mobile-security

Source code for Hacker101.com - a free online web and mobile security class.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Scanning APK file for URIs, endpoints & secrets.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Documentation:

Hand-crafted Frida examples

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

A Collection of Secure Mobile Development Best Practices

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Unofficial frida extension for VSCode

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Mobile penetration testing android & iOS command cheatsheet

Oversecured Vulnerable Android App

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Testowanie oprogramowania - Książka dla początkujących testerów

A fast and elegant extension for VSCode used for iOSre projects.

iOS安全资料整理（中文）

VyAPI - A cloud based vulnerable hybrid Android App

A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries.

A Huge Learning Resources with Labs For Offensive Security Players

Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.

Vulnerable Banking Suite