Tools
Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, XAPK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.
qark: Tool to look for several security-related Android application vulnerabilities.
IPA decrypy: passionfruit or using class-dump-dyndl.
1
## mobexler VM ##
2
npm_config_user=root npm install -g passionfruit
3
passionfruit
Copied!
GitHub - skylot/jadx: Dex to Java decompiler
GitHub
GitHub - Konloch/bytecode-viewer: A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
GitHub
Releases · m0bilesecurity/RMS-Runtime-Mobile-Security
GitHub
1
adb shell "su -c '/data/local/tmp/frida-server-14.2.18-android-arm &'"
2
rms
Copied!
Java decompiler online / APK decompiler - Decompiler.com
GitHub - ChiChou/grapefruit: (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
GitHub
GitHub - FSecureLABS/drozer: The Leading Security Assessment Framework for Android.
GitHub
Drozer Tutorial
HackTricks
Mobexler - Mobile Application Penetration Testing Platform
GitHub - GoSecure/frida-xamarin-unpin: A Frida script to bypass Xamarin certificate pinning implementations
GitHub
Brida: The new bridge between Burp Suite and Frida!
GitHub - federicodotta/Brida: The new bridge between Burp Suite and Frida!
GitHub

Download APK CLI

GitHub - EFForg/apkeep
GitHub

Nuclei templates mobile

GitHub - optiv/mobile-nuclei-templates
GitHub
1
java -jar .\apktool.jar d -s 'xxx.com.apk' -o output
2
echo "/home/kali/Desktop/output" | /home/kali/go/bin/nuclei -t Keys
Copied!
Last modified 1mo ago