEWORKS

MobSF – Mobile Security Framework
Needle

SANDBOXES

Android Sandbox
AndroTotal
Anubis
APK Analyzer
APP-RAY
AppCritique
Appknox
AVCaesar
AVC UnDroid
CopperDroid
Droidbox
Eacus – MobiSec Lab
HackApp
Mobile Malware Analysis
Mobile Sandbox
NVISO ApkScan
SandDroid
Tracedroid
VisualThreat

Experiência em ambientes open source e Pentesting. Atualmente sou freelancer e sempre aberto para participações em projetos e atividades voltadas ao hacking e análise de malwares. Participe do grupo de discussões no Telegram: https://t.me/MalwareReverseBR

Leave a reply:

Your email address will not be published.