mobile-security

Source code for Hacker101.com - a free online web and mobile security class.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Scanning APK file for URIs, endpoints & secrets.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Hand-crafted Frida examples

Documentation:

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Flutter Reverse Engineering Framework

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

A Collection of Secure Mobile Development Best Practices

A Huge Learning Resources with Labs For Offensive Security Players

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Oversecured Vulnerable Android App

Unofficial frida extension for VSCode

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Mobile penetration testing android & iOS command cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Testowanie oprogramowania - Książka dla początkujących testerów

A fast and elegant extension for VSCode used for iOSre projects.

Django application that performs SAST and Malware Analysis for Android APKs

Intentionally vulnerable Android application.

Oversecured Vulnerable iOS App

iOS安全资料整理（中文）