hpAndro1337
Repository for download all version of @hpAndro1337 (Android AppSec) application.
Table of Contents
Loading contents...
README.md
@hpAndro1337 Android Application Security
CTF Style Android Security Challenges ctf.hpandro.raviramesh.info
/img/logo.png "https://ctf.hpandro.raviramesh.info"){kind=logo}
Android AppSec (Kotlin) app will help you to practice for Android Security points. We do it for the right reasons - to help developers make their apps more secure. The best way to verify that your app follows secure mobile development best practices is to perform security assessments of the app, which can include automated mobile app security testing, fuzzing, manual penetration testing, and more. This application represents some of the knowledge we share with the infosec community. We are trying to build a vulnerable application based on OWASP Mobile Security Testing Guide.
We (@hpAndro and @_RaviRamesh) spend a lot of time attacking android app hacking, breaking encryption, finding bussiness logic flaws, penetration testing, and looking for sensitive data stored insecurely.
We try harder to build vulnerable application for you..
In this application we are covering below points:
- HTTP Traffic
- HTTP Traffic
- HTTPS Traffic
- Public Key Pinning
- Certificate Pinning Bypass (network_security_config.xml) [Coming Soon…]
- Certificate Pinning Bypass (okhttp) [Coming Soon…]
- Certificate Pinning Bypass (Cert check) [Coming Soon…]
- Certificate Pinning Bypass (Cert Hash match) [Coming Soon…]
- Non-HTTP Traffic
- TCP Traffic
- UDP Traffic
- WebSocket Traffic
- Web Socket (WS)
- Web Socket Secure (WSS)
- Root Detection
- Root Management Apps
- Potentially Dangerous Apps [Available in Master App]
- Root Cloaking Apps
- Test Keys
- Dangerous Props [Available in Master App]
- BusyBox Binary
- Su Binary [Available in Master App]
- Su Exists
- RW System [Available in Master App]
- SafetyNet [Coming Soon…]
- Using running processes [Coming Soon…]
- Emulator detection
- Virtual Phone Number [Available in Master App]
- Device IDs [Available in Master App]
- Hardware Specifications [Available in Master App]
- QEmu Detection [Available in Master App]
- File Based Checking [Available in Master App]
- IP Based Checking [Available in Master App]
- Package Name [Available in Master App]
- Debug Flag [Available in Master App]
- Network Operator Name [Available in Master App]
- Anti-Debugging detection
- PMS Hook Detection [Coming Soon…]
- Checking TracerPid [Coming Soon…]
- Using Fork and ptrace [Coming Soon…]
- Frida Detection [Coming Soon…]
- SafetyNet [Coming Soon…]
- Debuggable Flag [Coming Soon…]
- isDebugger Connected [Available in Master App]
- Timer Checks [Coming Soon…]
- JDWP-Related Data Structures [Coming Soon…]
- Insecure Data Storage
- SQLite Databases (Unencrypted)
- SQLite Databases (Encrypted) [Available in Master App]
- Realm Databases (Unencrypted) [Coming Soon…]
- Realm Databases (Encrypted) [Coming Soon…]
- Firebase Real-time Databases [Coming Soon…]
- Shared Preferences
- Internal Storage
- External Storage
- KeyStore [Available in Master App]
- KeyChain [Coming Soon…]
- Keyboard Cache [Coming Soon…]
- User Interface [Coming Soon…]
- App Backup [Coming Soon…]
- Screenshots [Coming Soon…]
- Memory [Available in Master App]
- User Dictionary Cache [Coming Soon…]
- Clipboard [Available in Master App]
- Activity data
- Logs
- Informational Logs
- Error Logs
- Warnings Logs
- Debug Logs
- Verbose Logs
- WTF Logs
- Content Providers
- SQL Injection
- File System Expose [Available in Master App]
- Encryption
- Message Authentication Codes [Coming Soon…]
- Message Digest [Coming Soon…]
- Signatures [Coming Soon…]
- Custom Implementations [Coming Soon…]
- Caesar Cipher
- Weak Key Generation [Coming Soon…]
- Weak Random Number [Coming Soon…]
- Weaker Padding [[Coming Soon…]](https://hp
... Content truncated. Click "See More" to view the full README.
Tool Information
Author
RavikumarRamesh
Project Added On
May 27, 2025
License
Open Source
