AI Summary: AndroRAT is a remote access tool for Android devices that allows users to control and retrieve information from the device. Its primary use case includes monitoring and managing Android systems covertly, featuring capabilities such as persistent backdoor access, audio and video recording, and obtaining device location and SIM details. Notably, AndroRAT consists of a client/server architecture implemented in Java for Android and Python for the server side, enabling it to run on a wide range of Android versions from 4.1 to 9.0, with additional functionalities on Android 10.

AI Summary: AndroRAT is a Remote Administration Tool designed for Android devices, enabling the remote control and data retrieval from the Android system. Key functionalities include accessing contacts, call logs, messages, GPS location, and multimedia capabilities like capturing photos and streaming audio and video. The tool operates as a background service triggered by SMS or calls, providing a comprehensive suite for remote monitoring and management.

README

AndroRAT

Remote Administration Tool for Android

AI Summary: The anti-emulator tool is designed to detect emulated Android environments, leveraging various detection techniques inspired by both malware behavior and innovative methodologies. It serves primarily for educational and research purposes in the context of malware analysis and reversing, offering a collection of detection mechanisms while promoting responsible use. The project includes both source code and supportive materials, such as presentation slides from its initial unveiling.

README

anti-emulator

Android Anti-Emulator, originally presented at HitCon 2013: “Dex Education 201: Anti-Emulation”

AI Summary: BinAbsInspector is a static analysis tool designed for automated reverse engineering and vulnerability scanning of binary files, utilizing abstract interpretation and integrating with Ghidra. It supports multiple architectures including x86, x64, armv7, and aarch64, and can operate in headless mode, GUI mode, or within a Docker environment. Notable features include customizable analysis parameters, Z3 integration for constraint solving, and the ability to output results in JSON format.

README

What is BinAbsInspector?

BinAbsInspector (Binary Abstract Inspector) is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries, which is a long-term research project incubated at Keenlab. It is based on abstract interpretation with the support from Ghidra. It works on Ghidra’s Pcode instead of assembly. Currently it supports binaries on x86,x64, armv7 and aarch64.

AI Summary: Burp Bounty is a Burp Suite extension designed to enhance both active and passive scanning capabilities by allowing users to create personalized scanning rules through an intuitive graphical interface. The tool offers advanced pattern search and payload improvement features to build custom issue profiles, catering to automated and manual penetration testing workflows. A notable aspect is the availability of profiles shared by the community, which further augments its functionality.

AI Summary: BurpCrypto is a collection of encryption plugins for Burp Suite, supporting multiple encryption algorithms including AES, RSA, and DES, as well as the execution of JavaScript code for encryption tasks. Its primary use case is to enhance the capabilities of security professionals by allowing them to integrate cryptographic functions directly into their testing workflows. Notable features include a user-friendly interface for key management and seamless integration with Burp Suite’s payload processing system.

AI Summary: BurpGPT is an advanced security extension that integrates with Burp Suite to analyze web traffic using AI-driven techniques, specifically utilizing OpenAI’s models to uncover security vulnerabilities that conventional scanners may overlook. Its notable features include customizable prompts for tailored analysis, automated report generation summarizing potential security issues, and granular control over the analysis parameters. This tool streamlines the vulnerability assessment process, improving the efficiency and accuracy of security professionals while handling the complexities of web application security.

AI Summary: The CVE-2021-44228-PoC-log4j-bypass-words tool demonstrates various methods to exploit the Apache Log4j vulnerability, specifically focusing on bypassing WAF protections and patched versions. It provides multiple techniques, including the use of system environment variables, case manipulation, and invalid Unicode to obfuscate the exploit strings. Notable features include dynamic manipulation of Java naming lookups and the ability to use non-existent lookups for stealthy exploitation attempts.

README

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on

🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks

📝 Description

CVE-2021-44228 works on:

AI Summary: Damn Vulnerable Bank is an intentionally vulnerable Android application designed to educate users on security flaws in banking apps. Its primary use case is for security professionals and developers to explore various vulnerabilities, such as root detection and insecure storage, by interacting with features like user registration, fund transfers, and transaction history. Notable features include fingerprint and PIN verification for transactions, as well as a gamified approach to discovering hidden vulnerabilities within the app.

AI Summary: dpt-shell is an Android Dex protection tool designed to hollow out method implementations within DEX files, facilitating runtime reconstruction for enhanced protection of Android applications. Primary use cases include securing APKs and AABs against reverse engineering, with notable features such as customizable protection configurations, exclusion of specific ABIs, and the ability to dump DEX code items for analysis.

README

dpt-shell

English | 简体中文

dpt-shell is an Android Dex protection shell that hollows out Dex method implementations and reconstructs them at runtime.

AI Summary: Fernflower is an analytical decompiler for Java, capable of converting compiled Java class files back into human-readable source code. It is integrated within IntelliJ IDEA for debugging and navigation, and can also be executed from the command line to decompile class files, ZIPs, and JARs, offering numerous customizable command-line options to fine-tune the decompilation process. Notable features include support for decompiling inner classes, handling generic signatures, and options for renaming identifiers based on debugging information.

AI Summary: Fofa Viewer is a user-friendly FOFA client developed in JavaFX, designed for cybersecurity professionals to efficiently search for vulnerabilities on target websites using the FOFA search engine. Key features include multi-tab query result display, Excel export capabilities, intelligent input suggestions, and advanced functionalities such as certificate conversion and exclusion of honeypots for premium members. This tool streamlines the information gathering process for penetration testers with its robust API integration and customizable configurations.

AI Summary: GDA (GJoy Dex Analyzer) is a powerful Dalvik bytecode decompiler designed for fast analysis of APK, DEX, ODEX, OAT, JAR, CLASS, and AAR files, with minimal memory and disk consumption. It features advanced capabilities including malicious behavior detection, vulnerability scanning, path solving, and deobfuscation, as well as various utilities for interactive operation and assisted analysis. GDA operates natively without requiring a Java VM, making it suitable for use on various Windows systems and virtual machines.

AI Summary: JADX-AI-MCP is a fully automated server and plugin designed for analyzing Android APK files via large language models (LLMs) such as Claude, enabling efficient vulnerability discovery, APK analysis, and reverse engineering. Key features include seamless MCC communication and integration with powerful LLMs to enhance static analysis and security assessments within the Android development ecosystem.

README

AI Summary: JByteMod-Beta is a multifunctional bytecode editor designed for manipulating Java bytecode with features such as syntax highlighting, live decompiling, and method graphing. Its primary use case is for developers seeking to analyze and edit Java .jar or .class files efficiently. Notable features include a plugin architecture for extending functionality, integration with popular decompilers like Procyon and Fernflower, and a user-friendly command-line interface.

README

JByteMod-Beta

JByteMod is a multifunctional bytecode editor with syntax highlighting and live decompiling and method graphing. The successor of JByteMod: https://github.com/GraxCode/Cafebabe

AI Summary: JNDI-Injection-Exploit-Plus is a comprehensive tool designed for generating operational JNDI links, facilitating background services with RMI, LDAP, and HTTP servers to test vulnerabilities effectively. It enhances the functionality of standard JNDI exploit tools by offering additional remote and local reference gadgets, support for multiple JDK versions, and the capability to create base64 and hex payloads, making it a robust resource for security testing. With over 75 deserialization gadgets included, it provides a diverse set of options for vulnerability assessments.

AI Summary: jSQL Injection is a lightweight, open-source tool designed for identifying database information from servers, optimized for penetration testing. It is cross-platform, supporting Windows, Linux, and Mac with Java compatibility from versions 21 to 25, and is integrated into various security-focused distributions such as Kali Linux. Notable features include a user-friendly interface, support for multiple database engines, and comprehensive testing functionalities, making it suitable for both novice and experienced security analysts.

AI Summary: NoPE Proxy is a Burp Suite extension that facilitates the interception and analysis of TCP and UDP traffic, including non-HTTP protocols. Its notable features include a configurable DNS server that routes traffic to Burp, support for multiple listening ports for man-in-the-middle (MiTM) connections, and the ability to define match and replace rules for traffic manipulation. This tool is especially useful for security testing of mobile applications and thick clients, allowing seamless traffic analysis and modification.

AI Summary: OpenPods is a free and open-source Android application designed for monitoring Apple AirPods connectivity and status. It features real-time notifications for connected AirPods, privacy-respecting functionality, and support for a dark theme, while being compatible with multiple generations of AirPods and Beats headphones. The tool explicitly violates Google Play policies, hence it is not intended for distribution on that platform.

README

OpenPods

The Free and Open Source app for monitoring your AirPods on Android

AI Summary: Recaf is a modern Java bytecode editor designed to simplify the editing and manipulation of Java and Android bytecode by abstracting complex details. Key features include a user-friendly interface, support for multiple decompilers, built-in bytecode compiling and assembling, advanced search capabilities, and tools for code deobfuscation. Additionally, it allows users to script and extend functionality through plugins, and can operate as a command line application for automated processes.

AI Summary: The remote-method-guesser (rmg) is a Java RMI vulnerability scanner designed to identify and verify common security vulnerabilities on Java RMI endpoints. It features practical examples, including servers that facilitate testing for standard RMI services, SSRF attacks, and Spring Remoting integration, making it a valuable tool for penetration testers and security researchers. The tool’s compatibility with Docker allows for efficient setup and execution of security assessments in isolated environments.

AI Summary: Simplify is a generic Android deobfuscator that virtually executes obfuscated apps to enhance code readability while preserving their functional behavior. It operates through a combination of smalivm, which simulates Dalvik method execution, and simplify, which optimizes execution graphs by applying techniques such as constant propagation and dead code removal. Notable features include the ability to handle various obfuscation patterns without renaming methods or classes, and a customizable execution environment to manage optimization parameters.

AI Summary: Skidfuscator is a production-grade Java obfuscation tool that employs SSA form to enhance and obscure Java bytecode flow while maintaining execution efficiency. Its primary use case is to protect applications from reverse engineering by providing advanced obfuscation techniques, automatic dependency downloading, and an easy-to-configure command-line interface. Notable features include smart recovery, flow obfuscation, and out-of-the-box optimization.

README

🗣️ Discord: https://discord.gg/QJC9g8fBU9 📚 Wiki: https://skidfuscator.dev/docs/

🏢 Enterprise/Custom Version: https://skidfuscator.dev/pricing

AI Summary: TABBY is a static code analysis tool designed for Java that rapidly identifies various types of vulnerabilities within Java applications. It utilizes the Soot framework to transform Java bytecode (JAR/WAR/CLASS files) into a code property graph (CPG), which is then stored in a Neo4j graph database, allowing for complex taint analysis and vulnerability chain detection through simple Cypher queries. Notable features include the ability to discover deserialization attack chains and common web vulnerabilities, significantly enhancing the efficiency of code audits by reducing manual search efforts.

AI Summary: XHUNTER is an advanced Android Remote Access Tool (RAT) designed for penetration testing and ethical hacking purposes. It simplifies the connection process between the attacker and victim by eliminating the need for complex port forwarding, offering a user-friendly interface for controlling a victim’s Android device. Notable features include the capability to build and bind payloads to legitimate applications and an intuitive setup process for immediate usability.

README

AI Summary: ysoserial is a proof-of-concept tool designed to generate payloads for exploiting vulnerabilities related to unsafe Java object deserialization. It includes a collection of property-oriented programming “gadget chains” for various Java libraries, allowing users to execute arbitrary commands on an application host when deserialization occurs under vulnerable conditions. Notable features include support for multiple payload types and compatibility with various Java libraries, making it a versatile tool for security researchers focusing on Java application vulnerabilities.