[Dica#04] Android Malware Analysis Tools


AFLogical – Android forensics tool developed by viaForensics
Amandroid – Is a static analysis framework for Android apps
Android backup extractor – Android backup extractor
Android Loadable Kernel Modules
Android SDK
Android4me – J2ME port of Google’s Android
Android-forensics – Open source Android Forensics app and framework
Android-random – Collection of extended examples for Android developers
Androwarn – Is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application
ApkAnalyser – Static, virtual analysis tool
Apk-extractor – Android Application (.apk) file extractor and Parser for Android Binary XML
Apkinspector – Powerful GUI tool for analysts to analyze the Android applications
Apk-recovery – Recover main resources from your .apk file
Audit tools
bunq fuzzer – Program for testing a mobile app by sending it semi-random inputs
Canhazaxs – A tool for enumerating the access to entries in the file system of an Android device
ConDroid – Symbolic/concolic execution of Android apps
DDMS – Dalvik Debug Monitor Server
Decaf-platform – DECAF Binary Analysis Platform
Device Monitor – Graphical user interface for several Android application debugging and analysis tools
Dexinfo – A very rudimentary Android DEX file parser
Dexter – Static android application analysis tool
Dexterity – Dex manipulation library
Dextools – Miscellaenous DEX (Dalvik Executable) tools
DidFail – Uses static analysis to detect potential leaks of sensitive information within a set of Android apps
Drozer – Comprehensive security audit and attack framework for Android
FindBugs – Find Bugs in Java Programs
Find Security Bugs – The FindBugs plugin for security audits of Java web applications.
FlowDroid – Is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications
Heimdall – Cross-platform open-source tool suite used to flash firmware (aka ROMs) onto Samsung mobile devices
Hidex – Demo application where a method named thisishidden() in class MrHyde is hidden from disassemblers but no called by the app
Hooker – Automated Dynamic Analysis of Android Applications
Maldrolyzer – Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers etc.)
mbfuzzer (Mobile Application Fuzzer via SSL MITM) – Mobile Application Fuzzer via SSL


PScout – Analyzing the Android Permission Specification
Scalpel – A surgical debugging tool to uncover the layers under your app
SPARTA – Is building a toolset to verify the security of mobile phone applications
Apk Sign – Sign.jar automatically signs an apk with the Android test certificate.
SIIS Tools – This page contains a list of software tools created by the SIIS lab
Smali – An assembler/disassembler for Android’s dex format
Smali-CFGs – Smali Control Flow Graph’s
SmaliEx – A wrapper to get dex from oat
SmaliSCA – Static Code Analysis for Smali files
Soot – Java Optimization Framework
STAMP – STatic Analysis of Mobile Programs
Systrace – Analyze the performance capturing and displaying execution times of your applications and other Android system processes
TaintDroid – Tracking how apps use sensitive information required
Traceview – Graphical viewer for execution logs saved by your application
Undx – Bytecode translator
XML-apk-parser – Print AndroidManifest.xml directly from apk file


AndroBugs Framework – Is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
Devknox – Autocorrect security issues as you write code
JAADAS – Joint Advanced Defect assEsment for android applications
QARK – Quick Android Review Kit – This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.
Quixxi – Free automated vulnerability test.
SUPER Android Analyzer – Secure, Unified, Powerful and Extensible Rust Android Analyzer


IntentFuzzer – is a tool that can be used on any device using the Google Android operating system (OS)
Radamsa Fuzzer – An Android port of radamsa fuzzer
Honggfuzz – Security oriented fuzzer with powerful analysis options
Melkor – An Android port of the melkor ELF fuzzer
MFFA – Media Fuzzing Framework for Android
AndroFuzz – A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process


Android Unpacker – Android Unpacker presented at Defcon 22 – Android Hacker Protection Level 0
Dehoser – Unpacker for the HoseDex2Jar APK Protection which packs the original file inside the dex header
Kisskiss – Unpacker for various Android packers/protectors
Simplify – Generic Android Deobfuscator
ClassNameDeobfuscator – Simple script to parse through the .smali files produced by apktool and extract the .source annotation lines.


APKfuscator – A generic DEX file obfuscator and munger
DexGuard – Optimizer and obfuscator for Android
HoseDex2Jar – Adds some instructions to the classes.dex file that Dex2Jar can not process
ProGuard – Shrinks, optimizes, and obfuscates the code by removing unused code and renaming classes, fields, and methods with semantically obscure names


AndBug – A Scriptable Android Debugger
AndroChef – Java Decompiler apk, dex, jar and java class-files
Androguard – powerful, integrates well with other tools
Android Framework for Exploitation
APK Studio – Android Reverse Engineering Tool By Vaibhav Pandey a.k.a VPZ
Apktool – really useful for compilation/decompilation (uses smali)
ART – GUI for all your decompiling and recompiling needs
Bypass signature and permission checks for IPCs
Android OpenDebug – make any application on device debuggable (using cydia substrate)
Dare – .dex to .class converter
Dava – Decompiler for arbitrary Java bytecode
DecoJer – Java Decompiler
Dex2Jar – dex to jar converter
Dex-decomplier – Dex decompiler
Enjarify – dex to jar converter from Google
Dedexer – is a disassembler tool for DEX files
Fino – Android small footprint inspection tool
Frida – inject javascript to explore applications and a GUI tool for it
Indroid – thread injection kit
IntentSniffer – is a tool that can be used on any device using the Google Android operating system (OS)
Introspy – Blackbox tool to help understand what an Android application is doing at runtime and assist in the identification of potential security issues
JAD – Java decompiler
JADX – Dex to Java decompiler
JD-GUI – Java decompiler
JEB Decompiler – The Interactive Android Decompiler
CFR – Java decompiler
Krakatau – Java decompiler
Luyten – Java Decompiler Gui for Procyon
Procyon – Java decompiler
FernFlower – Java decompiler
Redexer – apk manipulation
Smali viewer
Simplify Android deobfuscator – Generic Android Deobfuscator
Bytecode viewer – A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Radare2 – Unix-like reverse engineering framework and commandline tools
Reverse Android – Reverse-engineering tools for Android applications
Xenotix-APK-Decompiler – APK decompiler powered by dex2jar and JAD
ZjDroid – Android app dynamic reverse tool based on Xposed framework


Android tcpdump


Android Malware Analysis Toolkit
Android Tamer
APK Resource Toolkit
Appie – Android Pentesting Portable Integrated Environment
Open Source Android Forensics Toolkit
viaLab Community Edition


MobSF – Mobile Security Framework


Android Sandbox
APK Analyzer
AVC UnDroid
Eacus – MobiSec Lab
Mobile Malware Analysis
Mobile Sandbox

Experiência em ambientes open source e Pentesting. Atualmente sou freelancer e sempre aberto para participações em projetos e atividades voltadas ao hacking e análise de malwares. Participe do grupo de discussões no Telegram: https://t.me/MalwareReverseBR

Leave a reply:

Your email address will not be published.