title | description |
---|---|
Mobile |
Tools & Resources for Defending and Attacking Mobile Applications. |
- DexGuard - The full spectrum of protection for Android apps.
- ProGuard - Shrinks, optimizes, and obfuscates your code by removing unused code and renaming classes.
- canijailbreak - A website which tells you whether you can jailbreak your iOS device.
- Checkra1n - Jailbreak for iPhone 5s through iPhone X, iOS 12.0 and up.
- Chimera - iOS 12 jailbreak to not only feature a CoreTrust bypass so that binaries don't need to be resigned, but to also support A12 devices, including iPhone Xs, iPhone Xr, and the newest iPads.
- Double H3lix - Jailbreak for 64-bit 10.x devices.
- Etason - Jailbreak for all devices running iOS 8.4.1 32 bit.
- Evasi0n - Jailbreak iPhone, iPad or iPod touch on iOS 7.0 – iOS 7.0.6.
- H3lix - Jailbreak for 32-bit 10.x devices.
- Home Depot - Jailbreak for iOS 9.x devices.
- IPSW - Download current and previous versions of Apple's iOS, iPadOS, watchOS, tvOS and audioOS firmware and receive notifications when new firmwares are released.
- Magisk - Magisk is a suite of open source software for customizing Android, supporting devices higher than Android 5.0.
- Palra1n - Jailbreak for arm64 devices on iOS 15.0+ .
- Pangu Jailbreak - Jailbreak for iOS 9.0 - 9.1.
- Phoenix - Semi-untethered jailbreak for 9.3.5-9.3.6. All 32-bit devices supported.
- p0sixspwn - iOS Jailbreak for 6.1.X.
- redsn0w - Jailbreak for iOS 3-5.
- TaiG - Jailbreak for iOS 8.X.
- unc0ver - A jailbreak tool.
- adb - Allows you to install packages and evaluate your changes.
- Airdroid - Transfer files across devices, remote control Android devices, mirror screen, and manage SMS & notification on computer.
- Android File Transfer - Browse and transfer files between your Mac computer and your Android device.
- iExplorer - Transfers music, messages, photos, files and everything else.
- iFunbox - General file management software for iPhone and other Apple products.
- iMazing - Powerful user-friendly iOS device manager for Mac and PC.
- Android Reports & Reports - Android reports and resources.
- Bytecode Viewer - A lightweight user friendly Java Bytecode Viewer.
- CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
- Cutter - Reverse engineering platform powered by rizin.
- DECAF - DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU.
- Diggy - Extract endpoints from apk files.
- Droid-FF - The android fuzzing framework.
- Drozer - Security testing framework for Android.
- Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
- Hooker - Provides various tools and applications that can be use to automatically intercept and modify any API calls.
- House - A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
- Inspeckage - Tool developed to offer dynamic analysis of Android applications.
- MobSF - An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework.
- PATDroid - A collection of tools and data structures for analyzing Android applications and the system itself.
- ProbeDroid - A dynamic Java code instrumentation for Android apps. Provides APIs for users to craft their own instrumentation tools.
- radare2 - Set of libraries, tools and plugins to ease reverse engineering tasks.
- Runtime Mobile Security (RMS) - Powered by FRIDA a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
- Cydia Impactor - Use this tool to install IPA files on iOS and APK files on Android.
- Odin - Used to flash a custom recovery firmware image to a Samsung Android device.
- Android Application Penetration Testing Checklist - Android pentesting checklist mindmap.
- iOS Pentesting - iOS pentesting mindmap.
- DIVA - DIVA (Damn insecure and vulnerable App) is an Android App intentionally designed to be insecure.
- DVHMA - Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
- Injured Android - A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
- InsecureBank v2 - Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities.
- Oversecured Vulnerable Android App - An Android app that aggregates all the platform's known and popular security vulnerabilities.
- UnCrackable Apps - A collection of mobile reverse engineering challenges for iOS and Android.
- Vuldroid - Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code.
- VyAPI - The Modern Cloud-Based Vulnerable Hybrid Android App.
- WaTF-Bank - What a Terrible Failure Mobile Banking Application for Android and iOS.
- Android APK Decompiler - Online android decompiler
- Ostorlab - Online static taint analysis, 3rd party fingerprinting, and vulnerability analysis.
- Oversecured - Android mobile app analyzer vulnerability scanner, designed for DevOps process integration.
- Quixxi - An intelligent and integrated end-to-end mobile app security solution.
- dmesg - Prints Android kernel messages. Already installed on device.
- Dumpsys - a tool that runs on Android devices and provides information about system services. Already installed on device.
- EggShell - iOS/macOS/Linux Remote Administration Tool.
- jarsigner - Jar, Android apk, Eclipse RCP signer.
- keystore-explorer - GUI replacement for the Java command-line utilities keytool and jarsigner.
- MITMProxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers.
- Plistsubtractor - Read a plist file, write out any embedded plist files.
- ProxyDroid - Global Proxy for Android.
- Simplify - Android virtual machine and deobfuscator.
- TCPDump - The TCPdump network dissector.
- BinaryCookieReader - A tool to read the binarycookie format of Cookies on iOS applications.
- ClassDumpiOS - iOS port from nygard/class-dump.
- Cycript - Explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript.
- DumpDecrypted - Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk.
- EggShell - iOS/macOS/Linux Remote Administration Tool.
- KTool - Cross-platform MachO/ObjC Static binary analysis tool & library. class-dump + otool + lipo + more.
- lipo - Used to thin out un-used code.
- MITMProxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers.
- MobileAssistant - A tool to facilitate testing of iOS apps with Burp Suite.
- Needle - The iOS Security Testing Framework.
- Objection - A lightweight dependency injection framework for Objective-C.
- RVICTL - Capture packets sent/received by iOS devices.
- Sileo - A fast, beautiful, powerful and efficient APT Package Manager designed for jailbroken device.
- SSLKillSwitch - Blackbox tool to disable SSL certificate validation.
- SSLKillSwitch2 - Blackbox tool to disable SSL certificate validation.
- TCPDump - The TCPdump network dissector.
- bfdecrypt - Utility to decrypt App Store apps on jailbroken iOS 11.x
- Clutch - Fast iOS executable dumper.
- flexdecrypt - Decrypt iOS Apps and Mach-O binaries.
- FoulDecrypt - A lightweight and simpling iOS binary decryptor.
- r2flutch - Tool to decrypt iOS apps using r2frida.
- Android Check - Static code analysis plugin for Android project.
- Androwarn - Static code analyzer for malicious Android applications.
- APKLab - A tool for reverse engineering 3rd party, closed, binary Android apps.
- APKLeaks - Scanning APK file for URIs, endpoints & secrets.
- APK Studio - The objective of this scanner is to find for misconfiguration, sensitive data and insecure components.
- APKTool - Seamlessly integrates the best open-source tools right inside VS Code.
- Argus-SAF - Static analysis framework.
- Checkstyle - A tool for checking Java source code for adherence to a Code Standard or set of validation rules.
- DeGuard - Statistical Deobfuscation for Android.
- Deoptfuscator - Reverse the control-flow obfuscation performed by DexGuard on open-source Android applications.
- Droid-Hunter - Android application vulnerability analysis and Android pentest tool.
- Error Prone - Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.
- FindBugs - Uses static analysis to inspect Java bytecode for occurrences of bug patterns.
- Find Security Bugs - Find Security Bugs is the SpotBugs plugin for security audits of Java web applications.
- FlowDroid - Statically computes data flows in Android apps and Java programs.
- Gradle - Supports many popular static analysis (Checkstyle, PMD, FindBugs, etc) via a set of built-in plugins.
- Infer - Infer is a static analysis tool for Java, C++, Objective-C, and C. Infer is written in OCaml.
- JADX - Dex to Java decompiler.
- Mobile Audit - SAST and Malware Analysis for Android Mobile APKs.
- MobSF - An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework.
- PMD - Finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth.
- Qark - designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.
- Quark - An Obfuscation-Neglect Android Malware Scoring System.
- Smali - An assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation.
- Smali-CFG - Smali Control Flow Graph's
- Soot - Smali Control Flow Graph's
- Sparta - Static program analysis for reliable trusted apps.
- StaCoAn - A crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications
- Trueseeing - A fast, accurate and resillient vulnerabilities scanner for Android apps.
- Yaazhini - A fast, accurate and resillient vulnerabilities scanner for Android apps.
- B3nac Sec - Dedicated mobile ethical hacking
- Android Tamer - Live Platform for Android Security professionals.
- AppUse - Mobile app security testing, Android and iOS applications. Custom-made tools and scripts created by AppSec Labs.
- Android Rooting:Methods, Detection, and Evastion - Written by San-Tsai Sun, Andrea Cuadros, and Konstantin Beznosov.