AndroGoat

AndroGoat is purposely developed open source vulnerable/insecure app using Kotlin. Security Testers/Professionals/Enthusiasts, Developers...etc. can use this application to understand and defend the vulnerabilities in Android platform. This is the first vulnerable app developed using Kotlin.If you are looking to learn Android Application Security Testing then AndroGoat is a perfect solution.

I strongly believe this AndroGoat will help many people to learn Android Application Security Testing.

Happy learning

Vulnerabilities covered in this app:

1. Root Detection
   
2. Emulator Detection
   
3. Insecure Data Storage – Shared Prefs - 1
   
4. Insecure Data Storage - Shared Prefs - 2
   
5. Insecure Data Storage - SQLite
   
6. Insecure Data Storage – Temp Files
   
7. Insecure Data Storage – SD Card
   
8. Keyboard Cache
   
9. Insecure Logging
   
10. Input Validations – XSS
    
11. Input Validations – SQLi
    
12. Input Validations – WebView
    
13. Unprotected Android Components – Activity
    
14. Unprotected Android Components –Service
    
15. Unprotected Android Components – Broadcast Receivers
    
16. Unprotected Android Components – Content Providers (Coming Soon)
    
17. Hard coding issues
    
18. Network intercepting – HTTP
    
19. Network intercepting – HTTPS
    
20. Network intercepting – Certificate Pinning
    
21. Misconfigured Network_Security_Config.xml
    
22. Android Debuggable
    
23. Android allowBackup
    
24. Custom URL Scheme
    
25. Broken Cryptography
    
26. QR Code Scanning (Coming Soon)
    
27. Fingerprint Authentication (Coming Soon)
    

Download apk file from https://github.com/satishpatnayak/MyTest/blob/master/AndroGoat.apk , install and ride AndroGoat..

Feedbank and Ideas are welcome. Please reach me [email protected]
Follow me on Twiiter for update on blogs, changes...etc https://twitter.com/satish_patnayak