Tools

Software Supply Chain

• Argus: find injection vulnerabilities in GitHub Action workflows
• Differential Alert Analysis (DAA): discover silent fixes
• VFCFinder: Recover patch links for security advisories

Cellular Security

• 5GAC: CodeQL analysis of 5G core implementations to extract needed OAuth policy
• CellCrypt: Find crypto misuse in cellular cores

Cloud Security

• GRASP: Access control policy analysis tool for serverless

Network Security

• NetViews: least privilege connectivity in an enterprise network
• MSNetViews: Multi-site NetViews

Linux

• Flatpaks / Snaps: scripts to analyze sandbox policy

iOS Analysis

• SandBlaster: reverse (decompile) binary Apple sandbox profiles
• iExtractor: automate data extraction from iOS firmware files

Android OS Analysis

• ACMiner: find inconsistent enforcment of Android permissions
• ARF: find improper re-delegation of Android permissions
• FReD: Find improper re-delegation of Android file access

Android App Analysis

• PolicyLint / PoliCheck: process Android app privacy policies
• AARDroid: identify non compliances with industry regulations of Android payment SDKs
• Cardpliance: detect PCI DSS noncompliance in android apps
• UiRef: resolve the semantics of user input
• Whyper: predict permissions from app desciptions [Note: Google deleted the original Google site and the dataset]
• ded: app decompiler
• Fortify SCA Rules: custom rules for vulnerabilities in apps (circa 2011)
• TaintDroid: dynamic taint analysis of apps (requires very old Android)

Android Enhancements

• Android Security Modules (ASM): extensible security enhancements for Android
• Aquifer: DIFC model for Android
• Weir: another DIFC model for Android
• NativeWrap: wrap any website into an app

Misc

• XATTR Support for YAFFS2: needed for TaintDroid on some old phones
• split_bootimg.pl: script to parse an Android boot.img file (super old)