Debugger

AndroChef Java Decompiler

AndroChef Java Decompiler is Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 8 , 8.1 and Windows 10 decompiler for Java that reconstructs the original source code from the compiled binary CLASS files. AndroChef Java Decompiler is able to decompile the most complex Java 6 applets and binaries, producing accurate source code.

AndroChef successfully decompiles obfuscated Java 6, Java 7 and Java 8 .class and .jar files. Support Java language features like generics, enums and annotations. According to some studies, AndroChef Java Decompiler is able to decompile 98.04% of Java applications generated with traditional Java compilers - a very high recovery rate. It is simple but powerful tool that allows you to decompile Java and Dalvik bytecode (DEX, APK) into readable Java source. Easy to use.

ILSpy

ILSpy is the open-source .NET assembly browser and decompiler.

ILSpy Features:

Assembly browsing
IL Disassembly
Support C# 5.0 “async”
Decompilation to C#
Supports lambdas and ‘yield return’
Shows XML documentation
Decompilation to VB
Saving of resources
Save decompiled assembly as .csproj
Search for types/methods/properties (substring)
Hyperlink-based type/method/property navigation
Base/Derived types navigation
Navigation history
BAML to XAML decompiler
Save Assembly as C# Project
Find usage of field/method
Extensible via plugins (MEF)
Assembly Lists

Pin - A Binary Instrumentation Tool

Overview

Pin is a dynamic binary instrumentation framework for the IA-32 and x86-64 instruction-set architectures that enables the creation of dynamic program analysis tools. Some tools built with Pin are VTune Amplifier XE, Inspector XE, Advisor XE and SDE. The tools created using Pin, called Pintools, can be used to perform program analysis on user space applications in Linux and Windows. As a dynamic binary instrumentation tool, instrumentation is performed at run time on the compiled binary files. Thus, it requires no recompiling of source code and can support instrumenting programs that dynamically generate code.

Pin provides a rich API that abstracts away the underlying instruction-set idiosyncrasies and allows context information such as register contents to be passed to the injected code as parameters. Pin automatically saves and restores the registers that are overwritten by the injected code so the application continues to work. Limited access to symbol and debug information is available as well.

Pin was originally created as a tool for computer architecture analysis, but its flexible API and an active community (called "Pinheads") have created a diverse set of tools for security, emulation and parallel program analysis.

Distribution

Pin is proprietary software developed and supported by Intel and is supplied free of charge for non-commercial use. Pin includes the source code for a large number of example instrumentation tools like basic block profilers, cache simulators, instruction trace generators, etc. It is easy to derive new tools using the examples as a template.

Penetration Testers Framework

Overview:
The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.

sira

1. Enable network proxy
2. Snapshot file system
3. Install App
4. Decrypt app
5. Snapshot file system
6. Binary analysis:
a. PIE enabled?
b. Stack smashing protection enabled?
c. Reference counting enabled?
d. Class-dump or class-dump-z
e. XML processors installed?
f. Jailbreak Detection?
ii. (if yes, disable)
7. Runtime Analysis:
a. Use the app and record data
b. Certificate enforcement
i. if yes, bypass (import cert, hook cert functions)
c. Snapshot file system
d. Analyze shanpshot diffs
i. Locate storage of sensitive data
1. Was it stored securely?
ii. Protocol handlers installed?
e. Locate transmission of sensitive data
i. Was it transmitted securely?
ii. Privacy Analysis
1. Did the app transmit Contacts?
2. Did the app transmit Calendar?
3. Did the app transmit Location?
4. Did the app store a location log?
a. What was the granularity of the location?
5. Did the app transmit UDID?
f. Abuse the app and record data
i. If protocol handlers in use, can they be abused?
ii UIWebView in use?
1. Attempt XSS
a. Attempt to exploit objc bridge
iii. XML in use?
1. Attempt local XML attacks
iv. Attempt buffer overflows
v. Attempt format string attacks
vi. Attempt local file traversal
vii. Attempt local SQLi
viii. Logic flaw abuse
ix. (If in scope - Server side analysis)
g. Snapshot file system
h. Analyze snapshot diffs
i. As findings are discovered, repeat any steps in 7. as needed

SiRA is able to automate or semi-automate many of the steps involved in an application
assessment. SiRA includes some assistance for all 7 of the major methodology steps outlined
above. Not all automatable substeps are currently implemented, but work is ongoing. In
addition, SiRA provides a convenient single location for a variety of manual and semi-automated
functionalities. Finally, SiRA can automate your automation by providing a step-by-step guided

XAML Spy

The visual runtime inspector for Silverlight, Windows Phone, Windows Store and WPF

Silverlight Spy

Silverlight Spy is a runtime inspector tool providing unprecedented access to all aspects of any Silverlight in-browser, out-of-browser and Windows Phone 7 application. Explore the UI element tree, monitor events, extract XAML, interactively execute DLR code, view statistics and more.

JSwat

JSwat is a graphical Java debugger front-end, written to use the Java Platform Debugger Architecture and based on the NetBeans Platform. JSwat is open-source software and is freely available in both binary and source code form. Its features include sophisticated breakpoints; colorized source code display with code navigator; movable display panels showing threads, call stack, visible variables, and loaded classes; command interface for more advanced features; and Java-like expression evaluation, including method invocation.

JavaSnoop

A tool that lets you intercept methods, alter data and otherwise test the security of Java applications on your computer.

Dnswalk

dnswalk is a DNS debugger. It performs zone transfers of specifieddomains, and checks the database in numerous ways for internalconsistency, as well as accuracy.

Syndicate content