A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Related tags

Utility android reverse-engineering penetration-testing application-security malware-analyzer mobile-security
Overview

Androl4b

AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

What's new in Androl4b v.3?

  • Tools are updated
  • New tools and lab added
  • Upgraded to Ubuntu mate 17.04
  • Some cleanup

Mega Part 1

Mega Part 2

Google Drive Part 1

Google Drive Part 2

Follow me alt text

Username : andro

Password : andro

Emulator Pin: 1234

Tools

Radare2 Unix-like reverse engineering framework and commandline tools

Frida Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX.

ByteCodeViewer Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)

Mobile Security Framework (MobSF) (Android/iOS) Automated Pentesting Framework (Just Static Analysis in this VM)

Drozer Security Assessment Framework for Android Applications

APKtool Reverse Engineering Android Apks

AndroidStudio IDE For Android Application Development

BurpSuite Assessing Application Security

Wireshark Network Protocol Analyzer

MARA Mobile Application Reverse engineering and Analysis Framework

FindBugs-IDEA Static byte code analysis to look for bugs in Java code

AndroBugs Framework Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications

Qark Tool to look for several security related Android application vulnerabilities

Labs:

Damn Insecure and vulnerable App for Android(DIVA) Vulnerable Android Application

InsecureBankv2 Vulnerable Android Application

Android Security Sandbox An app showcase of some techniques to improve Android app security

GoatDroid A fully functional and self-contained training environment for educating developers and testers on Android security

Sieve: A Password Manager App, showcasing some common Android vulnerabilities

Comments
  • integrity of files failed - md5sum: WHY?

    integrity of files failed - md5sum: WHY?

    MD5SUM 6710c2b1f583644a8b03e4301d13cc1c Androl4b.ova.7z 3e8c42edc0b336325f8a5dd2d45549b3 Androl4b.ova.7z.001 0d9a3bfadb122f357bfa274853ce2592 Androl4b.ova.7z.002

    I am use cat to merge files, but this had damaged.

    Please a help.

    opened by AjaxFB 9
  • Suggestion about downloads

    Suggestion about downloads

    It would be cool if you hosted somewhere other than mega too as you can't download the VM all at once because the files too big with a free mega account

    opened by 0xff7 2
  • Supported Virtualization Software

    Supported Virtualization Software

    The VM image seems to be exported as OVA 2, which VMware Player 14 does not support. I tried a work around, by importing on VirtualBox, and then exporting as OVA 1.0, that VMware takes. But still, the VM does not start correctly. Not sure if this is an issue with the version or in my env. In any case, I'd suggest to add a note in the readme stating that the VM is for use on VirtualBox only if that's the case.

    opened by locovich 1
  • Tools request - Android.

    Tools request - Android.

    It will be great if you can include these tools in next release. I was able to install them successfully on the current branch.

    jadx - https://github.com/skylot/jadx gplaycli - https://github.com/matlink/gplaycli

    opened by pt6567 1
  • Not an issue, but requesting knowledge

    Not an issue, but requesting knowledge

    Hi. Would you share how you are running that android emulator inside the VM? I am trying to setup a newer version of android, but am having issues emulating the VM.

    Thanks!

    opened by securisec 0
  • Use Vagrant

    Use Vagrant

    May I suggest that you distribute a Vagrant-file instead of a binary image?
    I find the idea for an android pen testing vm compelling, but have no interest in downloading some untrusted vm to my machine.

    opened by jottr 5
  • drozer could not find or compile a required extension library

    drozer could not find or compile a required extension library

    I am getting the following error with the drozer 'scanner.provider.finduris' command. % run scanner.provider.finduris -a jakhar.aseem.diva Scanning jakhar.aseem.diva... drozer could not find or compile a required extension library.

    Posts suggested to run 'make apks', but that also fails and throws this exception: com.android.dx.cf.iface.ParseException: bad class file magic (cafebabe) or version (0034.0000) .... .... ...while parsing FileUtil.class

    The Java version in the Androl4b VM is: openjdk version "1.8.0_151"

    opened by spags22 0
Owner
Purple Teaming | Adversarial simulation
null
GitHub
An easy-to-use, cross-platform measurement tool that pulls data out of CD pipelines and analysis the four key metrics for you.

Maintained by SEA team, ThoughtWorks Inc. Read this in other languages: English, 简体中文 Table of Contents About the Project Usage How to Compute Contrib

Thoughtworks 277 Jan 7, 2023
DiskCache - Simple and readable disk cache for kotlin and android applications

DiskCache Simple and readable disk cache for kotlin and android applications (with journaled lru strategy) This is a simple lru disk cache, based on t

Giovanni Corte 14 Dec 2, 2022
A set of helper classes for using dagger 1 with Android components such as Applications, Activities, Fragments, BroadcastReceivers, and Services.

##fb-android-dagger A set of helper classes for using dagger with Android components such as Applications, Activities, Fragments, BroadcastReceivers,

Andy Dennie 283 Nov 11, 2022
gRPC and protocol buffers for Android, Kotlin, and Java.

Wire “A man got to have a code!” - Omar Little See the project website for documentation and APIs. As our teams and programs grow, the variety and vol

Square 3.9k Dec 31, 2022
General purpose utilities and hash functions for Android and Java (aka java-common)

Essentials Essentials are a collection of general-purpose classes we found useful in many occasions. Beats standard Java API performance, e.g. LongHas

Markus Junginger 1.4k Dec 29, 2022
Access and process various types of personal data in Android with a set of easy, uniform, and privacy-friendly APIs.

PrivacyStreams PrivacyStreams is an Android library for easy and privacy-friendly personal data access and processing. It offers a functional programm

null 269 Dec 1, 2022
A simple and easy to use stopwatch and timer library for android

TimeIt Now with Timer support! A simple and easy to use stopwatch and timer library for android Introduction A stopwatch can be a very important widge

Yashovardhan Dhanania 35 Dec 10, 2022
Trail is a simple logging system for Java and Android. Create logs using the same API and the library will detect automatically in which platform the code is running.

Trail Trail is a simple logging system for Java and Android. Create logs using the same API and the library will detect automatically in which platfor

Mauricio Togneri 13 Aug 29, 2022
General purpose utilities and hash functions for Android and Java (aka java-common)

Essentials Essentials are a collection of general-purpose classes we found useful in many occasions. Beats standard Java API performance, e.g. LongHas

Markus Junginger 1.4k Dec 29, 2022
A library for fast and safe delivery of parameters for Activities and Fragments.

MorbidMask - 吸血面具 Read this in other languages: 中文, English, Change Log A library for fast and safe delivery of parameters for Activities and Fragment

Season 67 Mar 29, 2022
Matches incoming and/or outgoing text messages against set rules and sends them over to webhook.

Textmatic If you ever wanted a tool to simply push the SMS (or text messages) from your phone to somewhere remote, this is it. This app matches all in

Float 2 Jan 7, 2022
Command framework built around Kord, built to be robust and scalable, following Kord's convention and design patterns.

Command framework built around Kord, built to be robust and scalable, following Kord's convention and design patterns.

ZeroTwo Bot 4 Jun 15, 2022
a simple cache for android and java

ASimpleCache ASimpleCache 是一个为android制定的 轻量级的 开源缓存框架。轻量到只有一个java文件(由十几个类精简而来)。 1、它可以缓存什么东西? 普通的字符串、JsonObject、JsonArray、Bitmap、Drawable、序列化的java对象,和 b

Michael Yang 3.7k Dec 14, 2022
A lightning fast, transactional, file-based FIFO for Android and Java.

Tape by Square, Inc. Tape is a collection of queue-related classes for Android and Java. QueueFile is a lightning-fast, transactional, file-based FIFO

Square 2.4k Dec 30, 2022
UPnP/DLNA library for Java and Android

Cling EOL: This project is no longer actively maintained, code may be outdated. If you are interested in maintaining and developing this project, comm

4th Line 1.6k Jan 4, 2023
WebSocket & WAMP in Java for Android and Java 8

Autobahn|Java Client library providing WAMP on Java 8 (Netty) and Android, plus (secure) WebSocket for Android. Autobahn|Java is a subproject of the A

Crossbar.io 1.5k Dec 9, 2022
Collection of source codes, utilities, templates and snippets for Android development.

Android Templates and Utilities [DEPRECATED] Android Templates and Utilities are deprecated. I started with this project in 2012. Android ecosystem ha

Petr Nohejl 1.1k Nov 30, 2022
Android library for viewing, editing and sharing in app databases.

DbInspector DbInspector provides a simple way to view the contents of the in-app database for debugging purposes. There is no need to pull the databas

Infinum 924 Jan 4, 2023
A beautiful set of predefined colors and a set of color methods to make your Android development life easier.

Colours is a port of the Colours Library for iOS made by my good friend Ben Gordon. You can find that project here. Installation Maven Central Colours

Matthew York 634 Dec 28, 2022