├── .gitignore
├── .toolskey.enc
├── .travis.yml
├── Documentation
├── Development
│ ├── Application
│ │ └── basics.md
│ └── ROM Development
│ │ ├── fastboot.md
│ │ └── heimdall.md
├── Examples
│ ├── adb.md
│ └── fastboot.md
├── General
│ ├── decompile.md
│ ├── multi_devices.md
│ ├── packages.md
│ ├── python_packages.md
│ ├── repo_configure.md
│ ├── running_emulator.md
│ ├── screenshot.md
│ └── tools_mindmap.md
├── Security Assessment
│ ├── Automated Analysis
│ │ ├── MobSF.md
│ │ └── drozer.md
│ ├── Manual Analysis
│ │ └── APKTool.md
│ └── Pentesting
│ │ ├── Burpsuite.md
│ │ ├── nikto.md
│ │ └── nmap.md
├── Training
│ ├── DIVA
│ │ ├── 00_Home.md
│ │ ├── 01_Insecure_Logging.md
│ │ ├── 02_Hardcoding_Issues.md
│ │ ├── 03_Insecure_Data_Storage_P1.md
│ │ ├── 04_Insecure_Data_Storage_P2.md
│ │ ├── 05_Insecure_Data_Storage_P3.md
│ │ ├── 06_Insecure_Data_Storage_P4.md
│ │ ├── 07_Input_Validation_Issues_P1.md
│ │ ├── 08_Input_Validation_Issues_P2.md
│ │ ├── 09_Access_Control_Issues_P1.md
│ │ └── 10_Access_Control_Issues_P2.md
│ └── index.md
├── images
│ ├── APKTool.jpg
│ ├── Readme.txt
│ ├── adb_list.jpg
│ ├── adb_list_cat.jpg
│ ├── apk2java.jpg
│ ├── burp-eula.png
│ ├── burp-title.jpg
│ ├── burp.png
│ ├── decompiled_apk.jpg
│ ├── drozer_check.jpg
│ ├── emulator_install
│ │ ├── 1-sdk.jpg
│ │ ├── 2-accept_license.jpg
│ │ ├── 3-loaded.jpg
│ │ ├── 4-status_installed.jpg
│ │ ├── 5-avd_options.jpg
│ │ ├── 6-vm_created.jpg
│ │ ├── 7-launch_vm.jpg
│ │ └── 8-emulator_running.jpg
│ ├── fastboot.png
│ ├── heimdall-icon.png
│ ├── heimdall.png
│ ├── install_open_vm_tools.jpg
│ ├── mobsf_running.jpg
│ ├── mobsf_running_90.jpg
│ ├── nikto-icon.png
│ ├── nikto.jpg
│ ├── nmap-icon.png
│ ├── nmap.jpg
│ ├── repo_androidtamer.jpg
│ ├── repo_androidtamer_home.jpg
│ ├── synaptic.jpg
│ ├── vmware_import_error_linux.jpg
│ ├── vmware_import_error_mac.jpg
│ └── vuln_apps
│ │ └── DIVA
│ │ ├── Challenge_10a.png
│ │ ├── Challenge_10b.png
│ │ ├── Challenge_10c.png
│ │ ├── Challenge_10d.png
│ │ ├── Challenge_10e.png
│ │ ├── Challenge_10f.png
│ │ ├── Challenge_10g.png
│ │ ├── Challenge_10h.png
│ │ ├── Challenge_10i.png
│ │ ├── Challenge_10j.png
│ │ ├── Challenge_10k.png
│ │ ├── Challenge_10l.png
│ │ ├── Challenge_1a.png
│ │ ├── Challenge_1b.png
│ │ ├── Challenge_1c.png
│ │ ├── Challenge_2a.png
│ │ ├── Challenge_2b.png
│ │ ├── Challenge_2c.png
│ │ ├── Challenge_2d.png
│ │ ├── Challenge_2e.png
│ │ ├── Challenge_2f.png
│ │ ├── Challenge_3a.png
│ │ ├── Challenge_3b.png
│ │ ├── Challenge_3c.png
│ │ ├── Challenge_3d.png
│ │ ├── Challenge_3e.png
│ │ ├── Challenge_3f.png
│ │ ├── Challenge_4a.png
│ │ ├── Challenge_4b.png
│ │ ├── Challenge_4c.png
│ │ ├── Challenge_4d.png
│ │ ├── Challenge_4e.png
│ │ ├── Challenge_4f.png
│ │ ├── Challenge_4g.png
│ │ ├── Challenge_4h.png
│ │ ├── Challenge_4i.png
│ │ ├── Challenge_4y.png
│ │ ├── Challenge_4z.png
│ │ ├── Challenge_5a.png
│ │ ├── Challenge_5b.png
│ │ ├── Challenge_5c.png
│ │ ├── Challenge_5d.png
│ │ ├── Challenge_5e.png
│ │ ├── Challenge_6a.png
│ │ ├── Challenge_6b.png
│ │ ├── Challenge_6c.png
│ │ ├── Challenge_6d.png
│ │ ├── Challenge_6e.png
│ │ ├── Challenge_7a.png
│ │ ├── Challenge_7b.png
│ │ ├── Challenge_7c.png
│ │ ├── Challenge_7d.png
│ │ ├── Challenge_7e.png
│ │ ├── Challenge_7f.png
│ │ ├── Challenge_8a.png
│ │ ├── Challenge_8b.png
│ │ ├── Challenge_8c.png
│ │ ├── Challenge_8d.png
│ │ ├── Challenge_8e.png
│ │ ├── Challenge_8f.png
│ │ ├── Challenge_9a.png
│ │ ├── Challenge_9b.png
│ │ ├── Challenge_9c.png
│ │ ├── Challenge_9d.png
│ │ ├── Challenge_9e.png
│ │ ├── Challenge_9y.png
│ │ ├── Challenge_9z.png
│ │ ├── diva1.png
│ │ └── diva2.png
├── img
│ └── favicon.ico
└── index.md
└── mkdocs.yml
/.gitignore:
--------------------------------------------------------------------------------
1 | site/
2 | .DS_Store
3 | .toolskey
4 | .toolskey.pub
5 | *.pyc
--------------------------------------------------------------------------------
/.toolskey.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/.toolskey.enc
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: python
2 | python:
3 | - '2.7'
4 |
5 | before_install:
6 | - openssl aes-256-cbc -K $encrypted_48b5285fe911_key -iv $encrypted_48b5285fe911_iv -in .toolskey.enc -out .toolskey -d
7 |
8 | branches:
9 | except:
10 | - gh-pages
11 |
12 | install:
13 | - pip install mkdocs
14 | - pip install mkdocs-tamerdocs
15 | - pip install python-markdown-oembed
16 | - pip install markdown-newtab
17 | - pip install markdown-checklist
18 | - pip install linkchecker
19 | - pip install requests
20 |
21 |
22 | before_script:
23 | # Replace with the line that travis encrypt-file printed out
24 | - git config remote.origin.url git@github.com:${TRAVIS_REPO_SLUG}
25 | - COMMIT_MESSAGE="Test Commit `date "+%Y-%m-%d %H:%M:%S"` from `git log -n 1 --format='commit %h - %s'`"
26 |
27 | script:
28 | - mkdocs build --clean
29 |
30 | after_success: >
31 | echo $TRAVIS_BRANCH; echo $TRAVIS_PULL_REQUEST;
32 | if [[ $TRAVIS_BRANCH == 'master' && $TRAVIS_PULL_REQUEST == 'false' ]]; then
33 | echo "Will Deploy From Here"
34 | rm -rf .git ;
35 | chmod go-rwx .toolskey
36 | eval `ssh-agent -s`
37 | ssh-add .toolskey
38 | cd site
39 | python -m SimpleHTTPServer &
40 | PID=$!
41 | echo PID
42 | ps aux | grep SimpleHTTPServer
43 | linkchecker http://127.0.0.1:8000/
44 | kill -KILL $PID
45 | ps aux | grep SimpleHTTPServer
46 | echo "tools.androidtamer.com" > ./CNAME
47 | git init ;
48 | git add . ;
49 | git config --global user.name "Anant Shrivastava via Travis-CI";
50 | git config --global user.email "anant+travisci@anantshri.info";
51 | git commit -m "Deploy Travis CI build $TRAVIS_BUILD_NUMBER to GitHub pages";
52 | git push -v -f git@github.com:${TRAVIS_REPO_SLUG} master:gh-pages
53 | echo "Deployed";
54 | fi
--------------------------------------------------------------------------------
/Documentation/Development/Application/basics.md:
--------------------------------------------------------------------------------
1 | # Basic Development Tools
2 |
3 | AndroidTamer does not only comprise of offensive tools and scripts for Android security testing, but also frameworks for Android app development. Some development tools which come with AndroidTamer are:
4 | - Android Studio
5 | - Android SDK
6 | - Android AVD Management
7 |
8 | ### Android-Studio
9 |
10 | Android Studio is the official Integrated Development Environment (IDE) for the Android platform. You can code, compile and debug Android apps using Android Studio. Know more about the IDE in its [official website](https://developer.android.com/studio/index.html).
11 |
12 | It is by default installed and configured in your terminal path. All you need to do is just type the following command:
13 |
14 | ```
15 | android@tamer ~> android-studio
16 | ```
17 |
18 | ### Android SDK
19 |
20 | Android Software Development Kit (SDK) comes with the Android Studio package. The latest version of Android SDK gets downloaded and installed on the first run of Android Studio. It is a set of development tools used to develop applications for Android platform. The Android SDK includes the following:
21 |
22 | - Required libraries
23 | - Debugger
24 | - An emulator
25 | - Relevant documentation for the Android application program interfaces (APIs)
26 | - Sample source code
27 | - Tutorials for the Android OS
28 |
29 | Each version of Android has its own SDK. It provides the ability to create an application for particular version(s) of Android. For example, if you have installed SDK for Android Nougat, you can create Android apps for that version. Similarly, you need to install the SDK of all the versions for which you want to create the Android apps.
30 |
31 | Android SDK Manager allows you to install, manage and delete SDKs. In AndroidTamer, it is installed on the path `/opt/Arsenal/android-sdk-linux`. You could start the Android SDK Manager with ease using the following command:
32 |
33 | ```
34 | android@tamer ~> android sdk
35 | ```
36 |
37 | ### Android AVD Management
38 |
39 | An Android Virtual Device (AVD) is an emulator configuration that allows developers to test the application by simulating the real device capabilities. Not only does it help with compatibility testing after the Android app development but also helps in dynamic analysis of the apps.
40 |
41 | As AndroidTamer is a virtual machine environment hence **its recommended to run emulator only when you have alocated more then 2 GB of RAM** to the virtual machine.
42 |
43 | To directly launch AVD manager type following command:
44 |
45 | ```
46 | android@tamer ~> android avd
47 | ```
48 |
49 | ### Develop an Application
50 |
51 | #### Launch Android Studio
52 |
53 | A custom bash script named `studio.sh` is packaged with AndroidTamer to help the CLI lovers. The script is configured on the terminal path and is located at `/opt/Arsenal/android-studio/bin/studio.sh`. Instead of manually clicking Android Studio in the `Development` drop-down sublist, it allows the user to launch Android Studio using the terminal with just one command. This script basically checks if JRE, JDK and IDE are properly installed and configured. If anyone is failing then the script doesnt invoke Android Studio and displays the error.
54 |
55 | To launch Android Studio from terminal, type the following command:
56 |
57 | ```
58 | android@tamer ~> studio.sh
59 | ```
60 |
--------------------------------------------------------------------------------
/Documentation/Development/ROM Development/fastboot.md:
--------------------------------------------------------------------------------
1 | ## fastboot
2 |
3 | ### Overview
4 |
5 | Android device has 3 important partitions:
6 |
7 | - Boot loader
8 | - Recovery
9 | - Android ROM
10 |
11 | Boot loader loads first and decides the next partition to be loaded (which is usually the *Android ROM*). Recovery is the mode that is used by device to install updates to Android ROM partition. It is also used while factory resetting the phone. The recovery that comes by default usually has less options and that is why custom recovery modules are available.
12 |
13 | Fastboot on the other hand is a protocol that can be used to connect to the device from a computer over USB and issue updates to the partitions of the device. For example, while I'm in fastboot I can update by recovery partition.
14 |
15 | From [kingoapp.com](http://www.kingoapp.com/help/fastboot-mode.htm), fastboot is defined as:
16 |
17 | > Fastboot is a protocol that can be used to re-flash partitions on your device (update the flash file system in Android devices). It is this small tool that comes with the Android SDK (Software Developer Kit), which is an alternative to the Recovery Mode for doing installations and updates.
18 |
19 | > Not all phones have a fastboot mode that the user can access. It’s turned on with Nexus devices by default as well as a few other phones and tablets and has been enabled by independent Android developers and enthusiasts on some other phones.
20 |
21 | ### What is Fastboot for?
22 |
23 | While in fastboot, you can *modify the file system images* from a computer over a USB connection. Fastboot mode can start on your device even before Android loads, even under the circumstance when Android isn’t installed at all. And because of that, fastboot mode is useful for quick-updating the firmware, without having to use a recovery mode.
24 |
25 | You can read more about the basic commands of fastboot [here](../../Examples/fastboot.md).
26 |
27 | ### Is fastboot the same as adb ?
28 |
29 | Even though both `fastboot` and `adb` send terminal commands to phone from computer via USB, they both serve different functions. Both the tools come with the huge Android SDK but Google recently made a standalone version of these tools available to the users.
30 |
31 | Some basic differences between fastboot and adb :
32 |
33 | - fastboot is used to modify phone’s firmware and sends commands directly to the bootloader, whereas, adb sends commands to the phone after it is turned on and booted (or in recovery mode)
34 | - fastboot works without the debugging mode enabled, whereas, adb requires Debugging enabled on the phone
35 | - fastboot isn't available for all devices whereas adb can be used with almost all devices
36 |
37 | ### fastboot in AndroidTamer
38 |
39 |
40 | 
41 |
42 |
43 | > **Usage :**
44 |
45 | > **android@tamer:~$** `fastboot [ ] `
--------------------------------------------------------------------------------
/Documentation/Development/ROM Development/heimdall.md:
--------------------------------------------------------------------------------
1 | ## Heimdall
2 |
3 | 
4 |
5 | Heimdall is a cross-platform open-source tool suite used to flash firmware (aka ROMs) onto Samsung mobile devices.
6 |
7 | ### How does it work?
8 |
9 | Heimdall connects to a mobile device over USB and interact with software running on device known as Loke. Loke and Heimdall communicate via the custom Samsung-developed protocol sometimes referred to as the 'Odin protocol'. Low-level USB in Heimdall is handled by the popular open-source USB library, libusbx.
10 |
11 | ### Why 'Heimdall'?
12 |
13 | For internal use, Samsung developed their own firmware flashing tool known as 'Odin', named after the king of gods in Norse mythology. Loke, the software component that runs on the Samsung devices and provides the functionality necessary to flash, also seems to be named after an important character in Norse mythology (often translated as Loki). In this vein, our software was named 'Heimdall' after the Norse god and guardian of the Bifrost Bridge.
14 |
15 | ### Heimdall in AndroidTamer
16 |
17 | #### Version Installed: 1.4.0
18 |
19 | 
20 |
21 | ### External Links:
22 |
23 | - [Github Repository](https://github.com/Benjamin-Dobell/Heimdall)
24 | - [Official Website](http://glassechidna.com.au/heimdall/)
--------------------------------------------------------------------------------
/Documentation/Examples/adb.md:
--------------------------------------------------------------------------------
1 | ## adb
2 |
3 | #### Similar to [fastboot](fastboot.md), adb also has a devices command which will list the found compatible devices connected
4 |
5 | > **android@tamer~>** `adb devices`
6 |
7 | #### It can also, like fastboot, reboot your device and reboot it into the bootloader or recovery etc
8 |
9 | > **android@tamer~>** `adb reboot`
10 |
11 | > **android@tamer~>** `Android@Tamer~>adb reboot bootloader`
12 |
13 | > **android@tamer~>** `adb reboot recovery`
14 |
15 | #### Getting logs for diagnostics
16 |
17 | > **android@tamer~>** `adb logcat > logcat.txt`
18 |
19 | #### Install an application (apk format) from your hard drive to the device
20 |
21 | > **android@tamer~>** `adb install "C:\path\to\apk.apk"`
22 |
23 | #### Using push to move a file or directory from your computer to the device
24 |
25 | > **android@tamer~>** `adb push C:\path\to\file /path/on/device`
26 |
27 | #### Copying a file or directory from your device to your computer
28 |
29 | > **android@tamer~>** `adb pull /path/on/device C:\path\on\computer`
30 |
31 | #### ADB can also be used to access the terminal shell on your device
32 |
33 | > **android@tamer~>** `adb shell`
34 |
--------------------------------------------------------------------------------
/Documentation/Examples/fastboot.md:
--------------------------------------------------------------------------------
1 | ## Fastboot
2 |
3 | If you you need a brief about what is `fastboot` you could read it [here](../../Development/ROM Development/fastboot).
4 |
5 | #### To view the list of recognized devices
6 |
7 | > **android@tamer~>** `fastboot devices`
8 |
9 | #### To reboot your device or to reboot it particularly into the bootloader or recovery
10 |
11 | > **android@tamer~>** `fastboot reboot`
12 |
13 | > **android@tamer~>** `fastboot reboot bootloader`
14 |
15 | > **android@tamer~>** `fastboot reboot recovery`
16 |
17 | #### To flash a new recovery, system, radio, or kernel etc firmware file
18 |
19 | > **android@tamer~>** `fastboot flash recovery \path\to\MyRecoveryFirmware.img`
20 |
21 | #### To erase some partition on the device
22 |
23 | > **android@tamer~>** `fastboot erase system`
24 |
25 | #### To wipe system, data, and the cache at the same time (would be used before a new ROM most of times)
26 |
27 | > **android@tamer~>** `fastboot erase system -w`
28 |
29 | #### To reboot your device:
30 |
31 | > **android@tamer~>** `fastboot reboot`
32 |
33 | #### Using fastboot to lock / unlock your bootloader
34 |
35 | > **android@tamer~>** `fastboot oem lock`
36 |
37 | > **android@tamer~>** `fastboot oem unlock`
38 |
--------------------------------------------------------------------------------
/Documentation/General/decompile.md:
--------------------------------------------------------------------------------
1 | # Decompiling Application
2 |
3 | ### How to decompile application in AndroidTamer
4 |
5 | Android Tamer has all the tools required to perform the application analysis manually, however we have gone one step ahead and added more automation to reduce the time spend on remembering command and running them.
6 |
7 | To decompile application in AndroidTamer
8 |
9 | ```
10 | android@tamer ~> apk2java
11 | ```
12 |
13 | __NOTE:__ The source code for [apk2java is here](https://github.com/AndroidTamer/apk2java).
14 |
15 | This will give you a folder structure as shown below
16 |
17 | 
18 |
19 | Here `smali` folder contains the smali version of the source code whereas `src` folder contains two subfolder `jad` and `jadx` containing source codes decompiled via these two decompilers respectively.
20 |
21 | If you are not satisfied with the results you can also refer to the original jar created via enjarify in `jar` folder.
22 |
23 | You can launch a text editor in this directory using following command
24 |
25 | ```
26 | android@tamer ~> geany ./
27 | ```
28 |
29 | ### Can other distributions use it ?
30 |
31 | Yes, glad you asked [follow steps outlined here](repo_configure.md).
32 |
--------------------------------------------------------------------------------
/Documentation/General/multi_devices.md:
--------------------------------------------------------------------------------
1 | # Managing multiple devices
2 |
3 | Due to massive fragmentation and the will of vendors to keep selling devices with old versions. Android Professionals are forced to work with multiple devices / emulator's with various versions of android loaded on them.
4 |
5 | With this problem in mind we went ahead and [wrote a shim](https://github.com/AndroidTamer/adb_wrapper/) which should help us with this problem. To manage multiple devices in AndroidTamer you need to follow these steps
6 |
7 | 1. Create a file in your home folder called as ```.adb_list```
8 |
9 | 
10 |
11 | 2. Once the list is configured then you can go ahead and check the status of each device.
12 |
13 | 
14 |
15 | Here any device line marked as GREEN means its connected and RED means its not connected.
16 |
17 | 3. Now to connect to this device follow this command
18 |
19 | ```
20 | android@tamer ~> adb geny shell
21 | ```
22 |
23 | Here you can see instead of remembering the complex ip address or serial number we can simply use the new name provided for this functionality.
24 |
--------------------------------------------------------------------------------
/Documentation/General/packages.md:
--------------------------------------------------------------------------------
1 | ## Packages and Scripts
2 |
3 | Name | x86 | x64
4 | --- | --- | ---
5 | androidtamer-adb: [multidevice](/General/multi_devices) & [screenshot](/General/screenshot.md) | ✔ | ✔
6 | andbug | ✘ | ✔
7 | [apk2java](/General/decompile.md) | ✔ | ✔
8 | [apktool](/Security Assessment/Manual Analysis/APKTool.md) | ✔ | ✔
9 | burpsuite-free | ✔ | ✔
10 | bytecode-viewer | ✘ | ✔
11 | classyshark | ✔ | ✔
12 | dex2jar | ✔ | ✔
13 | dextra | ✘ | ✔
14 | droid-ff | ✔ | ✔
15 | drozer | ✔ | ✔
16 | [drozer_checks](/Security Assessment/Automated Analysis/drozer.md) | ✔ | ✔
17 | enjarify | ✔ | ✔
18 | imgtool | ✔ | ✔
19 | j0din3 | ✘ | ✔
20 | jaadas | ✔ | ✔
21 | jad | ✔ | ✔
22 | jadx | ✔ | ✔
23 | jd-gui | ✔ | ✔
24 | [MobSF](/Security Assessment/Automated Analysis/MobSF.md) | ✔ | ✔
25 | [Python packages](/General/python_packages.md) | |
26 | - python-cement | ✔ | ✔
27 | - python-configparser | ✔ | ✔
28 | - python-dateutil | ✔ | ✔
29 | - python-flask | ✔ | ✔
30 | - python-flask-restless | ✔ | ✔
31 | - python-frida | ✘ | ✔
32 | - python-graphviz | ✔ | ✔
33 | - python-mimeparse | ✔ | ✔
34 | - python-mimerender | ✔ | ✔
35 | - python-prompt-toolkit | ✔ | ✔
36 | - python-psutil | ✘ | ✔
37 | - python-pyfiglet | ✔ | ✔
38 | - python-pygments | ✔ | ✔
39 | - python-six | ✔ | ✔
40 | - python-wcwidth | ✔ | ✔
41 | - python-xhtml2pdf | ✔ | ✔
42 | rubygem-dex-oracle | ✔ | ✔
43 | rubygem-rubyzip | ✔ | ✔
44 | simplify | ✔ | ✔
45 | smali | ✔ | ✔
46 | spflashtool | ✘ | ✔
47 | sslscan | ✔ | ✔
48 | vboxmanage | ✔ | ✔
49 | yadd-dumper | ✘ | ✔
50 | zaproxy | ✔ | ✔
--------------------------------------------------------------------------------
/Documentation/General/python_packages.md:
--------------------------------------------------------------------------------
1 | ## Python Packages
2 |
3 | Here are some python packages which are pre-installed on AndroidTamer.
4 |
5 | Package | Description
6 | --| ---
7 | [cement](https://pypi.python.org/pypi/cement/) | Advanced CLI Application Framework for Python
8 | [configparser](https://pypi.python.org/pypi/configparser/) | This library brings the updated configparser from Python 3.5 to Python 2.6-3.5.
9 | [dateutil](https://pypi.python.org/pypi/python-dateutil/) | Extensions to the standard Python datetime module
10 | [flask](https://pypi.python.org/pypi/Flask/) | A microframework based on Werkzeug, Jinja2 and good intentions
11 | [flask-restless](https://pypi.python.org/pypi/Flask-Restless/) | A Flask extension for easy ReSTful API generation
12 | [frida](https://pypi.python.org/pypi/frida/) | Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
13 | [graphviz](https://pypi.python.org/pypi/graphviz/) | Simple Python interface for Graphviz
14 | [mimeparse](https://pypi.python.org/pypi/python-mimeparse/) | A module provides basic functions for parsing mime-type names and matching them against a list of media-ranges.
15 | [mimerender](https://pypi.python.org/pypi/mimerender/) | RESTful HTTP Content Negotiation for Flask, Bottle, web.py and webapp2 (Google App Engine)
16 | [prompt](https://pypi.python.org/pypi/prompt/) | This is a library for prompting input on the command line.
17 | [toolkit](https://pypi.python.org/pypi/toolkit/) | Toolkit for script and utils
18 | [psutil](https://pypi.python.org/pypi/psutil/) | psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
19 | [pyfiglet](https://pypi.python.org/pypi/pyfiglet/) | Pure-python FIGlet implementation
20 | [pygments](https://pypi.python.org/pypi/Pygments/) | Pygments is a syntax highlighting package written in Python.
21 | [six](https://pypi.python.org/pypi/six/) | Python 2 and 3 compatibility utilities
22 | [wcwidth](https://pypi.python.org/pypi/wcwidth/) | Measures number of Terminal column cells of wide-character codes
23 | [xhtml2pdf](https://pypi.python.org/pypi/xhtml2pdf/) | PDF generator using HTML and CSS
--------------------------------------------------------------------------------
/Documentation/General/repo_configure.md:
--------------------------------------------------------------------------------
1 | # AndroidTamer Repository in Debian 8
2 |
3 | ### How to configure
4 |
5 | ```bash
6 | $ echo "deb https://repo.androidtamer.com Tamer4 main" | sudo tee /etc/apt/sources.list.d/repo_androidtamer_com.list
7 | ```
8 |
9 | ### Adding GPG Key
10 |
11 | ```bash
12 | wget -qO - https://androidtamer.com/repo.gpg.key | sudo apt-key add -
13 | ```
14 |
15 | ### Enable HTTPS Debian repositories
16 |
17 | ```bash
18 | sudo apt-get install apt-transport-https
19 | ```
20 |
21 | ### How to install pacakges
22 |
23 | ```
24 | $ sudo apt-get update
25 | $ sudo apt-get install
26 | ```
27 |
28 | ### GUI
29 |
30 | 
31 |
32 |
33 | ### List of Available packages
34 |
35 | [https://repo.androidtamer.com/packagelist.html](https://repo.androidtamer.com/packagelist.html)
--------------------------------------------------------------------------------
/Documentation/General/running_emulator.md:
--------------------------------------------------------------------------------
1 | # Emulator
2 |
3 | Android Tamer by default comes with Android SDK. The emulator images are provided by Google, however users has to accept the license agreement to get those images. Hence it is on the user's behalf to accept the license agreement, and then download an AVD for themselves.
4 |
5 | Here are the steps how to download, setup and launch an Android emulator instance.
6 |
7 | > At this point Intel x86 emulator might not work due to limitation of AndroidTamer running inside a VM.
8 |
9 | We first need to launch Android SDK Manager either via Tamer Menu or by simply from the terminal using the following command:
10 |
11 | `android@tamer ~> android sdk`
12 |
13 | This will launch SDK and then we need to select a image that we want to download. As shown below, Android 4.4.2 (API 19) ARM image along with Google API has been selected.
14 |
15 |
16 | 
17 |
18 |
19 | When you select install you will have to **accept the license agreement**.
20 |
21 |
22 | 
23 |
24 |
25 | Then the SDK manager automatically downloads, installs and configures the selected Emulator.
26 |
27 |
28 | 
29 |
30 |
31 | Once the installations successfully finish, the SDK screen should reflect the status as shown below.
32 |
33 |
34 | 
35 |
36 |
37 | Once the desired SDK images are installed we will now start the Android AVD manager.
38 |
39 | Either by going to menu and selecting 'Android AVD Manager' or directly via commandline
40 |
41 | `android@tamer ~> android avd`
42 |
43 | In the window you will have to select **Create** and then fill the details as suggested below.
44 |
45 |
46 | 
47 |
48 |
49 | Once the options are set, select "OK" which results in AVD being created. When VM is sucessfully created you will get the message as shown below.
50 |
51 |
52 | 
53 |
54 |
55 | We can now launch the VM by selecting the entry and clicking on "**Start**"
56 |
57 |
58 | 
59 |
60 |
61 | As shown below a VM will be launched and we can see log via pidcat and adb detects the vm as an emulator.
62 |
63 |
64 | 
65 |
--------------------------------------------------------------------------------
/Documentation/General/screenshot.md:
--------------------------------------------------------------------------------
1 | # How to take screenshots of device
2 |
3 | Taking screenshots is very important part of any process be it development or anything else. ADB provides a way to take screenshot via screencap but then there is a specific command set that needs to be followed.
4 |
5 | Here we have created added another feature in our [adb shim called as adb_wrapper](https://github.com/AndroidTamer/adb_wrapper/)
6 |
7 | now to take screenshot all you need to do is
8 |
9 | ```
10 | android@tamer ~> adb screenshot savefile.png
11 | ```
12 |
13 | __Note:__ the screenshot output is always `.png` so keep that in mind
14 |
15 | Like all other command this command can also be used with multidevice setup
16 |
17 | ```
18 | android@tamer ~> adb geny screenshot geny_shot.png
19 | ```
20 |
21 | This will take a screenshot of geny machine and will save it as `geny_shot.png`
22 |
23 |
--------------------------------------------------------------------------------
/Documentation/General/tools_mindmap.md:
--------------------------------------------------------------------------------
1 | hide_toc: true
2 | mindmap: true
3 |
4 | # MindMap: Tools Present in AndroidTamer
5 | * Android Tamer 4
6 | - Custom Tools
7 | + adb wrapper : [multidevice](multi_devices.md) [screenshot](screenshot.md) and more
8 | + [apk2java](decompile.md)
9 | + [drozer-checks](/Security Assessment/Automated Analysis/drozer.md)
10 | - Google Tools
11 | + Android SDK
12 | + Android NDK
13 | - Development
14 | + Android Studio
15 | + proguard
16 | + visualvm
17 | + gradle
18 | - Static and Dynamic Analysis
19 | + [MobSF](/Security Assessment/Automated Analysis/MobSF.md)
20 | + [drozer](/Security Assessment/Automated Analysis/drozer.md)
21 | + findbug
22 | + flawfinder
23 | - Reverse Enginering
24 | + aapt
25 | + pidcat
26 | + dex2jar
27 | + enjarify
28 | + apktool
29 | + jd-gui
30 | + jad
31 | + jadx
32 | + smali
33 | - Pentesting
34 | + OWASP ZAP
35 | + Burpsuite-free
36 | + w3af
37 | + nikto
38 | + nmap
39 | + sslscan
40 | + wireshark / tshark
41 | + tcpdump
42 | + skipfish
43 | + wapiti
44 | + ratproxy
45 | - Forensic
46 | + volatility
47 | + autopsy
48 | + dc3dd
49 | + dcfldd
50 | + dff
51 | + ext4magic
52 | + scalpel
53 | + sleuthkit
54 | + exif
55 | + metacam
56 | + exiftags
57 | + exifprobe
58 | + testdisk
59 | + steghide
60 | + guymager
61 | + rdd
62 | + fatcat
63 | + foremost
64 | - Rom Development
65 | + [fastboot](/Development/ROM Development/fastboot.md)
66 | + [heimdall](/Development/ROM Development/heimdall.md)
67 | + flashrom
--------------------------------------------------------------------------------
/Documentation/Security Assessment/Automated Analysis/MobSF.md:
--------------------------------------------------------------------------------
1 | # MobSF: Mobile Security Framework
2 |
3 | ### How to Use with AndroidTamer
4 |
5 | __MobSF is preconfigured in the AndroidTamer Packages__
6 |
7 | Launch MobSF via
8 |
9 | android@tamer ~> mobsf
10 |
11 | Now you just need to navigate to
12 |
13 | __[http://localhost:3000](http://localhost:3000)__
14 |
15 | and you should have running MobSF instance.
16 |
17 | 
18 |
19 | At this point you can see the console output, for first time it will create folder in ~ i.e. user home directory.
20 |
21 |
22 | A folder is created in ```~/.mobsf/``` which will contain the file
23 |
24 |
25 | __Note:__ Remember you don't need to run this command as sudo. Run this as normal user.
26 |
27 |
28 | ### How is it different from Original Source Code
29 |
30 | Original sourcecode: [https://github.com/ajinabraham/Mobile-Security-Framework-MobSF](https://github.com/ajinabraham/Mobile-Security-Framework-MobSF)
31 |
32 | Modified sourcecode: [https://github.com/AndroidTamer/Mobile-Security-Framework-MobSF](https://github.com/AndroidTamer/Mobile-Security-Framework-MobSF)
33 |
34 | Major difference is in the approach how tool will store data. In original code, the author assumes the standard play - that user will git clone and then all data will be stored inside the folder. However for distributions thats not how we wanted it to work so the code that we modify is mainly the settings file where we ensure all data that needs to be dynamic in nature is sourced from the users home directory and not the default location.
35 |
36 | This allows flexibility that multiple users can run MobSF and have there own results. This also allows us to keep MobSF updates as distinct as possible. However this also puts us in a position where we can't push MobSF updates as soon as they are released we are working with the author to streamline the process.
37 |
38 |
39 | ### Things to keep in mind
40 |
41 | 1. **Don't** run the command as **sudo** user.
42 | 2. If you get error messages around permission denied, those can be safely ignored as all commands are by default in path and hence those are non needed steps.
43 |
44 |
45 | ### Software Details
46 | #### Author: Ajin Abraham
47 | #### URL: [https://github.com/ajinabraham/Mobile-Security-Framework-MobSF](https://github.com/ajinabraham/Mobile-Security-Framework-MobSF)
48 |
49 | From the [website](http://opensecurity.in) itself
50 |
51 | Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
52 |
53 | ### Additional References
54 |
55 | 
56 |
57 | 
58 |
59 | 
60 |
61 | ### TODO for Guide
62 |
63 | 1. Add images to show how process works
64 | 1. Link to the official guide or write your own
65 |
--------------------------------------------------------------------------------
/Documentation/Security Assessment/Automated Analysis/drozer.md:
--------------------------------------------------------------------------------
1 | # Drozer
2 |
3 | ### Overview
4 |
5 | drozer (formerly Mercury) is the leading security testing framework for Android.
6 |
7 | drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.
8 |
9 | drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR's advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).
10 |
11 | **Source:** [https://github.com/mwrlabs/drozer](https://github.com/mwrlabs/drozer)
12 |
13 | ### How to use with AndroidTamer
14 |
15 | Drozer is already pre configured within AndroidTamer. However there are some steps required before starting drozer.
16 |
17 | 1. We need to start device / emulator and connect that to the AndroidTamer Machine.
18 | 2. Once device connected we need to install a drozer_client APK.
19 | 3. Download the [client APK from the official website](https://labs.mwrinfosecurity.com/system/assets/934/original/drozer-agent-2.3.4.apk)```
24 |
25 |
26 | ### Dynamic Assessment via Drozer
27 |
28 | Drozer at this point doesn't provide html/xml style reporting, instead the report output is directly provided to the console.
29 |
30 | AndroidTamer has a build in script which will automatically run all the modules that are available in drozer and will give you a textual output on screen. Its advised to save the output in a text file for further / delayed analysis.
31 |
32 | ```android@tamer ~> drozer_check ```
33 |
34 |
35 | 
36 |
37 |
38 | ### Known issues
39 |
40 | __Question:__ Why am I getting error "Magic number incorrect" ?
41 |
42 | __Answer:__
43 | You are running drozer on a x86 machine or genymotion emulator. There is a known issue and that's the reason why you get those errors.
44 | [Refer here](https://github.com/mwrlabs/drozer/issues/203)
45 |
46 | __Question:__ Drozer caused errors
47 |
48 | __Answer:__
49 | If you find error in drozer please [raise an issue here](https://github.com/mwrlabs/drozer/issues/). However, if you feel issue is with the automation please [raise an issue here](https://github.com/AndroidTamer/Tools_Repository/issues).
50 |
51 | ### External Links
52 | - [AndroidTamer drozer repository (Github)](https://github.com/AndroidTamer/drozer)
53 | - [Original Github repository](https://github.com/mwrlabs/drozer)
54 | - [Official Webpage](https://labs.mwrinfosecurity.com/tools/drozer/)
55 | - [Drozer User Guide](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-drozer-user-guide-2015-03-23.pdf)
--------------------------------------------------------------------------------
/Documentation/Security Assessment/Manual Analysis/APKTool.md:
--------------------------------------------------------------------------------
1 | ## APKTool
2 |
3 | ### Overview
4 |
5 | A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with an app easier because of project-like file structure and automation of some repetitive tasks like building apk, etc.
6 |
7 | It is NOT intended for piracy and other non-legal uses. It could be used for localizing, adding some features or support for custom platforms, analyzing applications and much more.
8 |
9 | ### Features
10 |
11 | - Disassembling resources to nearly original form (including `resources.arsc`, `classes.dex`, `9.png.` and `XMLs`)
12 | - Rebuilding decoded resources back to binary APK/JAR
13 | - Organizing and handling APKs that depend on framework resources
14 | - Smali Debugging
15 | - Helping with repetitive tasks
16 |
17 | ### Authors
18 |
19 | - [Connor Tumbleson](https://github.com/iBotPeaches) - Current Maintainer
20 | - [Ryszard Wiśniewski](https://github.com/brutall) - Original Creator
21 |
22 | ### APKTool on AndroidTamer
23 |
24 |
25 | 
26 |
27 |
28 | ### Cheatsheet
29 |
30 | - To decompile an APK:
31 | `apktool d file.apk`
32 | - To decompile an APK and put it under a specific folder name:
33 | `apktool d file.apk folder`
34 | - To compile the smali code to APK:
35 | `apktool b folder`
36 |
37 | ### External Links
38 | - [Official Website](http://ibotpeaches.github.io/Apktool/)
39 | - [Official Documentation](http://ibotpeaches.github.io/Apktool/documentation/)
40 | - [XDA Thread](http://forum.xda-developers.com/showthread.php?t=1755243)
41 | - [Gitter #apktool](https://gitter.im/iBotPeaches/Apktool)
42 | - [Freenode #apktool](http://webchat.freenode.net/?channels=apktool)
43 |
--------------------------------------------------------------------------------
/Documentation/Security Assessment/Pentesting/Burpsuite.md:
--------------------------------------------------------------------------------
1 | ## Burp Suite
2 |
3 | 
4 |
5 | For all AndroidTamer users who expected to receive a premium version of Burp Suite with the VM file, sorry to say that AndroidTamer is tamed to have Burp Suite free version. If you would like to have a premium version, you could but one at [https://portswigger.net/buy/](https://portswigger.net/buy/)
6 |
7 | ### Overview
8 |
9 | Burp Suite is an integrated platform for performing security testing of web applications. It is designed to support the methodology of a hands-on tester, and gives you complete control over the actions that it performs, and deep analysis of the results. Burp contains several tools that work together to carry out virtually any task you will encounter in your testing. It can automate all kinds of tasks in customizable ways, and lets you combine manual and automated techniques to make your testing faster, more reliable and more fun.
10 |
11 | ### Why Burp Suite ?
12 |
13 | Almost all Android apps require internet access to do its duty - be it Banking app or Banking trojan app. So if you don't trust an app or if you want to test its healthy relationship with the internet, you need a software to analyze its requests and response. To be more technical, you need proxy software through which you direct the app's traffic and then decide to let it to its destination or drop them. This is where Burp Suite comes in action.
14 |
15 | Burp Suite is used my many hackers and pentesters to see the requests and responses related to WebApps. You could also use to test your Android app's requests and responses.
16 |
17 | ### Burp Suite on AndroidTamer
18 | #### Version: 1.6.32
19 | You can launch Burp Suite (Free version) using following command
20 |
21 | **android@tamer ~>** `burpsuite-free`
22 |
23 | Once you type the above command in the terminal, Burp Suite loads. After loading, "License Agreement" pops-up as shown in the picture below.
24 |
25 | 
26 |
27 | If you have time, please go through the License Agreement and click "I Agree" or click "I Agree" and read it some other time. But don't forget to **click "I Agree"**.
28 |
29 | 
30 |
31 | ### Documentation
32 |
33 | Burp Suite has a very good official documentation. You could access it in the links give below.
34 |
35 | Quick documentation links to various functionalities of Burp Suite (including premium version functions - helpful if you buy one).
36 |
37 | > Links:
38 | >
39 | > - [Burp Suite Documentation](https://portswigger.net/burp/help/index.html)
40 | > - [Target](https://portswigger.net/burp/help/target.html)
41 | > - [Proxy](https://portswigger.net/burp/help/proxy.html)
42 | > - [Spider](https://portswigger.net/burp/help/spider.html)
43 | > - [Scanner](https://portswigger.net/burp/help/scanner.html)
44 | > - [Intruder](https://portswigger.net/burp/help/intruder.html)
45 | > - [Repeater](https://portswigger.net/burp/help/repeater.html)
46 | > - [Sequencer](https://portswigger.net/burp/help/sequencer.html)
47 | > - [Decoder](https://portswigger.net/burp/help/decoder.html)
48 | > - [Comparer](https://portswigger.net/burp/help/comparer.html)
49 | > - [Extender](https://portswigger.net/burp/help/extender.html)
50 | > - [Suite Functions](https://portswigger.net/burp/help/suite_functions.html)
51 | > - [Options](https://portswigger.net/burp/help/options.html)
52 | > - [Burp Collaborator](https://portswigger.net/burp/help/collaborator.html)
53 |
54 | ### External links
55 |
56 | - [Official Website](https://portswigger.net/)
57 | - [Official Documentation](https://portswigger.net/burp/help/index.html)
58 | - [Buy Burp Suite](https://portswigger.net/buy/)
--------------------------------------------------------------------------------
/Documentation/Security Assessment/Pentesting/nikto.md:
--------------------------------------------------------------------------------
1 | ## nikto
2 |
3 | 
4 |
5 | ### Overview
6 |
7 | Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
8 |
9 | Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).
10 |
11 | Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.
12 |
13 | ### Nikto on AndroidTamer
14 | #### Version: 2.1.5
15 |
16 | You can launch Nmap using following command
17 |
18 | **android@tamer ~>** `nikto`
19 |
20 | 
21 |
22 | ### External Links
23 |
24 | - [Official Website](https://cirt.net/Nikto2)
25 | - [Official Documentation](https://cirt.net/nikto2-docs/)
26 | - [Github Repository](https://github.com/sullo/nikto)
27 |
--------------------------------------------------------------------------------
/Documentation/Security Assessment/Pentesting/nmap.md:
--------------------------------------------------------------------------------
1 | ## Nmap
2 |
3 | ### Overview
4 |
5 | 
6 |
7 | Nmap is an open source utility for network discovery and security auditing. It is one of the most essential tools for pentesters. It has features like OS detection of systems in a network, exploiting basic vulnerabilities, bruteforcing and much more. There is a huge community developing and supporting the Nmap project. You could manually download Nmap at [https://nmap.org/download.html](https://nmap.org/download.html)
8 |
9 | **From the official website:**
10 |
11 | *Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.*
12 |
13 |
14 |
15 | ### Nmap on AndroidTamer
16 | #### Version: 6.47
17 |
18 | You can launch Nmap using following command
19 |
20 | **android@tamer ~>** `nmap`
21 |
22 | 
23 |
24 | ### External Links
25 |
26 | - [Official Website](https://nmap.org/)
27 | - [Official Documentation](https://nmap.org/docs.html)
28 | - [Nmap Reference Guide](https://nmap.org/book/man.html)
29 | - [Nmap Scripts](https://nmap.org/nsedoc/)
30 | - [Presentation - Video](https://nmap.org/presentations/BHDC10/)
31 | - [The Official Nmap Project Guide to Network Discovery and Security Scanning](https://nmap.org/book/toc.html)
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/00_Home.md:
--------------------------------------------------------------------------------
1 | ## Damn Insecure & Vulnerable App (DIVA)
2 |
3 | DIVA is an Android app intentionally designed to be insecure. The aim of this app is to teach developers/QA/security professionals, flaws that are generally present in the apps due to poor or insecure coding practices.
4 |
5 | ### What is included in DIVA ?
6 |
7 | The app covers common vulnerabilities in Android apps ranging from insecure storage, input validation to access control issues. Few vulnerabilities in native code have also been included, which makes it more interesting from the perspective of covering both Java and C vulnerabilities.
8 |
9 | There are 13 challenges within the app with each having a vulnerability.
10 |
11 |
12 |  
13 |
14 |
15 | ### Where can I get DIVA ?
16 |
17 | - The Source can be downloaded from GitHub - [https://github.com/payatu/diva-android](https://github.com/payatu/diva-android)
18 | - You can also download the debug version of the app from [http://www.payatu.com/damn-insecure-and-vulnerable-app/](http://www.payatu.com/damn-insecure-and-vulnerable-app/)
19 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/01_Insecure_Logging.md:
--------------------------------------------------------------------------------
1 | ## Insecure Logging
2 |
3 | When you click on the **`Insecure Logging`** option, you will be welcomed by the following screen.
4 |
5 | 
6 |
7 | The screen is pretty simple. It asks for credit card number.
8 |
9 | Enter some random credit card number and click `Check out`. You would notice a generic error message: *An error occured. Please try again later.*
10 |
11 | 
12 |
13 | Everything seems normal.
14 |
15 | Lets see if the application has logged anything. We can use Android's inbuilt commandline tool - **logcat** - to view the logs.
16 |
17 | Execute the command `adb shell logcat`. (Please ensure that the device/emulator is connected to adb)
18 |
19 | 
20 |
21 | It is clear that the app is logging the sensitive information (Credit card number). These logs are accessible by other apps which has read permission to logs.
22 |
23 | ### Takeaway
24 |
25 | - **Logcat** is a command-line tool that dumps a log of system messages, including stack traces when the device throws an error and messages that you have written from your app with the Log class.
26 | - Check for logs to get more information on how the target app handles inputs / what the android app logs
27 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/02_Hardcoding_Issues.md:
--------------------------------------------------------------------------------
1 | ## Hardcoding Issues
2 |
3 | When you look at the second challenge, the objective says *to find out what is hardcoded and where*
4 |
5 | 
6 |
7 | There are different ways to check the hardcoded values in an Android app, but most popular method is to [decompile the APK file](/General/decompile.md) and look at the pseudo-source code.
8 |
9 | Before directly jumping into decompilation tools, lets learn a few basics.
10 |
11 | APK is a package file format used by Android operating system. One could view the contents of the APK file by just unzipping it. Android apps are coded in Java, but when you compile the app using Android Studio, the java code is converted to Dalvik bytecode instead of Java bytecode. All the Java code is collectively compiled into a single Dalvik bytecode file called `classes.dex`. Inorder to view the code of an app, we have to decompile the `classes.dex` file.
12 |
13 | Let's start hunting for the hardcoded value.
14 |
15 | Right click the apk file and click `Extract Here` option to unzip the file.
16 |
17 | 
18 |
19 | Now the contents will be in the directory `jakhar.aseem.diva-1.apk_FILES`. (*It may differ in your case as the folder is created as per the apk file's name.*) Enter the folder and you can see a few folders and files.
20 |
21 | 
22 |
23 | As mentioned before, to view the code we have to decompile `classes.dex` file. We can use a tool called **`dex2jar`**. It converts Android `.dex` file to Java `.jar` file. Execute **`d2j-dex2jar.sh classes.dex`**. The command creates a new file `classes-dex2jar.jar`
24 |
25 | 
26 |
27 | Now we can use a Java decompiler to view the code in the created `.jar` file. Execute **`jd-gui classes-dex2jar.jar`**. This command create a GUI window and displays the Java pseudo-code of the `classes-dex2jar.jar` file. From the name of the challenge *we understand that its class name would be something like HardcodeActivity.class*. Click on the class file. On viewing the code, it is clearly visible that the app checks for the value **`vendorsecretkey`**.
28 |
29 | 
30 |
31 | Type the key in the Android app.
32 |
33 | 
34 |
35 | ### Takeaway
36 |
37 | - APK is a file packaging format and could be unzipped
38 | - Java gets compiled to Dalvik bytecode when you build an app
39 | - **`dex2jar`** - converts the `classes.dex` file to `.jar` file
40 | - **`jd-gui`** - Java decompiler which can be used to decompile `.jar` files and show the pseudo-code contained in them.
41 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/03_Insecure_Data_Storage_P1.md:
--------------------------------------------------------------------------------
1 | ## Insecure Data Storage - Part 1
2 |
3 | When you click on **Insecure Data Storage - Part 1**, you would see the following screen.
4 |
5 | 
6 |
7 | It resembles a password manager, which stores user's credentials. Let's enter the credentials.
8 |
9 | 
10 |
11 | All the data of Android apps are stored under the location `/data/data/`. The Android OS creates unique directories for each app. The name of the directory is the same as the package name. For DIVA app, the package name is: **`jakhar.aseem.diva`**.
12 |
13 | Use Android Debug Bridge (`adb`) tool to connect to the emulator or physical device in which the app is running. Execute `adb shell`.
14 |
15 | > **NOTE**: When you connect to an emulator, it gives you `root` access. If you are using a physical device, make sure it is rooted. *If not, you cannot access `/data/data` directory*.
16 |
17 | Move to the directory where are the DIVA app's data is stored. Execute `cd /data/data/jakhar.aseem.diva/`.
18 |
19 | 
20 |
21 | Let's check if any file was recently modified. Execute the command `ls -la`.
22 |
23 | 
24 |
25 | Voila ! We could see that the folder `shared_prefs` was recently modified.
26 |
27 | **Shared Preference** is one among the different ways of storing data of an Android application. Shared Preferences allow you to save and retrieve data in the form of *key, value pair*.
28 |
29 | Listing the files inside the `shared_prefs` directory, we can see a file `jakhar.aseem.diva_preferences.xml`.
30 |
31 | 
32 |
33 | Let's look at the contents of the file. Execute `cat jakhar.aseem.diva_preferences.xml`.
34 |
35 | 
36 |
37 | Finally, we got the credentials.
38 |
39 | ### Takeaway
40 |
41 | - Emulators allow you to start the `adb shell` as `root` user, whereas you have to manually root the physical device to get `root` level permissions.
42 | - The data of an Android application is stored at the location `/data/data/`. No app can access other app's data. Only the respective app and `root` user could access the contents in the directory.
43 | - **Shared Preference** is a way to store data of an Android app in the form of value, key pair. It stores these values under `/data/data//shared_prefs` directory.
44 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/04_Insecure_Data_Storage_P2.md:
--------------------------------------------------------------------------------
1 | ## Insecure Data Storage - Part 2
2 |
3 | When you click on **Insecure Data Storage - Part 2**, you would see the following screen.
4 |
5 | 
6 |
7 | It's view is similar to the previous challenge. Let's enter some credentials.
8 |
9 | 
10 |
11 | We get a message stating that *3rd party credentials saved successfully*.
12 |
13 | Let's check the pseudocode of this activity with the help of [dex2jar and jd-gui](/Training/DIVA/02_Hardcoding_Issues.md).
14 |
15 | 
16 |
17 | 
18 |
19 | From the code we can understand that the activity creates a database **`ids2`** if it doesn't exist. Then creates a table **`myuser`** which holds the strings `user` and `password`. In the function `saveCredentials()`, the app inserts the credentials into the table.
20 |
21 | In Android, `sqlite3` database format is used to store data as they are lightweight and runs on low memory devices. The databases of any app are stored in the location `/data/data//databases` where `` is the unique name for each Android app.
22 |
23 | Connect the emulator or the physical device in which the DIVA app is running. Make sure that you are **root** user. Go to the directory at `/data/data/jakhar.aseem.diva/databases` and check if there is any database with the name `ids2`.
24 |
25 | 
26 |
27 | Then execute the command `sqlite3 ids2` to open the database.
28 |
29 | 
30 |
31 | > **NOTE:** `sqlite3` binary is pre-installed in most of the Android emulators and devices. If your physical device doesn't contain this binary, then try to pull the database to the local system with the help of adb (`adb pull /data/data/jakhar.aseem.databases/ids2`). Then use a local sqlite database management tool like `sqlitebrowser` to view the contents.
32 |
33 | Type `.tables` and hit enter to view the tables created.
34 |
35 | 
36 |
37 | Run the query `.schema myuser` to view the schema of the table.
38 |
39 | 
40 |
41 | Run the query `select user, password from myuser` to get all the stored credentials.
42 |
43 | 
44 |
45 | > **NOTE:** Running the query `.dump` will dump all the previously executed queries of a database.
46 | >
47 | > 
48 |
49 | **Alternate way:**
50 |
51 | If we had seen the most recently modified file with the help of `ls -la`, we shall have understood that a file under `databases` folder had been modified. This method didn't require the decompilation of the app to view source code.
52 |
53 | 
54 |
55 | ### Takeaway
56 |
57 | - Android uses `sqlite3` databases to store the data
58 | - The databases of apps are stored under `/data/data//databases` directory
59 | - Using `sqlite3` in Android we could view (and manage) the data inside the database
60 | - `.tables` - to view tables
61 | - `.schema ` - to view the schema of the table
62 | - `.dump` - to dump all the executed queries in the database
63 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/05_Insecure_Data_Storage_P3.md:
--------------------------------------------------------------------------------
1 | ## Insecure Data Storage - Part 3
2 |
3 | When you click on **Insecure Data Storage - Part 3**, you will be greeted by the following screen:
4 |
5 | 
6 |
7 | It's view is similar to [Challenge 3](/Training/DIVA/03_Insecure_Data_Storage_P1.md) and [Challenge 4](/Training/DIVA/04_Insecure_Data_Storage_P2.md). Let's go ahead and enter some credentials.
8 |
9 | 
10 |
11 | We get a message stating that *3rd party credentials saved successfully*.
12 |
13 | Let's check the pseudocode of this activity with the help of [dex2jar and jd-gui](/Training/DIVA/02_Hardcoding_Issues.md). We can find that the code for this challenge is stored in `InsecureDataStorage3Activity.class`.
14 |
15 | 
16 |
17 | After looking at the code, we can understand that the app creates a temporary file whose name starts with `uinfo` and then writes the credentials to it. After finishing the task, it prints out the message *3rd party credentials saved successfully*.
18 |
19 | In Android, temporary files are stored within the package's directory at `/data/data`. Move to `/data/data/jakhar.aseem.diva` location to see if any temporary file prepended with `uinfo` is present.
20 |
21 | 
22 |
23 | Check the contents of the file.
24 |
25 | 
26 |
27 | We finally got the stored credentials.
28 |
29 | ### Takeaway
30 |
31 | - Temporary files of any app are generally created inside `/data/data/` directory where `` is the unique package name of the app.
32 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/06_Insecure_Data_Storage_P4.md:
--------------------------------------------------------------------------------
1 | ## Insecure Data Storage - Part 4
2 |
3 | We have now arrived at the last part in Insecure Data Storage challenge series. If you click on **Insecure Data Storage - Part 4**, you would see the following:
4 |
5 | 
6 |
7 | Let's enter credentials as we did in [Challenge 3](/Training/DIVA/03_Insecure_Data_Storage_P1.md), [Challenge 4](/Training/DIVA/04_Insecure_Data_Storage_P2.md) and [Challenge 5](/Training/DIVA/05_Insecure_Data_Storage_P3.md).
8 |
9 | 
10 |
11 | We got a message stating that *3rd party credentials saved successfully*.
12 |
13 | Let's check the pseudocode of this activity with the help of [dex2jar and jd-gui](/Training/DIVA/02_Hardcoding_Issues.md). We can find that the code for this challenge is stored in `InsecureDataStorage4Activity.class`.
14 |
15 | 
16 |
17 | Something looks interesting. The source code creates an object to write files to the external storage. Then it gets the credentials from the user and stores that at `/.uinfo.txt`.
18 |
19 | > **Here, `/` doesn't mean the root folder. Why ?**
20 | >
21 | > As you can see from the source code that an object (`localObject2`) which utilizes external storage is created. Then that object is used to write the data to the file located at **root directory in external storage.**
22 |
23 | In Android, external storage is mounted at `/sdcard/` location. So `/.uinfo.txt` refers to the actual location `/sdcard/.uinfo.txt`.
24 |
25 | Let's connect to the emulator or physical device using adb and check if the file `.uinfo.txt` is present at the location.
26 |
27 | 
28 |
29 | Let's check its contents.
30 |
31 | 
32 |
33 | Voila ! We cracked the challenge.
34 |
35 | > **NOTE:** The file is prepended with a dot (`.`) which means it is hidden. To view all the files (including hidden) always use the command `ls -a`.
36 |
37 | ### Takeaway
38 |
39 | - When you are running an emulator, make sure that you have mounted a virtual SD card. If not, we might miss out some notable actions of Android apps.
40 | - *Files written to the external storage could be read by other apps which have `READ_EXTERNAL_STORAGE` permission.*
41 | - When you are pentesting an Android app, always execute `ls -la` to see files in a directory. It lets you see which files have been recently modified and shows the files which are intentionally hidden.
42 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/07_Input_Validation_Issues_P1.md:
--------------------------------------------------------------------------------
1 | ## Input Validation Issues - Part 1
2 |
3 | When you click on **Input Validation Issues - Part 1**, you would see the following:
4 |
5 | 
6 |
7 | There's a pretty long hint for this challenge, but the gist is that there is *no input validation*. Let's provide some input.
8 |
9 | 
10 |
11 | No results. You can try with other random inputs, but you will get a error messge `User: (
14 |
15 | Ring any bells ?
16 |
17 | In this challenge, the input is taken and checked against some data (most probably present in a database) and displays the credentials if the input user exists. But let's confirm this.
18 |
19 | Let's check the pseudocode of this activity with the help of [dex2jar and jd-gui](/Training/DIVA/02_Hardcoding_Issues.md). We can find that the code for this challenge is stored in `SQLInjectionActivity.class`.
20 |
21 | From the activity name itself, we can understand that its vulnerable to SQL Injection. Here's how the activity parses the input:
22 |
23 | 
24 |
25 | So the query is `SELECT * FROM sqliuser WHERE user = ' + + '`.
26 |
27 | When you enter some input, say `android`, the SQL query is rendered as `SELECT * FROM sqliuser WHERE user = 'android'`. If you don't understand this query, all it says is *select all the data from the sqliuser table in the database where the user value is android*.
28 |
29 | If the value `android` is present in the table `sqliuser`, the condition becomes *TRUE*, else it becomes *FALSE*. In boolean terms, true can be denoted by 1 and false by 0.
30 |
31 | To exploit the vulnerability, we have should make the condition true. We can use `OR` operation. The beauty of `OR` is that if any one parameter is true, the result is true.
32 |
33 | So our malicious payload will be `' OR 1`. But we have one error, with the above payload. The query becomes: `SELECT * FROM sqliuser WHERE user = '' OR 1 '`. We have a quote (`'`) which ruins the query. We have to comment it out. So we use SQL's comment tags `--`.
34 |
35 | Now our malicious payload is `input' OR 1--`. Let's input it.
36 |
37 | 
38 |
39 | Voila ! We got the credentials of all the existing users.
40 |
41 | The prepended text in the payload doesnt matter. We need not add any text. Even the input `' OR 1--` works.
42 |
43 | 
44 |
45 | ### Takeaway
46 |
47 | - Android uses SQLite databases to store data
48 | - If an app uses a database, always check for input validation issues
49 | - Adding just `'` as input may not create any noticeable errors like those in webapps
50 | - Parts of the payload `' OR 1--`:
51 | - `'` : closes the open quote in the SQL query
52 | - `OR` : OR operation, returns *true* if any one condition is true
53 | - `1` : boolean form of *true*, so that the OR operation finally renders true
54 | - `--` : comments out the remaining parts of the query
55 | - The payload `' OR 1--` works in most cases where there is one input
56 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/08_Input_Validation_Issues_P2.md:
--------------------------------------------------------------------------------
1 | ## Input Validation Issues - Part 2
2 |
3 | This challenge is a bit different from the [previous one](/Training/DIVA/07_Input_Validation_Issues_P1.md).
4 |
5 | 
6 |
7 | Let's enter a proper URL.
8 |
9 | 
10 |
11 | When you click on `View`, the website is opened at the lower half of the app. Let's remove the scheme `https://` from the URL.
12 |
13 | 
14 |
15 | There is a blank screen. We can understand that the app is not appending the scheme `http://` or `https://` to the input. Let's try again with some random input.
16 |
17 | 
18 |
19 | We get an error `net::ERR_UNKNOWN_URL_SCHEME`. So the app completely depends on the user input and runs that irrespective of the entered scheme.
20 |
21 | Android browsers also accepts another scheme `file://`. This scheme is used to view the contents of files inside the filesystem. Let's give it a try.
22 |
23 | 
24 |
25 | Positive results! The app accepts the `file://` scheme. Now let's try to access a [previous challenge's](/Training/DIVA/06_Insecure_Data_Storage_P4.md) file located at `/sdcard/.uinfo.txt`.
26 |
27 | 
28 |
29 | Voila ! We cracked the challenge.
30 |
31 | ### Takeaway
32 |
33 | - Whenever an app asks for a URL, try providing `file://` scheme. If it renders the contents of a file at a known location, this is a vulnerability
34 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/09_Access_Control_Issues_P1.md:
--------------------------------------------------------------------------------
1 | ## Access Control Issues - Part 1
2 |
3 | When we click on **Access Control Issues - Part 1**, apart from the *Objective* and *Hint* you would see a single button - **VIEW API CREDENTIALS**
4 |
5 | 
6 |
7 | When you click on the button, an activity pops up to display the so called API credentials.
8 |
9 | 
10 |
11 | In Android, an activity represents a single screen with a user interface (just like window or frame of Java). Generally speaking, anything which the user could touch and interact is called activity. Each activity has it's own unique name.
12 |
13 | Now, we are left with one question - *How to find the name of the activity which just popped up?*
14 |
15 | The answer is logs. Whenever an activity is launched, the name of the activity is logged. Let's check the logs using `adb shell logcat` command.
16 |
17 | 
18 |
19 | We found the name of the recently launched activity - `jakhar.aseem.diva/.APICredsActivity`.
20 |
21 | > **NOTE:** The name of any activity is always appended with the package name. This is done so that there is no confusion when an activity is invoked. Activities of 2 apps can have same name, but the package names cannot be the same.
22 |
23 | In Android, we have a utility `am` (Activity Manager) which allows us to manage activities.
24 |
25 | Let's check if the activity could be invoked externally. Use the command: `adb shell am start -n jakhar.aseem.diva/.APICredsActivity`
26 |
27 | 
28 |
29 | When we look at the emulator / device, we could see the activity that displays API Credentials pops up.
30 |
31 | 
32 |
33 | This activity could be invoked externally, which means other apps on the device could also invoke it without explicit permissions.
34 |
35 | **How to find if the activity was invoked externally and through DIVA app ?**
36 |
37 | When you press the *Overview* button, you could see how the activity was launched. In the first case, DIVA app had invoked the activity, but in second it was externally invoked.
38 |
39 |  
40 |
41 | ### Takeaway
42 |
43 | - Activity represents a screen with a user interface
44 | - Whenever an activity is launched, it is logged and could be viewed using `adb shell logcat` command
45 | - Android comes with activity manager (`am`) which can be used to manage the activities
46 | - Command to start an activity: `adb shell am start -n /`
47 | - `am` - activity manager
48 | - `start` - start the activity
49 | - `-n` - name of the activity
50 | - Clicking the overview button would help us understand what launched the activity
51 |
--------------------------------------------------------------------------------
/Documentation/Training/DIVA/10_Access_Control_Issues_P2.md:
--------------------------------------------------------------------------------
1 | ## Access Control Issues - Part 2
2 |
3 | When we click on **Access Control Issues - Part 2**, we would stumble upon an activity with two radio buttons ***Register Now*** and ***Already Registered*** and a single button - ***VIEW TVEETER API CREDENTIALS***
4 |
5 | 
6 |
7 | Let's click on ***Register Now*** and then click ***View Tveeter API Credentials***. It asks us to enter a PIN.
8 |
9 | 
10 |
11 | On entering some random PIN, we get a toast message - *Invalid PIN. Please try again.*
12 |
13 | 
14 |
15 | The logs (accessed by `adb shell logcat`) show that the `APICreds2Activity` is displayed when you clicked the button.
16 |
17 | 
18 |
19 | Let's go back and select ***Already Registered*** radio button. We can see the following:
20 |
21 | 
22 |
23 | Having a look again at the logs shows the following:
24 |
25 | 
26 |
27 | In both the above cases, `APICreds2Activity` activity is invoked. So there might be some logic in the app which decides the content of the activity.
28 |
29 | Let's [decompile the app](/General/decompile.md) using `apktool` using the command `apktool d jakhar.aseem.diva-1.apk`. On checking the *AndroidManifest.xml*, we see the following:
30 |
31 | 
32 |
33 | We can see that there is an activity `jakhar.aseem.diva.APICreds2Activity` defined along with an *intent-filter*.
34 |
35 | Before cracking the challenge, let's understand the basics:
36 |
37 | *Activity* represents a screen with a user interface. All the activites should be declared in *AndroidManifest.xml* - which turns out to be a binary XML file in the apk file. You can't just use an editor to view the file. You have to decompile the apk file using tools like `apktool` to get a readable version of the file.
38 |
39 | *Intents* are message objects in Android system. It allows the communication of two or more apps. An *intent-filter* of an app specifies the type of intents it accepts based on the intent's action, data, and category. When an *intent-filter* is used, the activity is exported by default, i.e. *any other component could invoke the activity*.
40 |
41 | Back to the challenge.
42 |
43 | We assumed that there might be some internal logic. Let's look at the source code with the help of [Dex2Jar and JD-gui](/Training/DIVA/02_Hardcoding_Issues.md). On opening the *APICreds2Activity.class* file, we can see that there is a check on the string (with ID `2131099686`).
44 |
45 | 
46 |
47 | Here [`getBooleanExtra()`](https://developer.android.com/reference/android/content/Intent.html#getBooleanExtra(java.lang.String,%20boolean)) is used. If the *inverse of the function's result* is true, then the API keys are displayed.
48 |
49 | **How to get the string using it's ID ?**
50 |
51 | When you use `dex2jar` and `jd-gui`, it gives you a pseudo-code. In this the string and some other resources are generally stored in *R.class*. On searching the file for the ID `2131099686` we can see that it denotes the string ID *chk_pin*.
52 |
53 | 
54 |
55 | To get the value of *chk_pin*, open **`/res/values/strings.xml`** in the source code and search for the ID.
56 |
57 | 
58 |
59 | We can use the activity manager (`am`) to invoke the activity with extra Boolean, with the command: `adb shell am start -n jakhar.aseem.diva/.APICreds2Activity -a jakhar.aseem.diva.action.VIEW_CREDS2 --ez check_pin false`
60 |
61 | 
62 |
63 | Voila, we invoked the activity with the required action.
64 |
65 | 
66 |
67 | Challenge cracked !
68 |
69 | ### Takeaway
70 |
71 | - *Activity* represents a screen with a user interface
72 | - Information about all the activites are declared in *AndroidManifest.xml*
73 | - *Intents* are message objects
74 | - *intent-filter* specifies the type of intents it accepts. If a activity uses this, then it is exported by default.
75 |
--------------------------------------------------------------------------------
/Documentation/Training/index.md:
--------------------------------------------------------------------------------
1 | ## Training
2 |
3 | This section deals with the write-ups on exploiting different publicly available vulnerable Android apps. The apps include but are not limited to:
4 |
5 | - [Damn Insecure and Vulnerable Application](https://github.com/payatu/diva-android) - [Solution](/Training/DIVA/00_Home.md)
6 | - [Android InsecureBankv2](https://github.com/dineshshetty/Android-InsecureBankv2)
7 | - [OWASP GoatDroid Project](https://github.com/jackMannino/OWASP-GoatDroid-Project)
8 | - [Damn Vulnerable Hybrid Mobile App](https://github.com/logicalhacking/DVHMA)
9 | - [Digitalbank](https://github.com/CyberScions/Digitalbank)
10 | - [DodoVulnerableBank](https://github.com/CSPF-Founder/DodoVulnerableBank)
11 | - [VulnerableAndroidAppOracle](https://github.com/dan7800/VulnerableAndroidAppOracle)
12 | - [vulnerable-application](https://github.com/appknox/vulnerable-application)
13 | - [VulnApp](https://github.com/Lance0312/VulnApp)
14 | - [Purposefully Insecure and Vulnerable Android Application](https://github.com/htbridge/pivaa)
15 |
--------------------------------------------------------------------------------
/Documentation/images/APKTool.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/APKTool.jpg
--------------------------------------------------------------------------------
/Documentation/images/Readme.txt:
--------------------------------------------------------------------------------
1 | # all images go here
2 |
--------------------------------------------------------------------------------
/Documentation/images/adb_list.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/adb_list.jpg
--------------------------------------------------------------------------------
/Documentation/images/adb_list_cat.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/adb_list_cat.jpg
--------------------------------------------------------------------------------
/Documentation/images/apk2java.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/apk2java.jpg
--------------------------------------------------------------------------------
/Documentation/images/burp-eula.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/burp-eula.png
--------------------------------------------------------------------------------
/Documentation/images/burp-title.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/burp-title.jpg
--------------------------------------------------------------------------------
/Documentation/images/burp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/burp.png
--------------------------------------------------------------------------------
/Documentation/images/decompiled_apk.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/decompiled_apk.jpg
--------------------------------------------------------------------------------
/Documentation/images/drozer_check.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/drozer_check.jpg
--------------------------------------------------------------------------------
/Documentation/images/emulator_install/1-sdk.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/emulator_install/1-sdk.jpg
--------------------------------------------------------------------------------
/Documentation/images/emulator_install/2-accept_license.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/emulator_install/2-accept_license.jpg
--------------------------------------------------------------------------------
/Documentation/images/emulator_install/3-loaded.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/emulator_install/3-loaded.jpg
--------------------------------------------------------------------------------
/Documentation/images/emulator_install/4-status_installed.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/emulator_install/4-status_installed.jpg
--------------------------------------------------------------------------------
/Documentation/images/emulator_install/5-avd_options.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/emulator_install/5-avd_options.jpg
--------------------------------------------------------------------------------
/Documentation/images/emulator_install/6-vm_created.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/emulator_install/6-vm_created.jpg
--------------------------------------------------------------------------------
/Documentation/images/emulator_install/7-launch_vm.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/emulator_install/7-launch_vm.jpg
--------------------------------------------------------------------------------
/Documentation/images/emulator_install/8-emulator_running.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/emulator_install/8-emulator_running.jpg
--------------------------------------------------------------------------------
/Documentation/images/fastboot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/fastboot.png
--------------------------------------------------------------------------------
/Documentation/images/heimdall-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/heimdall-icon.png
--------------------------------------------------------------------------------
/Documentation/images/heimdall.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/heimdall.png
--------------------------------------------------------------------------------
/Documentation/images/install_open_vm_tools.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/install_open_vm_tools.jpg
--------------------------------------------------------------------------------
/Documentation/images/mobsf_running.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/mobsf_running.jpg
--------------------------------------------------------------------------------
/Documentation/images/mobsf_running_90.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/mobsf_running_90.jpg
--------------------------------------------------------------------------------
/Documentation/images/nikto-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/nikto-icon.png
--------------------------------------------------------------------------------
/Documentation/images/nikto.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/nikto.jpg
--------------------------------------------------------------------------------
/Documentation/images/nmap-icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/nmap-icon.png
--------------------------------------------------------------------------------
/Documentation/images/nmap.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/nmap.jpg
--------------------------------------------------------------------------------
/Documentation/images/repo_androidtamer.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/repo_androidtamer.jpg
--------------------------------------------------------------------------------
/Documentation/images/repo_androidtamer_home.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/repo_androidtamer_home.jpg
--------------------------------------------------------------------------------
/Documentation/images/synaptic.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/synaptic.jpg
--------------------------------------------------------------------------------
/Documentation/images/vmware_import_error_linux.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vmware_import_error_linux.jpg
--------------------------------------------------------------------------------
/Documentation/images/vmware_import_error_mac.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vmware_import_error_mac.jpg
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10f.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10g.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10g.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10h.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10h.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10i.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10i.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10j.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10j.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10k.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10k.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_10l.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_10l.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_1a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_1a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_1b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_1b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_1c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_1c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_2a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_2a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_2b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_2b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_2c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_2c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_2d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_2d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_2e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_2e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_2f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_2f.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_3a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_3a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_3b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_3b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_3c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_3c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_3d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_3d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_3e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_3e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_3f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_3f.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4f.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4g.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4g.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4h.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4h.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4i.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4i.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4y.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4y.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_4z.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_4z.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_5a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_5a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_5b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_5b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_5c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_5c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_5d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_5d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_5e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_5e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_6a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_6a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_6b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_6b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_6c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_6c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_6d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_6d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_6e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_6e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_7a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_7a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_7b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_7b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_7c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_7c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_7d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_7d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_7e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_7e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_7f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_7f.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_8a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_8a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_8b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_8b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_8c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_8c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_8d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_8d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_8e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_8e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_8f.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_8f.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_9a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_9a.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_9b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_9b.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_9c.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_9c.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_9d.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_9d.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_9e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_9e.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_9y.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_9y.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/Challenge_9z.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/Challenge_9z.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/diva1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/diva1.png
--------------------------------------------------------------------------------
/Documentation/images/vuln_apps/DIVA/diva2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/images/vuln_apps/DIVA/diva2.png
--------------------------------------------------------------------------------
/Documentation/img/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TamerPlatform/Tools/a2332857a760193732e7c196879d041b639613b8/Documentation/img/favicon.ico
--------------------------------------------------------------------------------
/Documentation/index.md:
--------------------------------------------------------------------------------
1 | ## AndroidTamer Tools
2 |
3 | This repository hosts all the documentation regarding various tools available within AndroidTamer
4 |
5 | ### Overview
6 |
7 | Android Tamer is a Virtual / Live Platform for Android Security Professionals.
8 |
9 | This environment allows people to work on large array of Android Security related tasks ranging from Malware Analysis, Penetration Testing and Reverse Engineering.
10 |
11 | A short introduction to AndroidTamer is listed below.
12 |
13 |
14 | 
15 |
16 |
17 | ### Installation
18 |
19 | AndroidTamer comes as an `.ova` file. Double click it and Virtual Box adds the VM automatically.
20 |
21 | AndroidTamer is pre-configured with 1 GB of Base Memory (RAM), however 1.5 or more GB is recommended. (the more the merrier)
22 |
23 | ### Release Notes
24 |
25 | AndroidTamer has Debian 8 as its base machine. The are a many reasons why Debian was chosen instead of Ubuntu. It comes with some custom scripts which simplifies the life of Android pentester.
26 |
27 | The credentials for AndroidTamer is :
28 |
29 | > ***Username***: android
30 |
31 | > ***Password***: tamer
32 |
33 | The latest version of Android Tamer is compatible with both VirtualBox and VMware.
34 |
35 | The history of compatibility of previous releases:
36 |
37 | - **Ver 1** : Virtualbox
38 | - **Ver 2** : VMware player
39 | - **Ver 3** : Not released
40 | - **Ver 4** : Compatibile with both
41 |
42 | ### Packages and Scripts
43 |
44 | AndroidTamer comes pre-installed with many development and security pentesting tools. It is also beefed up with some custom scripts to automate common tasks. You could find a detailed description about the packages and scripts installed in AndroidTamer [here](/General/packages.md).
45 |
46 | Check the [package list](http://repo.androidtamer.com/packagelist.html) to view the list of tools available in AndroidTamer.
47 |
48 | ### Importing in VMWare Player / Fusion / Workstation
49 |
50 | AndroidTamer is created on VirtualBox and we officially support Virtualbox however its possible to install / import the OVA in VMWare products also.
51 |
52 | When am import is initiated you may encounter an error message as shown below.
53 |
54 |
55 |  
56 |
57 |
58 | Its recommended to click on retry and VM should import easily.
59 |
60 | Once inside VM the VM might not auto resize to screen size in that case please install **open-vm-tools-desktop** package and restart the VM and auto resize should start working.
61 |
62 | 
63 |
64 | Command:
65 | ```bash
66 | sudo apt-get install open-vm-tools-desktop
67 | ```
68 |
69 | ### Support
70 |
71 | AndroidTamer project is based on two things.
72 |
73 | - Latest vulnerabilities and exploitation methods for Android
74 | - Suggestions from users
75 |
76 | This project was actually an initiative of Anant Shrivastava. However at this point a group of individuals contribute to this project. Feel free to send your suggestions / issues directly to Anant at [anant@anantshri.info](mailto:anant@anantshri.info)
77 |
78 | ### Learn Android Security
79 |
80 | Have a look at the below URLs.
81 |
82 | - [Learn Android Security](https://androidtamer.com/learn_android_security)
83 | - [Awesome Android Security](https://github.com/ashishb/android-security-awesome)
84 |
85 | ### PGP Key
86 |
87 | You can get PGP public key at: [https://androidtamer.com/repo.gpg.key](https://androidtamer.com/repo.gpg.key)
88 |
--------------------------------------------------------------------------------
/mkdocs.yml:
--------------------------------------------------------------------------------
1 | site_name: AndroidTamer
2 | site_description: Documentation for Android Tamer
3 | site_author: AndroidTamer Team
4 | docs_dir: Documentation
5 | site_dir: site
6 | markdown_extensions:
7 | - markdown_newtab
8 | - oembed
9 | - markdown_checklist.extension
10 | #include_next_prev: false
11 | copyright: © AndroidTamer Team
12 | site_favicon: favicon.ico
13 | #theme_dir: mkdocs-reloaded
14 | theme: tamerdocs
15 | repo_url: https://github.com/AndroidTamer/Tools
16 | extra:
17 | navigation: false
18 | search: true
19 | twitter: https://www.twitter.com/androidtamer
20 | facebook: https://www.facebook.com/AndroidTamer
21 | irc: https://webchat.freenode.net/?url=irc://irc.freenode.net/androidtamer
22 |
--------------------------------------------------------------------------------