BDF is a Python tool designed to spin-up pseudo random vulnerable Android applications for vulnerability research, ethical hacking, and pen testing Android app practice.
BrokenDroidFactory.py
, it’s as simple as that! README.md
file is created detailing the app’s issues and vulnerabilities. After cloning the repository all BDF dependencies can be installed manually or via the requirements file, with:
pip install -r REQUIREMENTS.txt
In addition to the above, you will also need a copy of the Android SDK. If you do not have this already it can be downloaded here by either downloading it via Android Studio or downloading it via the command line tools. To ensure that BDF picks up your SDK path perform one of the following:
C:\Users\<username>\AppData\Local\Android\Sdk
on Windows.-s
paramiter.Broken-Droid-Factory/demoapp/local.properties
with the contents sdk.dir=<path to your SDK>
demoapp
in AndroidStudio, it will then create a local file called local.properties
detailing your SDK path.BDF has only been tested on Windows 10.
Run BDF with Python:
python BrokenDroidFactory.py
Several optional pramiters can be provided to BDF, use -h
to see a full list:
optional arguments:
-h, --help Show this help message and exit.
-o OUTPUT, --output OUTPUT
The output directory for the compiled APK to be saved
to.
-t TEMPLATE, --template TEMPLATE
The path to the template app. Do not alter unless you
know what you're doing.
-s SDK, --sdk SDK The path to your local Android SDK.
-c CHALLENGE, --challenge CHALLENGE
The desired challenge level for the created APK.
-v, --verbose Increase output verbosity.
After running BDF to completion you will be left with 2 files in the output directory (out
if not provided). A README.md
file detailing the workings and the types of challenges in the app, and an .apk
file.
Use BDF to create vulnerable and issue prone Android applications in the below categories:
Patchers are used by BDF to modify a template application source and add vulnerable and issue prone code to it.
A patcher must have several key aspects and have this purpose in mind.
However, outside of this how patchers are implemented is quite flexible and modular.
patchers
directory.patcher_interface.patcher
difficulty
set to an int value between 0 and 10 – where 0 means it provides no challenge and is used to add variability to the app, and a number higher than 0 denotes it’s difficulty score to complete (with the higher the score the more difficult it is).patch
function (of which is automatically run when the patcher is called by BDF) and should return a string based on what the patcher has done.patcher_list
list variable in BrokenDroidFactory.py
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…