AndroGoat

Satish
AndroGoat
Published in
1 min readSep 23, 2019

AndroGoat is purposely developed open source vulnerable/insecure app using Kotlin. Security Testers/Professionals/Enthusiasts, Developers…etc. can use this application to understand and defend the vulnerabilities in Android platform.

This is the first vulnerable app developed using Kotlin. If you are looking to learn Android Application Security Testing then AndroGoat is a perfect solution.

I strongly believe this AndroGoat will help many people to learn Android Application Security Testing.

This application also listed as reference in OWASP Mobile Security Testing Guidelines

Vulnerabilities covered in this app:

  1. Root Detection
  2. Emulator Detection
  3. Insecure Data Storage — Shared Prefs — 1
  4. Insecure Data Storage — Shared Prefs — 2
  5. Insecure Data Storage — SQLite
  6. Insecure Data Storage — Temp Files
  7. Insecure Data Storage — SD Card
  8. Keyboard Cache
  9. Insecure Logging
  10. Input Validations — XSS
  11. Input Validations — SQLi
  12. Input Validations — WebView
  13. Unprotected Android Components — Activity
  14. Unprotected Android Components –Service
  15. Unprotected Android Components — Broadcast Receivers
  16. Unprotected Android Components — Content Providers (Coming Soon)
  17. Hard coding issues
  18. Network intercepting — HTTP
  19. Network intercepting — HTTPS
  20. Network intercepting — Certificate Pinning
  21. Misconfigured Network_Security_Config.xml
  22. Android Debuggable
  23. Android allowBackup
  24. Custom URL Scheme
  25. Broken Cryptography
  26. QR Code Scanning (Coming Soon)
  27. Fingerprint Authentication (Coming Soon)

Download apk file from https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk , install and ride AndroGoat.

← — — — — — — — — — — -Happy Learning — — — — — — — — — — — →

Connect with me on GitHub and Twitter for more insights, updates and tools.

--

--