OWASP Android Security Inspector Toolkit

owasp state Python 3.x Release version GitHub stars

Twitter Follow

Android Security Inspector Toolkit

Description

The general vision of the project is to implement a tool that eliminates difficulties as much as possible so that mobile security enthusiasts / professionals who wish to carry out a security assessment have the necessary tools at their disposal in the simplest and most automated way.

This tool is designed to help in the search for security vulnerabilities in Android applications, full utility all fases for Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST).

Its main goal is to provide easy to use GUI tool multi plataform Windows or Linux environment 100% developed in python, it is friendly to develop custom extensions according to needs.

How to Install

Audience

This Project mainly targets 3 type of audience:

  • Developers (for validate security issues)
  • Security Researchers (for faster finding of the vulnerability)
  • Security enthusiasts (Students who want to learn more about Security)

License

This program is open Source License.

license


Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.


Features

  • APK OBFUSCATE
  • APK INFO
  • APK SEARCH
  • SHARED PREFERENCE
  • LOGCAT
  • PUSH/PULL
  • SQLVIEWER
  • FRIDA GADGETS
  • SHELL
  • OPTIONS

Main features points

  • APK obfuscate: Decompile apk to get the source files.
  • APK info: Show basic information, copy and download files. example: AndroidManifest.
  • APK search: Using keywords search the match in decompiled files.
  • Shared preferences: Allows to see and extract the shared preferences found.
  • Logcat: You can observe and analyze the logs generated by the connected device.
  • Push/pull: Upload and download files to device using interaction with adb.
  • SQLviewer: You can observe and extract the sqlite found on the device.
  • Frida gadgets: Increase your chances of success on non-rooted devices.
  • Shell: Interacts through a shell with the connected device.
  • Options: Configure a proxy, emulator or certificate.

Challenge Top 10 Visibility
Extract APK and Automatic deobfuscate M10: Extraneous Functionality video link
Manual discovery and pre-configured search options into source code M9: Reverse Engineering video link
Frida gadgets automation for advanced evasion options M8: Code Tampering video link
View and filter Logcat M7: Client Code Qualityg video link
Extraction of files / artifacts M2: Insecure Data Storage video link
Interact with ADB commands ... video link
Easy installation/view/delete certificate SSL width only plug & play device ... video link

Screenshots

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.


Latest Sponsors

  • All Individual Supporters
    • Mauricio Urizar
    • Camilo Galdos
    • Hector Flores
    • Darwin Algarin
    • Elysa Garcia