Androguard – Reverse Engineering & Malware Analysis For Android


Androguard is a toolkit built in Python which provides reverse engineering and malware analysis for Android.

Androguard - Reverse Engineering & Malware Analysis For Android

It’s buyilt to examine * Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation), * APK (Android application) (.apk), * Android’s binary xml (.xml) and * Android Resources (.arsc).

Androguard is available for Linux/OSX/Windows (Python powered).

Features

  • Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects
  • Diassemble/Decompilation/Modification of DEX/ODEX/APK format
  • Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD)
  • Access to the static analysis of the code (basic blocks, instructions, permissions)
  • Analysis a bunch of android apps
  • Analysis with ipython/Sublime Text Editor
  • Diffing of android applications
  • Measure the efficiency of obfuscators (proguard, …)
  • Determine if your application has been pirated (plagiarism/similarities/rip-off indicator)
  • Check if an android application is present in a database (malwares, goodwares ?)
  • Open source database of android malware
  • Detection of ad/open source librairies (WIP)
  • Risk indicator of malicious application
  • Reverse engineering of applications (goodwares, malwares)
  • Transform Android’s binary xml (like AndroidManifest.xml) into classic xml
  • Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output
  • Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui…)

Usage

Androguard has many different components, but the most commonly used one would be Androlyze:

You can download Androguard here:

androguard-v2.0.zip

Or read more here.

Posted in: Forensics, Malware

, , ,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


Comments are closed.