Mobile Application Penetration Testing Cheat Sheet

Free

Updated 11 March 2025

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics and checklist, which is mapped OWASP Mobile Risk Top 10 for conducting pentest. Mobile Application Security Testing Distributions All-in-one Mobile Security Frameworks Android Application Penetration Testing Reverse Engineering and Static Analysis Dynamic and Runtime Analysis Network Analysis and Server Side Testing Bypassing Root Detection and SSL Pinning Security Libraries iOS Application Penetration Testing Access Filesystem on iDevice Reverse Engineering and Static Analysis Dynamic and Runtime Analysis Network Analysis and Server Side Testing Bypassing Root Detection and SSL Pinning Security Libraries Mobile Penetration Testing Lab Contribution License Mobile Application Security Testing Distributions Appie - A portable software package for Android Pentesting and an awesome alternative to existing Virtual machines. Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals. Androl4b - A Virtual Machine For Assessing Android application

FEATURES

The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.

EXPLORE BY TAGS

Mobile Security

Reverse Engineering

Static Analysis

Dynamic Analysis

Network Analysis

SIMILAR TOOLS

Boston Key Party CTF

Boston Key Party CTF 2013 - cybersecurity competition with challenges in various domains.

Free

Resources

The Practical Linux Hardening Guide

A comprehensive guide for hardening GNU/Linux systems with practical step-by-step instructions.

Free

Resources

Metasploit Unleashed

Free online ethical hacking course covering penetration testing, web app assessments, exploit development, and security operations.

Free

Resources

Labs-Pentest

Free Labs to Train Your Pentest / CTF Skills

Free

Resources

LFI-Labs

A set of PHP scripts for practicing LFI, RFI, and CMD injection vulnerabilities.

Free

Resources

Windows / Linux Local Privilege Escalation Workshop

A workshop offering resources for local privilege escalation on Windows and Linux systems.

Free

Resources

Java Vulnerable

A vulnerable web application for learning about web application vulnerabilities and writing secure code.

Free

Resources

Microsoft Community Hub

Connect and learn from experts and peers in the Microsoft Community Hub.

Free

Resources

CloudGoat

CloudGoat is a 'Vulnerable by Design' AWS deployment tool for honing cloud cybersecurity skills through 'capture-the-flag' style scenarios.

Free

Resources

PINNED

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security