Tools

​Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, XAPK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

​Yaazhini is a free user-friendly vulnerability scanner for Android APK and API that’s exclusively designed and developed to identify APK and API level vulnerabilities. It includes API vulnerability scan module (both integrated and standalone API), APK vulnerability scan module and report section module.
Yaazhini - Free Android APK & API Vulnerability Scanner | Vegabird
​qark:  Tool to look for several security-related Android application vulnerabilities.
IPA decrypy: passionfruit or using class-dump-dyndl.
## mobexler VM ##
npm_config_user=root npm install -g passionfruit
passionfruit
GitHub - ChiChou/grapefruit: (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
GitHub
Insecure iOS Storage - DVIAv2 Part 1
Offensive Research
GitHub - skylot/jadx: Dex to Java decompiler
GitHub
GitHub - Konloch/bytecode-viewer: A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
GitHub
Releases · m0bilesecurity/RMS-Runtime-Mobile-Security
GitHub
adb shell "su -c '/data/local/tmp/frida-server-14.2.18-android-arm &'" 
rms
Java decompiler online / APK decompiler - Decompiler.com
GitHub - ChiChou/grapefruit: (WIP) Runtime Application Instruments for iOS. Previously Passionfruit
GitHub
GitHub - FSecureLABS/drozer: The Leading Security Assessment Framework for Android.
GitHub
Drozer Tutorial
HackTricks
Mobexler - Mobile Application Penetration Testing Platform
GitHub - GoSecure/frida-xamarin-unpin: A Frida script to bypass Xamarin certificate pinning implementations
GitHub
​Brida: The new bridge between Burp Suite and Frida!
GitHub - federicodotta/Brida: The new bridge between Burp Suite and Frida!
GitHub
Virtual devices with real-world accuracy
Corellium
Download APK CLI
GitHub - EFForg/apkeep
GitHub
​
Nuclei templates mobile
GitHub - optiv/mobile-nuclei-templates
GitHub
java -jar .\apktool.jar d -s 'xxx.com.apk' -o output
echo "/home/kali/Desktop/output" | /home/kali/go/bin/nuclei -t Keys
Last modified 2mo ago
Tools

Download APK CLI

​

Nuclei templates mobile
