Monday 23 November 2015

VectorAttackScanner


This is a tool to analyze android, linux and windows, to detect points to attack, as intents, receivers, services, processes and libraries.
This tool uses a static analysis methods to do this, the vector attack founded by this tool, can be attacked by fuzzing methods to discover vulnerabilities..
More security researchers, bug hunters, exploit writers, malware developers find a problems as unsecure compilation flags, methods/functions exposes, with this tool is more easy, this tool search by you automatically.
It is well known in the world of IT Security, that have been created countermeasures and memory protections to prevent easily create exploits and prevent programmers to write programs that execute arbitrary code, as RELRO, PAX, ASLR, PIE, NX, SSP, StackCanary and others, this tool search this flags to do the job.
For now this tool only check ELF Binary Format, searching RELRO, PAX, PIE, ASLR, NX, RPATH, RUNPATH, StackCanary and FORTIFY SOURCE protections.
Coming soon i publish this app in the Google Play with a free / pay version.
Features about this project:
  • Analysis apk and so/elf
  • Extract apk and so/elf
  • Scanner AIDL (Android Interface Definition Language)
  • Analysis ssl pining and man in the middle
  • Disassemble resources and sources
  • Mapping classes, methods and imports
  • Analysis backendless (MBaaS - Mobile Backend As A Service) libs
  • Analysis Network traffic
  • Analysis crash on classes
  • CA certificates extractor, APK embedded certificates and Url certificate catcher.
  • Analysis cryptografic API's
  • Analysis intent filters
  • Analysis file system permissions
  • Analysis SH (Shell Scripts)
  • Analysis webview xss and injections.
  • Crash log view
  • Dinamic code injection
  • Fuzzing on intents and native libs (SO/ELF)
  • Hooking native libs / java libs / JNI libs
  • Analysis framework
  • Url certificate catcher
  • Analisys of reflexing code
  • Shellcode detector
  • Analysis apps vulnerable to cloning cards
  • Scanner unsecure storage
  • Hooking passing intents
  • Hooking current activity
  • Process Log Monitor
  • Netstat log
  • Detect keystores
  • Detect websockets libs
  • Detect url burned or hardcoded
  • Detect Carding/cloning/ripping libs
  • Regex analyzer, where the implements this
  • How to Fix This Problem and unsecure practices
Preview: Vector Attack Scanner for Android:
Dissamble Part 1/2
Vector Attack Scanner: new UI:
Dissamble Part 1/2
Vector Attack Scanner: APK analysis:
APK analysis
Vector Attack Scanner: ELF analysis:
ELF analysis

Posted by at No comments:
Subscribe to: Posts (Atom)