MobileApp-Pentest-Cheatsheet
bap
| MobileApp-Pentest-Cheatsheet | bap | |
|---|---|---|
| 1 | 3 | |
| 4,402 | 1,981 | |
| - | 1.2% | |
| 0.0 | 4.6 | |
| 3 months ago | 7 days ago | |
| OCaml | ||
| - | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MobileApp-Pentest-Cheatsheet
-
Testing mobile applications for security vulnerabilities (assignment)
Not a pentester but Kali/metasploit/msfvenom/owasp all spring to mind. Also https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet good luck I'm sure someone may come along with a simpler approach.
bap
-
Any standard algorithms for parsing (disassembling) machine code?
BAP (https://github.com/binaryanalysisplatform/bap), angr (https://angr.io/) and others already do what you're asking for as more purpose-built solutions for dynamic analysis. Angr specifically in python.
- You need to stop idolizing programming languages.
-
Starting ocaml
I find this pretty good https://www.cs.cornell.edu/courses/cs3110/2019sp/textbook/intro/ocaml.html. Fun projects include compilers (pattern matching and static types are why Ocaml is usually selected), binary analysis stuff https://github.com/BinaryAnalysisPlatform/bap, stuff that requires async so you can try out nomadic async stuff, or really anything you desire.
What are some alternatives?
awesome-frida - Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)
VMProtect-devirtualization - Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.
Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
pyt - A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
owasp-mastg - The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
angr - A powerful and user-friendly binary analysis platform!
Java-Deserialization-Cheat-Sheet - The cheat sheet about Java Deserialization vulnerabilities
klee - KLEE Symbolic Execution Engine
awesome-malware-analysis - Defund the Police.
ocamlformat - Auto-formatter for OCaml code
WireShark_Configuration - This is my personal Wireshark configuration. This aids me in troubleshooting by adding new columns and filter buttons to help identify networking and or machine configuration issues.
bolt - Bolt is a language with in-built data-race freedom!