GitHub - satishpatnayak/AndroGoat: AndroGoat
Skip to content

satishpatnayak/AndroGoat

Repository files navigation

AndroGoat

AndroGoat is purposely developed open source vulnerable/insecure app using Kotlin. Security Testers/Professionals/Enthusiasts, Developers...etc. can use this application to understand and defend the vulnerabilities in Android platform. This is the first vulnerable app developed using Kotlin.If you are looking to learn Android Application Security Testing then AndroGoat is a perfect solution.

I strongly believe this AndroGoat will help many people to learn Android Application Security Testing.

Happy learning

Vulnerabilities covered in this app:

  1. Root Detection
  2. Emulator Detection
  3. Insecure Data Storage – Shared Prefs - 1
  4. Insecure Data Storage - Shared Prefs - 2
  5. Insecure Data Storage - SQLite
  6. Insecure Data Storage – Temp Files
  7. Insecure Data Storage – SD Card
  8. Keyboard Cache
  9. Insecure Logging
  10. Input Validations – XSS
  11. Input Validations – SQLi
  12. Input Validations – WebView
  13. Unprotected Android Components – Activity
  14. Unprotected Android Components –Service
  15. Unprotected Android Components – Broadcast Receivers
  16. Unprotected Android Components – Content Providers (Coming Soon)
  17. Hard coding issues
  18. Network intercepting – HTTP
  19. Network intercepting – HTTPS
  20. Network intercepting – Certificate Pinning
  21. Misconfigured Network_Security_Config.xml
  22. Android Debuggable
  23. Android allowBackup
  24. Custom URL Scheme
  25. Broken Cryptography
  26. QR Code Scanning (Coming Soon)
  27. Fingerprint Authentication (Coming Soon)

Download apk file from https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk , install and ride AndroGoat..

Feedbank and Ideas are welcome. Please reach me satishkumarpatnayak@live.com
Follow me on Twiiter for update on blogs, changes...etc https://twitter.com/satish_patnayak