49 tools and resources
Intercepts and examines mobile app connections by stripping SSL/TLS layer.
StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.
An open source framework for security assessments of iOS apps, now decommissioned in favor of Objection.
AMDH is an Android tool for automating scanning, hardening system settings, detecting malware, and protecting privacy.
Android application for learning about vulnerabilities in modern Android apps and testing pentesting skills.
A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.
A collection of Android Fakebank and Tizi samples for analyzing spyware on Android devices.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
Hackazon is a free, vulnerable test site with an online storefront to train and test IT security professionals on various vulnerabilities like SQL Injection and cross-site scripting.
A comprehensive checklist for securing Android apps
An open-source project for dynamic analysis of Android applications using the Android Substrate framework.
Automated framework for monitoring and tampering system API calls of native macOS, iOS, and Android apps.
Andromeda makes reverse engineering of Android applications faster and easier.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
A collection of mobile security resources with tools, white papers, ebooks, and webinars.
Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis with various tools and resources.
A tool for iOS pentesting and research with a GUI version available.
Introspy-Android is a blackbox tool for understanding Android app behavior and identifying security issues at runtime.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.
A tool for dynamic analysis of mobile applications in a controlled environment.
Automated Android Malware Analysis tool
Realtime privacy monitoring service for smartphones that analyzes how apps handle private information.
NSA's cybersecurity advisories and guidance on evolving threats and mitigations.
Runtime mobile exploration toolkit powered by Frida for assessing mobile app security without jailbreak.
A web-based tool for instrumenting and analyzing Android applications using Flask, Jinja, and Redis.
House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
iOS Mobile Backup Xtractor tool for extracting iOS backups.
Comprehensive manual for mobile app security testing and reverse engineering with technical processes for verifying controls.
iOS application for testing iOS penetration testing skills in a legal environment.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
Argus-SAF is a static analysis framework for security vetting Android applications.
An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.
A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.
A lightweight library for device identification and fingerprinting, written in Kotlin and 100% crash-free.
ConDroid performs concolic execution of Android apps to observe 'interesting' behavior in dynamic analysis.
Innovative tool for mobile security researchers to analyze targets with static and dynamic analysis capabilities and sharing functionalities.
A framework for reverse engineering Flutter apps with modified Flutter library for dynamic analysis and traffic monitoring.
XGuardian XARA Security Scanner for OSX with URL scheme, Bundle ID, and keychain hijack checks.
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.
Inspeckage is a dynamic analysis tool for Android applications offering insights into app behavior and real-time monitoring capabilities.
Personal website of Collin R. Mulliner with a focus on security research and mobile platforms.
Enhance your Android experience with the AMAaaS Agent APK for better performance and improved user experience.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
Runtime Mobile Security (RMS) is a powerful web interface powered by FRIDA for manipulating Android and iOS Apps at Runtime.
A comprehensive guide to mobile application penetration testing, covering various topics and techniques
A hybrid mobile app for Android that intentionally contains vulnerabilities for testing and education
Cloud-based service for testing and analyzing Android and iOS apps for malware, vulnerabilities, and security threats.
Python tool for monitoring user-select APIs in Android apps using Frida.
