Thursday, January 14, 2016
Android Pentest Tools - DroidBox
2:18:00 PM
Android Pentest, Hackers Tools, Mobile Security, Pentest Tools, Security Tools
No comments
Intro
DroidBox is developed to offer dynamic analysis of Android applications. The following information is described in the results, generated when analysis is complete:
º Hashes for the analyzed package
º Incoming/outgoing network data
º File read and write operations
º Started services and loaded classes through DexClassLoader
º Information leaks via the network, file and SMS
º Circumvented permissions
º Cryptographic operations performed using Android API
º Listing broadcast receivers
º Sent SMS and phone calls
Additionally, two graphs are generated visualizing the behavior of the package. One showing the temporal order of the operations and the other one being a treemap that can be used to check similarity between analyzed packages.
Setup
This is a guide to get DroidBox running. The release has only been tested on Linux and Mac OS. If you do not have the Android SDK, download it from http://developer.android.com/sdk/index.html. The following libraries are required: pylab and matplotlib to provide visualization of the analysis result.
º Export the path for the SDK tools
export PATH=$PATH:/path/to/android-sdk/tools/
export PATH=$PATH:/path/to/android-sdk/platform-tools/
º Download necessary files and uncompress it anywhere
wget https://github.com/pjlantz/droidbox/releases/download/v4.1.1/DroidBox411RC.tar.gz
º Setup a new AVD targeting Android 4.1.2 and choose Nexus 4 as device as well as ARM as CPU type by running:
Android
º Start the emulator with the new AVD:
./startemu.sh <AVD name>
º When emulator has booted up, start analyzing samples (please use the absolute path to the apk):
./droidbox.sh <file.apk> <duration in secs (optional)>
Search
Categories
Popular Posts
-
dotenv loads .env files into process.env for Node.js projects, making it useful for configuration hygiene checks, secret-handling review...
-
In this post, we will explore a Python script designed to parse logs containing url:user:pass data. These logs are instrumental in executin...
-
New bug bounty(vulnerabilities) collector Requirements Chrome with GUI (If you encounter trouble with script execution, check the stat...
-
x64dbg is a Windows user-mode debugger for controlled runtime inspection, breakpoint logic, trace collection and patch validation in autho...
-
As cyber threats evolve, so must our strategies to combat them. The deepdarkCTI project serves as a crucial resource, offering access to a c...
-
GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in mis...
-
As mobile applications become more integral to our daily lives, ensuring their security is paramount. Vulnerabilities in mobile apps can exp...
-
social-analyzer provides API, CLI, and web interfaces for finding and analyzing public profiles across more than 1000 social media and web...
-
Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and sc...
-
RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomai...
Blog Archive
-
►
2026
(3)
- ► 05/24 - 05/31 (3)
-
►
2024
(42)
- ► 05/26 - 06/02 (1)
- ► 05/12 - 05/19 (1)
- ► 05/05 - 05/12 (5)
- ► 03/10 - 03/17 (3)
- ► 02/18 - 02/25 (32)
-
►
2022
(20)
- ► 02/06 - 02/13 (18)
- ► 01/30 - 02/06 (2)
-
►
2018
(69)
- ► 10/14 - 10/21 (4)
- ► 08/26 - 09/02 (7)
- ► 08/12 - 08/19 (4)
- ► 07/15 - 07/22 (2)
- ► 07/08 - 07/15 (6)
- ► 07/01 - 07/08 (3)
- ► 06/17 - 06/24 (2)
- ► 03/04 - 03/11 (2)
- ► 02/18 - 02/25 (1)
- ► 02/04 - 02/11 (3)
- ► 01/28 - 02/04 (7)
- ► 01/21 - 01/28 (6)
- ► 01/14 - 01/21 (12)
- ► 01/07 - 01/14 (10)
-
►
2017
(72)
- ► 12/31 - 01/07 (2)
- ► 12/03 - 12/10 (1)
- ► 11/19 - 11/26 (1)
- ► 11/12 - 11/19 (1)
- ► 10/22 - 10/29 (3)
- ► 10/01 - 10/08 (2)
- ► 09/17 - 09/24 (6)
- ► 09/10 - 09/17 (2)
- ► 09/03 - 09/10 (2)
- ► 08/27 - 09/03 (4)
- ► 07/23 - 07/30 (5)
- ► 07/16 - 07/23 (3)
- ► 06/25 - 07/02 (1)
- ► 06/18 - 06/25 (4)
- ► 05/21 - 05/28 (7)
- ► 05/14 - 05/21 (1)
- ► 05/07 - 05/14 (2)
- ► 04/30 - 05/07 (2)
- ► 04/23 - 04/30 (2)
- ► 04/16 - 04/23 (2)
- ► 03/19 - 03/26 (4)
- ► 01/22 - 01/29 (2)
- ► 01/15 - 01/22 (1)
- ► 01/08 - 01/15 (8)
- ► 01/01 - 01/08 (4)
-
▼
2016
(648)
- ► 12/25 - 01/01 (1)
- ► 12/18 - 12/25 (2)
- ► 12/11 - 12/18 (6)
- ► 12/04 - 12/11 (4)
- ► 11/27 - 12/04 (5)
- ► 11/13 - 11/20 (1)
- ► 11/06 - 11/13 (1)
- ► 10/30 - 11/06 (5)
- ► 10/23 - 10/30 (1)
- ► 10/16 - 10/23 (2)
- ► 10/09 - 10/16 (5)
- ► 10/02 - 10/09 (3)
- ► 09/25 - 10/02 (2)
- ► 09/18 - 09/25 (6)
- ► 09/11 - 09/18 (6)
- ► 09/04 - 09/11 (4)
- ► 08/28 - 09/04 (7)
- ► 08/21 - 08/28 (5)
- ► 08/14 - 08/21 (4)
- ► 08/07 - 08/14 (2)
- ► 07/31 - 08/07 (2)
- ► 07/24 - 07/31 (5)
- ► 07/17 - 07/24 (2)
- ► 07/10 - 07/17 (3)
- ► 07/03 - 07/10 (6)
- ► 06/26 - 07/03 (11)
- ► 06/12 - 06/19 (4)
- ► 06/05 - 06/12 (1)
- ► 05/29 - 06/05 (1)
- ► 05/08 - 05/15 (4)
- ► 04/24 - 05/01 (8)
- ► 04/17 - 04/24 (5)
- ► 04/10 - 04/17 (1)
- ► 04/03 - 04/10 (8)
- ► 03/27 - 04/03 (1)
- ► 03/20 - 03/27 (5)
- ► 03/13 - 03/20 (1)
- ► 03/06 - 03/13 (12)
- ► 02/28 - 03/06 (14)
- ► 02/21 - 02/28 (11)
- ► 02/14 - 02/21 (12)
- ► 02/07 - 02/14 (13)
- ► 01/31 - 02/07 (121)
- ► 01/24 - 01/31 (34)
- ► 01/17 - 01/24 (58)
-
▼
01/10 - 01/17
(59)
- RAT - Dendroid
- We Are Legion - The Story of the Hacktivists Docum...
- TPB AFK - The Pirate Bay Away From Keyboard
- DEFCON - The Full Documentary
- Hacker Documentary - Hackers Are People Too
- Revolution OS - Documentary about the Linux System...
- SimplyEmail - Email Recon Made Fast And Easy, With...
- RootHelper - A Bash Script That Downloads And Unzi...
- Antitrust - (Ameaça Virtual)
- Killchain - A Unified Console To Perform The "Kill...
- squitch pentest – A simple and small pentesting li...
- CAINE 7.0 - DeepSpace 64bit
- F.H.C - FORENSIC LIVE CD IMAGER
- OWASP - Droid Fusion
- Android Pentest Tools - Bugtroid
- SPF - Smartphone Pentest Framework
- Revenssis - Smartphone Pentest Suite
- Reverse engineering - Androguard
- ASEF - Android Security Evaluation Framework
- Android Pentest Tools - drozer
- Framework - Android Device Testing (dtf)
- Android Pentest Tools - Shark for Root
- AppUse – Android Pentest Platform Unified Standalo...
- Android Pentest Tools - dSploit
- Android Pentest Tools - Droid Sheep
- Android Pentest Tools - zANTI
- Android Pentest Tools - DroidBox
- Android Pentest Tools - APKInspector
- Android Pentest Tools - Androrat
- Android Pentest Tools - Hackode
- Veneno no céu? - Aviões do governo estão pulveriza...
- Download - Php shell
- Download - ExploitPack
- BSQLinjector - Blind SQL Injection Exploitation Tool
- Distro - Weakerth4n
- Distro - Knoppix STD
- Distro - Blackbuntu
- Distro - GnackTrack
- Distro - Pentoo for pentesters
- Distro - NodeZero
- Ditro - Bugtraq
- Distro - Network Security Toolkit (NST)
- Distro - Samurai Web Security Framework
- Distro - Live Hacking OS
- DEFT - Linux Cyber Forensics
- PHLAK - Professional Hacker’s Linux Assault Kit
- Operator - Linux
- ZombEye - IRC Botnet
- BackdoorMe - Powerful Auto-Backdooring Utility
- Mastering Kali Linux - For Advanced Penetration Te...
- The Hacker Playbook 2 - Practical Guide To Penetra...
- DAws - Advanced Web Shell
- Hackazon - A Modern Vulnerable Web App
- Intercepting Proxy - The Pappy Proxy
- Documentary - DEFCON And Movie The Algorithm
- Documentary Prohibited - BBC About The REDE ESGOT...
- Well come to the planet earth
- Violent Python - A Cookbook for Hackers, Forensic ...
- SAML Raider - SAML2 Burp Extension
- ► 01/03 - 01/10 (174)
-
►
2015
(26)
- ► 12/27 - 01/03 (1)
- ► 08/30 - 09/06 (8)
- ► 08/23 - 08/30 (16)
- ► 08/16 - 08/23 (1)
Home
Privacy Center
Data Protection
Community
Digital Policy
Security Tools
Online Utilities
Resources
Search Operators
Library



0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.