Massive list of Android Malware Analysis tools [2017]

Take a look at this massive list of tools that you can use to analyse Android devices and Android malware. The tools has been listed in various categories and the tools are straight forward in usage.

We saw this list at MalVerse and we just could not resist to share it here.

The categories: 

  • MITM & NETWORK ANALYSIS
  • VULNERABILITIES
  • FUZZING
  • UNPACKERS / DEOBFUSCATORS
  • PACKERS / OBFUSCATORS
  • REVERSE ENGINEERING
  • NETWORK
  • TOOLKITS
  • FRAMEWORKS
  • SANDBOXES
  • FORENSICS & REVERSING

We hope that you will make great use of this collection.

 

MITM & NETWORK ANALYSIS

PScout – Analyzing the Android Permission Specification
Scalpel – A surgical debugging tool to uncover the layers under your app
SPARTA – Is building a toolset to verify the security of mobile phone applications
Apk Sign – Sign.jar automatically signs an apk with the Android test certificate.
SIIS Tools – This page contains a list of software tools created by the SIIS lab
Smali – An assembler/disassembler for Android’s dex format
Smali-CFGs – Smali Control Flow Graph’s
SmaliEx – A wrapper to get dex from oat
SmaliSCA – Static Code Analysis for Smali files
Soot – Java Optimization Framework
STAMP – STatic Analysis of Mobile Programs
Systrace – Analyze the performance capturing and displaying execution times of your applications and other Android system processes
TaintDroid – Tracking how apps use sensitive information required
Traceview – Graphical viewer for execution logs saved by your application
Undx – Bytecode translator
XML-apk-parser – Print AndroidManifest.xml directly from apk file

VULNERABILITIES

AndroBugs Framework – Is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
Devknox – Autocorrect security issues as you write code
JAADAS – Joint Advanced Defect assEsment for android applications
QARK – Quick Android Review Kit – This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.
Quixxi – Free automated vulnerability test.
SUPER Android Analyzer – Secure, Unified, Powerful and Extensible Rust Android Analyzer

FUZZING

IntentFuzzer – is a tool that can be used on any device using the Google Android operating system (OS)
Radamsa Fuzzer – An Android port of radamsa fuzzer
Honggfuzz – Security oriented fuzzer with powerful analysis options
Melkor – An Android port of the melkor ELF fuzzer
MFFA – Media Fuzzing Framework for Android
AndroFuzz – A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process

UNPACKERS / DEOBFUSCATORS

Android Unpacker – Android Unpacker presented at Defcon 22 – Android Hacker Protection Level 0
Dehoser – Unpacker for the HoseDex2Jar APK Protection which packs the original file inside the dex header
Kisskiss – Unpacker for various Android packers/protectors
Simplify – Generic Android Deobfuscator
ClassNameDeobfuscator – Simple script to parse through the .smali files produced by apktool and extract the .source annotation lines.

PACKERS / OBFUSCATORS

Allatori
APKfuscator – A generic DEX file obfuscator and munger
APKProtect
Bangcle
DexGuard – Optimizer and obfuscator for Android
HoseDex2Jar – Adds some instructions to the classes.dex file that Dex2Jar can not process
ProGuard – Shrinks, optimizes, and obfuscates the code by removing unused code and renaming classes, fields, and methods with semantically obscure names

REVERSE ENGINEERING

AndBug – A Scriptable Android Debugger
AndroChef – Java Decompiler apk, dex, jar and java class-files
Androguard – powerful, integrates well with other tools
Android Framework for Exploitation
APK Studio – Android Reverse Engineering Tool By Vaibhav Pandey a.k.a VPZ
Apktool – really useful for compilation/decompilation (uses smali)
ART – GUI for all your decompiling and recompiling needs
Bypass signature and permission checks for IPCs
Android OpenDebug – make any application on device debuggable (using cydia substrate)
Dare – .dex to .class converter
Dava – Decompiler for arbitrary Java bytecode
DecoJer – Java Decompiler
Dex2Jar – dex to jar converter
Dex-decomplier – Dex decompiler
Enjarify – dex to jar converter from Google
Dedexer – is a disassembler tool for DEX files
Fino – Android small footprint inspection tool
Frida – inject javascript to explore applications and a GUI tool for it
Indroid – thread injection kit
IntentSniffer – is a tool that can be used on any device using the Google Android operating system (OS)
Introspy – Blackbox tool to help understand what an Android application is doing at runtime and assist in the identification of potential security issues
JAD – Java decompiler
JADX – Dex to Java decompiler
JD-GUI – Java decompiler
JEB Decompiler – The Interactive Android Decompiler
CFR – Java decompiler
Krakatau – Java decompiler
Luyten – Java Decompiler Gui for Procyon
Procyon – Java decompiler
FernFlower – Java decompiler
Redexer – apk manipulation
Smali viewer
Simplify Android deobfuscator – Generic Android Deobfuscator
Bytecode viewer – A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Radare2 – Unix-like reverse engineering framework and commandline tools
Reverse Android – Reverse-engineering tools for Android applications
Xenotix-APK-Decompiler – APK decompiler powered by dex2jar and JAD
ZjDroid – Android app dynamic reverse tool based on Xposed framework

NETWORK

Android tcpdump
Canape
Nogotofail
ProxyDroid
Wireshark

TOOLKITS

Android Malware Analysis Toolkit
Android Tamer
Androl4b
APK Resource Toolkit
Appie – Android Pentesting Portable Integrated Environment
AppUse
AuditdAndroid
CobraDroid
CuckooDroid
MARA_Framework
Mem
MobiSec
Open Source Android Forensics Toolkit
ProbeDroid
Santoku
Vezir-Project
viaLab Community Edition

FRAMEWORKS

MobSF – Mobile Security Framework
Needle

SANDBOXES

Android Sandbox
AndroTotal
Anubis
APK Analyzer
APP-RAY
AppCritique
Appknox
AVCaesar
AVC UnDroid
CopperDroid
Droidbox
Eacus – MobiSec Lab
HackApp
Mobile Malware Analysis
Mobile Sandbox
NVISO ApkScan
SandDroid
Tracedroid
VisualThreat

FORENSICS & REVERSING

AFLogical – Android forensics tool developed by viaForensics
Amandroid – Is a static analysis framework for Android apps
Android backup extractor – Android backup extractor
Android Loadable Kernel Modules
Android SDK
Android4me – J2ME port of Google’s Android
Android-forensics – Open source Android Forensics app and framework
Android-random – Collection of extended examples for Android developers
Androwarn – Is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application
ApkAnalyser – Static, virtual analysis tool
Apk-extractor – Android Application (.apk) file extractor and Parser for Android Binary XML
Apkinspector – Powerful GUI tool for analysts to analyze the Android applications
Apk-recovery – Recover main resources from your .apk file
Audit tools
bunq fuzzer – Program for testing a mobile app by sending it semi-random inputs
Canhazaxs – A tool for enumerating the access to entries in the file system of an Android device
ConDroid – Symbolic/concolic execution of Android apps
DDMS – Dalvik Debug Monitor Server
Decaf-platform – DECAF Binary Analysis Platform
Device Monitor – Graphical user interface for several Android application debugging and analysis tools
Dexinfo – A very rudimentary Android DEX file parser
Dexter – Static android application analysis tool
Dexterity – Dex manipulation library
Dextools – Miscellaenous DEX (Dalvik Executable) tools
DidFail – Uses static analysis to detect potential leaks of sensitive information within a set of Android apps
Drozer – Comprehensive security audit and attack framework for Android
FindBugs – Find Bugs in Java Programs
Find Security Bugs – The FindBugs plugin for security audits of Java web applications.
FlowDroid – Is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications
Heimdall – Cross-platform open-source tool suite used to flash firmware (aka ROMs) onto Samsung mobile devices
Hidex – Demo application where a method named thisishidden() in class MrHyde is hidden from disassemblers but no called by the app
Hooker – Automated Dynamic Analysis of Android Applications
Maldrolyzer – Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers etc.)
mbfuzzer (Mobile Application Fuzzer via SSL MITM) – Mobile Application Fuzzer via SSL

Founder of Cyberwarzone.com.