SecureDroid is a comprehensive mobile application security testing platform designed to help security professionals identify and remediate vulnerabilities in Android and iOS applications.
- 🔍 Static Analysis: Analyze application code without execution
- 🌐 Dynamic Analysis: Test applications during runtime with Frida and Objection
- ⭐ Device Management: Manage physical devices for testing
- 📱 Emulator Management: Create and manage emulators for testing
- 💻 Vulnerability Tracking: Track and manage identified vulnerabilities
- 🎨 Modern Dark/Light Theme UI: Sleek, modern interface with theme options
- 📊 Dashboard: Visualize security metrics and findings
- 📝 Reporting: Generate comprehensive security reports
- 🔄 OWASP Top 10 Mobile: Track vulnerabilities based on OWASP Mobile Top 10
- Backend: Python 3.8+ (FastAPI)
- Frontend: Node.js (v14 or higher) and npm (v6 or higher)
- Database: MongoDB (optional for simple mode)
-
Clone the repository:
git clone https://gitlab.com/shekharcharles/securedroid.git cd securedroid -
Install dependencies:
npm run install-all
One-Click Startup:
start_securedroid.batThis will automatically:
- Check system requirements (Python, Node.js, MongoDB)
- Start the FastAPI backend on port 8000
- Start the React frontend on port 3000
- Open both in separate windows
-
Start the FastAPI Backend:
cd backend start_backend.bat # OR manually: python main.py
-
Start the Frontend (in a separate terminal):
cd frontend npm start
cd backend_nodejs
npm run dev- Frontend: http://localhost:3000
- FastAPI Backend: http://localhost:8000
- API Documentation: http://localhost:8000/docs (Swagger UI)
- API Endpoints: http://localhost:8000/api
The application comes with three default users:
-
Admin User
- Email: admin@securedroid.com
- Password: admin123
- Role: admin
-
Pentester User
- Email: pentester@securedroid.com
- Password: pentester123
- Role: pentester
-
Regular User
- Email: user@securedroid.com
- Password: user123
- Role: user
- Framework: Python FastAPI with async support
- Database: MongoDB with Beanie ODM
- Authentication: JWT tokens with role-based access
- Documentation: Auto-generated Swagger UI
- Location:
backend/directory
- Framework: Express.js
- Database: MongoDB with Mongoose
- Authentication: JWT tokens
- Location:
backend_nodejs/directory
Both backends provide the same API endpoints:
/api/auth/*- Authentication endpoints/api/users/*- User management endpoints/api/applications/*- Application management endpoints/api/vulnerabilities/*- Vulnerability management endpoints/api/static-analysis/*- Static analysis endpoints/api/dashboard/*- Dashboard data endpoints
This project is developed by Shekhar Charles.
This project now includes both Node.js and Python FastAPI backends:
- Performance: Faster than Express.js with async support
- Type Safety: Built-in type validation with Pydantic
- Documentation: Automatic API documentation generation
- Modern: Latest Python async/await patterns
- Testing: Better testing capabilities
- ✅ API Compatibility: Same endpoints and request/response formats
- ✅ Enhanced Security: Improved authentication and validation
- ✅ Better Documentation: Auto-generated Swagger UI
- ✅ Type Safety: Full type checking and validation
- ✅ Performance: Async operations and better scalability
- Use FastAPI (
backend/) for new development and better performance - Use Node.js (
backend_nodejs/) for compatibility with existing deployments