mobile-security

Source code for Hacker101.com - a free online web and mobile security class.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Scanning APK file for URIs, endpoints & secrets.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Hand-crafted Frida examples

Documentation:

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

A Collection of Secure Mobile Development Best Practices

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

Unofficial frida extension for VSCode

Mobile penetration testing android & iOS command cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Oversecured Vulnerable Android App

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

A fast and elegant extension for VSCode used for iOSre projects.

Testowanie oprogramowania - Książka dla początkujących testerów

Flutter Reverse Engineering Framework

iOS安全资料整理（中文）

A Huge Learning Resources with Labs For Offensive Security Players

Django application that performs SAST and Malware Analysis for Android APKs

Intentionally vulnerable Android application.

A repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries.