8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
50.6%
A curated list of Android Security materials and resources For Pentesters and Bug Hunters.
Blog
How Toβs
Paper
Books
Course
Tools
Static Analysis
quark-engine - An Obfuscation-Neglect Android Malware Scoring System
Droid Hunter β Android application vulnerability analysis and Android pentest tool
Find Security Bugs β A SpotBugs plugin for security audits of Java web applications.
Smali/Baksmali β Assembler/Disassembler for the dex format
SPARTA β Static Program Analysis for Reliable Trusted Apps
Infer β A Static Analysis tool for Java, C, C++ and Objective-C
Android Check β Static Code analysis plugin for Android Project
FindBugs-IDEA Static byte code analysis to look for bugs in Java code
APK Leaks β Scanning APK file for URIs, endpoints & secrets
Trueseeing β fast, accurate and resillient vulnerabilities scanner for Android apps
StaCoAn β crossplatform tool which aids developers, bugbounty hunters and ethical hackers
Dynamic Analysis
Online APK Analyzers
Online APK Decompiler
Labs
Talks
Misc
Bug Bounty & Writeup
Cheat Sheet
github.com/ac-pm/Inspeckage
github.com/antojoseph/droid-ff
github.com/appknox/vulnerable-application
github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md
github.com/checkstyle/checkstyle
github.com/CSPF-Founder/DodoVulnerableBank
github.com/CyberScions/Digitalbank
github.com/dan7800/VulnerableAndroidAppOracle
github.com/den4uk/andriller
github.com/dineshshetty/Android-InsecureBankv2
github.com/dwisiswant0/apkleaks
github.com/EugenioDelfa/Smali-CFGs
github.com/facebook/infer
github.com/find-sec-bugs/find-sec-bugs/
github.com/FSecureLABS/drozer
github.com/google/error-prone
github.com/hahwul/droid-hunter
github.com/htbridge/pivaa
github.com/JesusFreke/smali
github.com/Lance0312/VulnApp
github.com/linkedin/qark
github.com/logicalhacking/DVHMA
github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
github.com/maaaaz/androwarn/
github.com/Magpol/fridafde
github.com/mingyuan-xia/PATDroid
github.com/MobSF/Mobile-Security-Framework-MobSF
github.com/monolithworks/trueseeing
github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk
github.com/nelenkov/android-device-check
github.com/noveogroup/android-check
github.com/novoda/gradle-static-analysis-plugin
github.com/oversecured/ovaa
github.com/OWASP/owasp-mstg/tree/master/Crackmes
github.com/OWASP/SecurityShepherd
github.com/PaulSec/Shodan.io-mobile-app
github.com/payatu/diva-android
github.com/pmd/pmd
github.com/pwittchen/android-quality-starter
github.com/quark-engine/quark-engine
github.com/radareorg/radare2
github.com/rafaeltoledo/android-security
github.com/Sable/soot
github.com/saeidshirazi/awesome-android-security
github.com/secure-software-engineering/FlowDroid
github.com/SecurityCompass/AndroidLabs
github.com/sh4hin/Androl4b
github.com/sh4hin/MobileApp-Pentest-Cheatsheet
github.com/shahenshah99/VulnDroid
github.com/shroudedcode/apk-mitm
github.com/sk3ptre/AndroidMalware_2018
github.com/sk3ptre/AndroidMalware_2019
github.com/sk3ptre/AndroidMalware_2020
github.com/skylot/jadx/releases
github.com/topjohnwu/Magisk5
github.com/vincentcox/StaCoAn
ibotpeaches.github.io/Apktool/
maddiestone.github.io/AndroidAppRE/
nightowl131.github.io/AAPG/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
50.6%