i Android malware analysis tool – Dynamic Analysis Tools – All things in moderation

Android malware analysis tool – Dynamic Analysis Tools

Androl4b
AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

Tools

Radare2 Unix-like reverse engineering framework and commandline tools
Frida Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX.
ByteCodeViewer Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
Mobile Security Framework (MobSF) (Android/iOS) Automated Pentesting Framework (Just Static Analysis in this VM)
Drozer Security Assessment Framework for Android Applications
APKtool Reverse Engineering Android Apks
AndroidStudio IDE For Android Application Development
BurpSuite Assessing Application Security
Wireshark Network Protocol Analyzer
MARA Mobile Application Reverse engineering and Analysis Framework
FindBugs-IDEA Static byte code analysis to look for bugs in Java code
AndroBugs Framework Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications
Qark Tool to look for several security related Android application vulnerabilities

Labs:

Damn Insecure and vulnerable App for Android(DIVA) Vulnerable Android Application
InsecureBankv2 Vulnerable Android Application
Android Security Sandbox An app showcase of some techniques to improve Android app security
GoatDroid A fully functional and self-contained training environment for educating developers and testers on Android security
Sieve: A Password Manager App, showcasing some common Android vulnerabilities

Android Malware Analysis Toolkit
A Linux distro focused on Mobile Malware Analysis for Android.

Mobile-Security-Framework MobSF
Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.

Cobradroid
CobraDroid is a custom build of the Android operating system geared specifically for application security analysts and for individuals dealing with mobile malware. Some features are:
– Configurable radio values (MIED, MDN, IMSI, SIM card serial number, voicemail number)
– Dynamically configurable “build.prop” values
– Configurable SSL certificate validation bypassing
– Enhanced proxy capabilities
– Additional user-space utilities

Droidbox
DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:
– Hashes for the analyzed package
– Incoming/outgoing network data
– File read and write operations
– Started services and loaded classes through DexClassLoader
– Information leaks via the network, file and SMS
– Circumvented permissions
– Cryptographic operations performed using Android API
– Listing broadcast receivers
– Sent SMS and phone calls

Drozer
Drozer (formerly Mercury) is the leading security testing framework for Android.
Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.
Drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).

CuckooDroid
CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files, CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application.

Appie – Android Pentesting Portable Integrated Environment
Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual Machine(VM) or dualboot.
It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android Security Analysis Tool and is a one stop answer for all the tools needed in Android Application Security Assessment, Android Forensics, Android Malware Analysis.

Inspeckage – Android Package Inspector
Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

Features:
Information gathering
– Requested Permissions;
– App Permissions;
– Shared Libraries;
– Exported and Non-exported Activities, Content Providers,Broadcast Receivers and Services;
– Check if the app is debuggable or not;
– Version, UID and GIDs;
– etc..

Fingerprint
– Device fingerprint – advertising id, MAC address, IMEI, release, brand, build mode…
Location
– Change GPS location (without use “Mock location” functionality)
Logcat
Logcat.html page. A experimental page with websocket to show some information from the logcat.
And more. You can read detail in here.

One Response

  1. Mopati Moloi April 16, 2019

Leave a Reply