AI Summary: The Android Unpacker tool facilitates the reverse engineering and unpacking of Android applications protected by various obfuscation techniques, including APKProtect and Bangcle. Its notable features include a native unpacker that operates without dependencies on GDB, scripts for unpacking specific protections, and methods for hiding debugging environments from detection. This tool is primarily intended for educational and research purposes in the field of malware analysis.

README

android-unpacker

Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0

AI Summary: Android Unpinner is a tool designed to facilitate the removal of SSL certificate pinning from Android APKs without requiring root access. Utilizing the Frida framework, it modifies only the AndroidManifest.xml file to enable debugging, while dynamically injecting a Frida Gadget via ADB to perform the unpinning process. The tool is equipped with comprehensive dependencies for cross-platform use and supports handling XAPKs by extracting and installing split APKs effectively.

AI Summary: Androl4b is an Android security virtual machine based on Ubuntu Mate, designed for reverse engineering and malware analysis, incorporating a comprehensive suite of tools and resources. It features updated frameworks, hands-on labs, and various security assessment tools like Radare2, Frida, and MobSF, facilitating both static and dynamic analysis of Android applications. The environment is tailored for security researchers and developers to enhance their understanding and skills in Android security.

AI Summary: Andromeda is a performance-oriented tool designed for accelerating the initial reverse engineering of Android applications, leveraging its C/C++ implementation. It aims to simplify the analysis process with a straightforward command-line interface, making it accessible for security researchers and developers. Currently in early development, Andromeda highlights the potential for speed improvements over alternative solutions in the same domain.

README

Andromeda makes initial reverse engineering work of Android applications bit faster and easier. Compared to other alternatives, it’s written in C/C++ and has a noticeable performance advantage.

AI Summary: AndroRAT is a remote access tool for Android devices that allows users to control and retrieve information from the device. Its primary use case includes monitoring and managing Android systems covertly, featuring capabilities such as persistent backdoor access, audio and video recording, and obtaining device location and SIM details. Notably, AndroRAT consists of a client/server architecture implemented in Java for Android and Python for the server side, enabling it to run on a wide range of Android versions from 4.1 to 9.0, with additional functionalities on Android 10.

AI Summary: AndroRAT is a Remote Administration Tool designed for Android devices, enabling the remote control and data retrieval from the Android system. Key functionalities include accessing contacts, call logs, messages, GPS location, and multimedia capabilities like capturing photos and streaming audio and video. The tool operates as a background service triggered by SMS or calls, providing a comprehensive suite for remote monitoring and management.

README

AndroRAT

Remote Administration Tool for Android

AI Summary: AngryOxide is a Rust-based 802.11 attack tool designed for penetration testing and WiFi exploitation research. It provides an active state-based attack engine that retrieves EAPOL messages from access points and clients, with features such as target filtering, auto-hunting capability, and GPS integration for geo-fencing. The tool is equipped with a terminal UI, headless operation mode, and a variety of automated attacks aimed at retrieving cryptographic data for later cracking with tools like Hashcat.

AI Summary: Anthropic Cybersecurity Skills is an extensive open-source repository that provides AI agents access to 753 structured cybersecurity skills across 26 domains, offering capabilities such as memory forensics and Kubernetes RBAC auditing. The skills adhere to the agentskills.io standard, featuring a YAML structure for quick discovery and are fully mapped to MITRE ATT&CK and aligned with NIST CSF 2.0, enabling AI agents to perform advanced security tasks with enhanced contextual knowledge. This tool simplifies installation and empowers various platforms like Claude Code and GitHub Copilot to integrate these capabilities efficiently.

AI Summary: The anti-emulator tool is designed to detect emulated Android environments, leveraging various detection techniques inspired by both malware behavior and innovative methodologies. It serves primarily for educational and research purposes in the context of malware analysis and reversing, offering a collection of detection mechanisms while promoting responsible use. The project includes both source code and supportive materials, such as presentation slides from its initial unveiling.

README

anti-emulator

Android Anti-Emulator, originally presented at HitCon 2013: “Dex Education 201: Anti-Emulation”

AI Summary: The AntiCheat-Testing-Framework is a comprehensive tool designed for testing and analyzing various anti-cheat mechanisms in the gaming industry. It provides a modular architecture with several integrated modules, allowing users to customize their setup for specific testing purposes. This framework aims to democratize knowledge in the field of anti-cheat research, facilitating both learning and practical application.

README

AntiCheat-Testing-Framework

Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. The entry level to reverse AntiCheats and Cheats is quite high, therefore, I’m realeasing all the code I developed during my research. The main idea is to help people and motive them to get into this topic which is really interesting and there is a lot to research about it.

AI Summary: AntiDBG is a tool designed for implementing various anti-debugging techniques on Windows, categorized by methods such as memory, CPU, timing, and forced exceptions. The primary use case is to create self-contained checks that automatically detach debuggers, enhancing the security of applications against reverse engineering. Notable features include a simple API for integration, a testing application named The Gauntlet to evaluate resistance against these techniques, and an emphasis on readability for educational purposes.

AI Summary: Antivmdetection is a utility script designed to obscure virtual machine (VM) detection techniques by modifying settings within VirtualBox without altering its base. Its primary use case is for enhancing the anonymity of VMs by generating a shell template for host-side modifications and a Windows PowerShell script for guest-side adjustments, addressing various malware fingerprinting methods. Notable features include the ability to automate the configuration process while maintaining compatibility across VirtualBox updates and generating necessary scripts for both host and VM installations.

AI Summary: API Security Empire is a comprehensive resource designed for enhancing API security and conducting penetration testing, featuring mindmaps, tips, and tools based on OWASP TOP 10 API guidelines. It covers information gathering, advanced recon techniques, and detailed methodologies for attacking RESTful, SOAP, and GraphQL APIs. Notable features include updated mindmaps in various formats, a curated list of essential tools, and practical exercises to test penetration skills.

README

🛡️ API Security Empire

Project Credits: Momen Eldawakhly (Cyber Guy)

🚪 First gate: {{Recon}}

The first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:

AI Summary: GitGuardian offers a proactive solution for developers to detect and mitigate the exposure of sensitive API secrets, database credentials, and certificates in real-time within their GitHub repositories. Notable features include immediate alerts upon detecting potential leaks before the git process completes, along with comprehensive resources for best development practices and leak mitigation strategies.

README

GitGuardian Documentation and Resources

This repository provides resources for developers to keep their secrets secret.

AI Summary: apk.sh is a Bash script designed to streamline the reverse engineering of Android applications by automating tasks such as pulling, decoding, rebuilding, and patching APK files. It incorporates apktool for disassembling and reassembling resources, supports direct bytecode manipulation to prevent decompilation errors, and facilitates the integration of the frida-gadget for dynamic analysis without requiring a rooted device. Notable features include support for app bundles, multi-architecture compatibility, and code signing.

AI Summary: APKHunt is a static code analysis tool specifically designed for Android applications, leveraging the OWASP MASVS framework to identify and rectify security vulnerabilities. It offers comprehensive scanning capabilities, including support for multiple APK files, a low false-positive rate, and optimized rules for accurate vulnerability detection, making it suitable for both mobile developers and security testers. Notably, it produces results in a user-friendly TXT format and is tailored for Linux environments.

AI Summary: APKiD is a tool designed to analyze Android APK files by identifying various compilers, packers, and obfuscators used in their creation, functioning similarly to PEiD for Windows applications. It supports configurable scanning options, outputs results in JSON format, and facilitates contributions for recognizing additional packaging methods. The tool is primarily used for Android security analysis, aiding in the detection of pirated or malicious applications.

README

APKiD

AI Summary: APKLeaks is an automated tool for scanning Android APK files to identify potentially sensitive information such as URIs, endpoints, and secrets. It integrates with the JADX disassembler for decompilation and offers customizable pattern matching through user-defined JSON files, alongside various output options, including text and JSON formats. Key features include support for disassembler arguments, making it flexible for advanced usage scenarios in security assessments of mobile applications.

README

APKLeaks

AI Summary: APK Studio is an open-source, cross-platform Integrated Development Environment (IDE) designed for reverse-engineering Android application packages (APKs). Its notable features include a built-in code editor with syntax highlighting for smali and other file types, automatic installation of essential tools, and support for manufacturer-specific frameworks, making it a comprehensive tool for decompiling, recompiling, and signing APKs. Additionally, APK Studio supports command-line operations, theming, and provides quick search functionalities across projects, enhancing the user experience for developers and analysts.

AI Summary: ApkUrlGrep is a tool designed for extracting endpoints from APK files. Its primary use case is to facilitate the analysis of mobile applications by identifying URLs and their paths embedded within the app. Notable features include the ability to output both the discovered URLs and their corresponding paths, making it a valuable resource for security researchers and penetration testers.

README

ApkUrlGrep

Tool that allow extract endpoints from APK files

AI Summary: The “hack-different/apple-knowledge” repository hosts a compilation of reverse-engineered Apple data formats and protocols, primarily serving as a resource for jailbreak developers and hobbyists. Notable features include the availability of YAML files for machine-readable data, a collection of binary analysis and modification tools, and a Homebrew tap for easy installation of jailbreak-related utilities. The project emphasizes adherence to copyright laws while encouraging community contributions.

README

Apple Data Formats and Knowledge

A collection of reverse engineered Apple formats, protocols, or other interesting bits.

AI Summary: AppleNeuralHash2ONNX is a tool that converts Apple’s NeuralHash model, used for CSAM detection, into the ONNX format, allowing for greater integration and use in various deep learning frameworks. Notable features include the ability to tolerate image resizing and compression, and a comprehensive conversion process that includes decoding model components stored in LZFSE format. The repository also provides a demo script for testing the converted model’s functionality.

README

AppleNeuralHash2ONNX

Convert Apple NeuralHash model for CSAM Detection to ONNX.

AI Summary: Microsoft Application Inspector is a source code characterization tool that identifies the features of software components by analyzing code against over 400 rules and regex patterns. Its primary use case lies in aiding users to understand the behavior of both open-source and proprietary codebases, particularly in security contexts, without making determinations of “good” or “bad” practices. It supports multiple programming languages and can generate outputs in various formats, enhancing transparency in software analysis.

AI Summary: AppMon is an automated framework designed for monitoring and tampering system API calls in native macOS, iOS, and Android applications, leveraging the capabilities of Frida. Its primary use case includes intercepting API calls to analyze app behavior and manipulating these calls to alter the original application functionalities. Notable features encompass an API sniffer, an intruder for data manipulation, an Android tracer for analyzing APKs, and tools for creating inspectable IPAs and APKs on non-jailbroken and non-rooted devices respectively.

AI Summary: AppVerifier is a tool designed for verifying the authenticity of mobile applications by comparing their package names and signing certificate hashes against provided or internally stored information. Its primary use case is to ensure users can confirm the genuineness of apps and share verification results with others efficiently. Notable features include a user-friendly interface for sharing and receiving verification information and compatibility with the Accrescent app store for enhanced security during downloads.