Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration Testers and Bug Bounty hunters.

Related tags

Demo Beetlebug
Overview

Screenshot

Beetlebug

Beetlebug is a beginner-friendly Capture the Flag Android application that aims to inspire interest in Mobile Application Security. It is geared towards developers, mobile penetration testers and bug hunters. Features include tracking user’s progress, flag completion state, and so much more!

Vulnerabilities and CTF Challenges include:

  • Hardcoded Secrets
  • Insecure Data Storage
  • Sensitive Information Disclosure
  • Vulnerable Android IPC Components (Broadcast Receivers, Services & Content Providers)
  • Vulnerable Webviews
  • Fingerprint Authentication By-pass
  • Insecure Deeplinks
  • Firebase Database Misconfiguration
  • SQLite Injection
  • Input Validation (XSS)

How to Use

You can compile the source code in Android Studio or use the button below to download the APK file.

Screenshot

User Feedback

I would love to hear from you about your experience with Beetlebug. Please send me an email at [email protected] with your feedback and possible ways to improve the app.

You might also like...
πŸŽ₯ Android App using Kotlin, MVVM, ViewModel and LiveData, RxJava, Retrofit, REST API, OkHttp, Gson, Glide, Paging library and Material Design. In the app you can see a list of popular movies and additional info about every movie.
πŸŽ₯ Android App using Kotlin, MVVM, ViewModel and LiveData, RxJava, Retrofit, REST API, OkHttp, Gson, Glide, Paging library and Material Design. In the app you can see a list of popular movies and additional info about every movie.

Movies πŸŽ₯ Android App using Kotlin, MVVM, ViewModel and LiveData, RxJava, Retrofit, REST API (https://www.themoviedb.org), OkHttp, Gson, Glide, Paging

Viacheslav Veselov 0 Jul 8, 2022
Android sample app following best practices: Kotlin, Compose, Coroutines and Flow, Hilt, JetPack Navigation, ViewModel, MVVM and MVI, Retrofit, Coil
Android sample app following best practices: Kotlin, Compose, Coroutines and Flow, Hilt, JetPack Navigation, ViewModel, MVVM and MVI, Retrofit, Coil

Foodies - Modern Android Architecture Foodies is a sample project that presents a modern 2021 approach to Android app development. The project tries t

null 362 Jan 2, 2023
🧸 A demo Disney app using Jetpack Compose and Hilt based on modern Android tech stacks and MVVM architecture.
🧸 A demo Disney app using Jetpack Compose and Hilt based on modern Android tech stacks and MVVM architecture.

DisneyCompose A demo Disney app using compose and Hilt based on modern Android tech-stacks and MVVM architecture. Fetching data from the network and i

Jaewoong Eum 791 Dec 30, 2022
OpenPacketSniffer - Monitors and handles network packets sent and received to/from a host

Packet Sniffer Monitors network activity and logs all packets that have been sent/received by the client's host. Settings In Main.kt, the PcapHandler

Neel 0 Jan 5, 2022
A simple app to showcase Androids Material Design and some of the cool new cool stuff in Android Lollipop. RecyclerView, CardView, ActionBarDrawerToggle, DrawerLayout, Animations, Android Compat Design, Toolbar
A simple app to showcase Androids Material Design and some of the cool new cool stuff in Android Lollipop. RecyclerView, CardView, ActionBarDrawerToggle, DrawerLayout, Animations, Android Compat Design, Toolbar

#Android-LollipopShowcase This is a simple showcase to show off Android's all new Material Design and some other cool new stuff which is (new) in Andr

Mike Penz 1.8k Nov 10, 2022
A simple app to showcase Androids Material Design and some of the cool new cool stuff in Android Lollipop. RecyclerView, CardView, ActionBarDrawerToggle, DrawerLayout, Animations, Android Compat Design, Toolbar
A simple app to showcase Androids Material Design and some of the cool new cool stuff in Android Lollipop. RecyclerView, CardView, ActionBarDrawerToggle, DrawerLayout, Animations, Android Compat Design, Toolbar

#Android-LollipopShowcase This is a simple showcase to show off Android's all new Material Design and some other cool new stuff which is (new) in Andr

Mike Penz 1.8k Nov 10, 2022
simple android grocery app using kotlin and android studio
simple android grocery app using kotlin and android studio

Project Idea The idea of this project is to make a grocery android app that users can use to order the groceries they want. It doesn't contain any bac

null 0 Nov 29, 2021
Do's and Don'ts for Android development, by Futurice developers
Do's and Don'ts for Android development, by Futurice developers

Best practices in Android development Avoid reinventing the wheel by following these guidelines. Lessons learned from Android developers in Futurice.

Futurice 20.2k Dec 31, 2022
A simple chat demo for socket.io and Android

socket.io-android-chat This is a simple chat demo for socket.io and Android. You can connect to https://socket-io-chat.now.sh using this app. Installa

Naoyuki Kanezawa 1.9k Dec 30, 2022
Comments
  • JavaScript Code injection

    JavaScript Code injection

    Hey man,

    First of all, really nice CTF so far. But I've managed to run into an issue. After finishing the Load Arbitrary URL challenge I noticed that the JavaScript Code Injection was set to "Done" instead and I'm not sure if my device caused the issue. My flags are the following:

    <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
    <float name="ctf_score_secret_string" value="6.25" />
    <float name="ctf_score_sqlite" value="6.25" />
    <float name="ctf_score_external" value="6.25" />
    <float name="ctf_score_secret_source" value="6.25" />
    <float name="ctf_score_webview" value="6.25" />
    <float name="ctf_score_shared_pref" value="6.25" />
</map>

    The ctf_score_xss is not present and still it shows as "Done" while the Load Arbitrary URL is still available: image

    I've temporarily patched the check using frida but it might be something looking into :)

    I think the root cause is in WebViewFragmentHome.java mixing up the button order:

    image

    opened by stefan2200 2
  • Shared preference

    Shared preference

    Hi,

    I found the flag of Shared Preference chall. I successed to login but when I submit the flag I get "Try again" error message.

    Any reason for that ?

    opened by weird-oecophylla 0
Releases(v1.0)
Owner
Hafiz Abdulaziz
Security at HackerOne ● Android Developer
Hafiz Abdulaziz
GitHub
A sample Android app which showcases advanced usage of Dagger among other open source libraries.

U+2020 A sample Android app which showcases advanced usage of Dagger among other open source libraries. Watch the corresponding talk or view the slide

Jake Wharton 5.7k Dec 22, 2022
πŸ‘¨β€πŸ’» A demonstration modern Android development project with Jetpack(Compose, Room, ViewModel, Navigation), Hilt and based on MVVM by using Open Sky API. ✈️ 🌍

A demonstration modern Android development project with Jetpack(Compose, Room, ViewModel, Navigation), Hilt and based on MVVM by using Open Sky API.

Ismail Oguzhan Ay 13 Dec 4, 2022
Restaurant is a demo application based on modern Android application tech-stacks and MVVM architecture

Restaurant is a demo application based on modern Android application tech-stacks and MVVM architecture. Fetching data from the network via repository pattern.

Eslam kamel 25 Nov 20, 2022
Collection of UIs and Animations built with Jetpack Compose for Android

Jet Composer is a sample app built with Jetpack Compose for Android, which demonstrates the various UIs and animations that can be built with it.

Prafull Mishra 378 Dec 17, 2022
A sample Grocery Store app built using the Room, MVVM, Live Data, Rx Java, Dependency Injection (Kotlin Injection) and support Dark Mode

Apps Intro A sample Grocery Store app built using the Room, MVVM, Live Data, Rx Java, Dependency Injection (Kotlin Injection) and support Dark Mode In

Irsyad Abdillah 25 Dec 9, 2022
A sample Android application with a strong focus on a clean architecture, automated unit and UI testing and continuous integration.

Android playground This is a sample Android application with a strong focus on a clean architecture, automated unit and UI testing and continuous inte

null 6 Jun 4, 2022
Sample application demonstrating Android design and animation

android-movies-demo This is a sample application showing off some interesting design/development interactions for a talk given at Droidcon 2013. As it

Daniel Lew 359 Jan 1, 2023
A demo application that uses TMDB APIs to fetch the movie details and cache it using the Room DB.

TMDB App Tmdb sample project is a demo application that is based on modern Android architectures. It will fetch the data from the network and cache it

Clint Paul 38 Nov 28, 2022
WeatherAndroidApplication - An Android Application, it will check the weather in the USA using Zip Code

WeatherAndroidApplication This is an Android Application, It will check the weat

Mohammad Jaha 2 Mar 8, 2022
Demo Android application using Gradle. Project is written entirely in Kotlin with MVVM architecture

Demo Android application using Gradle. Project is written entirely in Kotlin with MVVM architecture, Dagger / Hilt Dependency Injection, Room Database and Retrofit API Calls

Dejan Radmanovic 1 Apr 6, 2022