objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak. Supports both iOS and Android. Inspect and interact with container file systems. Bypass SSL pinning. Dump keychains. Perform memory related tasks, such as dumping & patching. Explore and manipulate objects on the heap. And much, much more... Screenshots are available in the wiki. Installation is simply a matter of pip3 install objection. This will give you the objection command. You can update an existing objection installation with pip3 install --upgrade objection. For more detailed update and installation instructions, please refer to the wiki page here. objection is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A data-mining and deep web asset search engine for breach analysis and prevention services.
A tool for extracting static and dynamic features from Android APKs.
Comprehensive manual for mobile app security testing and reverse engineering with technical processes for verifying controls.
A Graphical Realism Framework for Industrial Control Simulation organized as 5 VirtualBox VMs for realistic ICS network simulation.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A command line steganography tool that uses LSB technique to hide files within images without visible alteration.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.