1. AFE – Android Framework for Exploitation, is a framework for exploiting android based devices. They’ve been in the security field from past 5 years and having a strong enthusiastic team behind Appknox(https://www.appknox.com) whose headquartered in India.
Currently they have 4 premium packages i.e. Lite Edition, Essential Edition, Premium Edition and Enterprise Edition.
Github Link – https://github.com/appknox/AFE
2. AndroBugs – An efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications.
They have both OS version available i.e. for windows and for linux. The only requirement for this tool is you need Python 2.7.x Version along with PyMongo Library. Yu-Cheng Lin is the author of this tool.
Github Link – https://github.com/AndroBugs/AndroBugs_Framework
3. Android-vts – Android Vulnerability Test Suite – In the spirit of open data collection, and with the help of the community, let’s take a pulse on the state of Android security.
This tool was meant to show the end user the attack surface that a given device is susceptible to. In implementing these checks it attempt to minimize or eliminate both false positives/false negatives without negatively affecting system stability.
Github Link – https://github.com/AndroidVTS/android-vts
4. Drozer – The Leading Security Assessment Framework for Android. It is a comprehensive security and attack framework for Android.
Drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.
Direct Link – https://labs.mwrinfosecurity.com/tools/drozer/
5. Mobile Security Framework (MobSF) – An intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.
OpenSecurity is a platform to promote Information Security Education and Research maintained by Ajin Abraham. MobSF performs Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session.
Direct Link – http://opensecurity.in/