Mobile Security

A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.

Intercepts and examines mobile app connections by stripping SSL/TLS layer.

ALEAPP is a Python-based forensic tool for parsing Android logs, events, and protobuf data with both CLI and GUI interfaces.

StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.

Needle is a discontinued open source modular framework for iOS application security assessments that was compatible with iOS 9 and iOS 10 before being replaced by Objection.

A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.

APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.

AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.

InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.

An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.

OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.

A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.

A collection of Android Fakebank and Tizi samples for analyzing spyware on Android devices.

Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.

AFE Android Framework for Exploitation is a framework that provides tools and techniques for exploiting vulnerabilities in Android devices and applications.

A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.

App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.

Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.

A security checklist based on OWASP standards that provides comprehensive guidelines for designing, testing, and releasing secure Android applications.

An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.

AppMon is a Frida-based automated framework for monitoring and tampering with system API calls across macOS, iOS, and Android applications.

An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.

RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.

A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.