Android Arsenal – Dynamic analysis tools – Penetration Testing

Android HookerHooker is an opensource project for dynamic analyses of Android applications. This project provides various tools and applications that can be use to automatically intercept and modify any API calls made by a targeted application.

It leverages Android Substrate framework to intercept these calls and aggregate all their contextual information (parameters, returned values, …). Collected information can either be stored in a ElasticSearch or in JSON files.

A set of python scripts is also provided to automatize the execution of an analysis to collect any API calls made by a set of applications.

AppAuditOnline tool ( including an API) uses dynamic and static analysis to detect hidden data leaks in an application .

BareDroidBareDroid allows for bare-metal analysis on Android devices. See the paper here

CuckooDroidCuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files, CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application.

DroidboxDroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:

Hashes for the analyzed package

Incoming/outgoing network data

File read and write operations

Started services and loaded classes through DexClassLoader

Information leaks via the network, file and SMS

Circumvented permissions

Cryptographic operations performed using Android API

Listing broadcast receivers

Sent SMS and phone calls

Additionally, two graphs are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.

Droid-FFDroid-FF is an Android File Fuzzing Framework

drozer helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.

MarvinMarvin is a system that analyzes Android applications in search of vulnerabilities and allows tracking of an app through its version history.

It is composed of 4 subsystems:

Marvin-django: The web application frontend for use and adminsitration of Marvin (this repostory). It includes a bayesian classifier that provides a probability estimation of a given Android app being malware.

Marvin-static-Analyzer: A static code analysis system that uses Androguard and Static Android Analysis Framework (SAAF).

Marvin-dynamic-Analyzer: A dynamic code analysis system that uses Android x86-emulators and Open Nebula virtualization to find vulnerabilities automatically

Marvin-toqueton: An automated GUI testing tool developed to assist Marvin’s dynamic code analysis.

A Marvin user’s guide is provided in the docs folder of this repository.

InspeckageInspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

PATDroidPATDroid is a collection of tools and data structures for analyzing Android applications and the system itself. We intend to build it as a common base for developing novel mobile software debugging, refactoring, reverse engineering tools.

The post Android Arsenal – Dynamic analysis tools appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s