Android devices are manufatured day by day that some may have exposed to vulnarabilities of certain settings in the device.So as a normal user,they won't take these bugs into considerations.Since this architecture possess an open-source license,viruses,malwares and worms are searching for devices for comprimising services.

To take down the above mentioned critical situation Rudhra comes with cutting edge solutions to help the end users of android.It is aimed at protecting Android devices in the hands of laymen. The application tells the user about the vulnerable configurations in his device (like, settings) and explains to him why it could prove to be dangerous, gives information about the overall health of the device, checks for root access etc.

Core Features :

• Read CPU and RAM usage and represent it on a graph.
• Check for the existance of root access in a device.
• Check if there is a system hook.
• Check for vulnerable settings.

We are glad to welcome:

If you wish to be a part of development team of Rudhra do the following steps:

• Clone the repo by clicking here.
• Fork the repository and start sharing your idea.

​

For the past one year, Android based developments and applications have flooded international markets. Every other application is available on many third-party sites. How do we infer if we are using a legitimate, uninfected copy of the application ?

ADHRIT is an open source tool that can do this task. Basically a malware analysis tool, but can equally be used for CTFs and for APK modifications. 


How does it work ?

ADHRIT is largely automated to carry out many of the manual tasks that are, otherwise, time consuming. For instance, to acquire the source code of an apk, one has to extract the classes.dex and then use dex2jar to get the corresponding archive and then use any of the Java decompilers  to get the source code in Java.  This whole process, which takes around a minute or two, is done in less than 5 seconds by the tool !
The tool provides multiple argument filters for flexibility and the user can choose exactly how much and what he wants.  The effort is to make the tool as compact as possible by isolating the individual tools from the Android SDK. This also relieves the user from the burden of installing and configuring the Android SDK. 

 ADHRIT can :

*  Extract the APK contents into a directory
*  Dump certificate details
*  Extract source code in Smali
*  Extract source code in Java
*  Parse binary Manifest XML into readable XML
*  Searches for native libraries
*  Analyzes permissions used by the application
*  Checks for malware footprints in the VIrusTotal database


​
The Flow : 

​

What all can I do ?

*  Build custom/patched APKs if necessary in CTFs.  Java source and the AndroidManifest.xml is extracted by the tool.
*  Build APK mods using the smali code extracted using APK Tool.
*  Analyse source code.
*  Check if the malware is listed on VirusTotal.
*  Get images from the apk.



Can I reuse this code ?

Cent percent yes !  You can use any part of this code and even few of the slightly modified tools ( which are again, open source tools built by wonderful developers. ) in your projects under open source license constraints.


Where To Find ?
The project is still under progress and will implement static and dynamic analysis techniques also. Follow
ADHRIT project on GitHub for continual updates.  Stay tuned !


Have a good day !  :)

Dedsec Inside's new project TorBot has released its first beta version of the tool (v 1.0.0). TorBot is a feature rich tool developed in python 3 which crawls deep and dark web sites. It has the basic functionality of a web crawler including crawling onion links and emails. Current version of the tool also provides features like checking the status of the crawled links and searching for custom domains in crawled links etc. More features like fetching more useful info, database saving,etc will be added to torBot in the later versions. The repository is currently very active and contributions are very well welcomed. The source code can be seen in the DedSec inside's Public repository here: https://github.com/DedSecInside



Basic setup

Before you run the torBot make sure the following things are done properly:

• Run tor service sudo service tor start
• Set a password for tor tor --hash-password "my_password"
• Give the password inside torbot.py from stem.control import Controller with Controller.from_port(port = 9051) as controller: controller.authenticate("your_password_hash") controller.signal(Signal.NEWNYM)

Read more about torrc here : Torrc