Android Security

Mobile-Security-Framework MobSFJavaScript

An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework.

Android SecurityMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and reverse engineering.

android-security-awesomeMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and penetration testing.

AndroguardPython

A Python toolkit for reverse engineering, analyzing, and pentesting Android applications (APK, DEX, resources).

APKLeaksPython

A tool to scan APK files for URIs, endpoints, secrets, and sensitive data patterns.

PhoneSpolit-ProPython

A Python-based hacking tool for remotely exploiting Android devices via ADB and Metasploit to gain Meterpreter sessions.

Mobile App Pentest Cheat Sheet

A comprehensive cheat sheet and tool collection for mobile application penetration testing, mapped to OWASP Mobile Top 10 risks.

apk-mitmTypeScript

A CLI tool that automatically patches Android APK files to bypass HTTPS security for traffic inspection.

DrozerPython

A security testing framework for Android that identifies vulnerabilities by interacting with apps, IPC endpoints, and the OS.

HonggfuzzC

A security-oriented, feedback-driven, evolutionary software fuzzer that uses hardware and software code coverage to find bugs.

Runtime Mobile Security (RMS)JavaScript

A web interface powered by FRIDA for runtime manipulation, analysis, and security testing of Android and iOS applications.

InspeckageJava

An Xposed module for dynamic analysis of Android apps via API hooks, unexported activity launching, and runtime inspection.

Find Security BugsJava

A SpotBugs plugin for detecting security vulnerabilities in Java web and Android applications.

Android Reports and Resources

A curated collection of disclosed Android security reports from HackerOne and educational resources for vulnerability research.

Quark-EnginePython

An obfuscation-neglect Android malware scoring system that analyzes APKs for malicious behavior patterns.

AndroBugsPython

An efficient Android vulnerability scanner that finds security issues and missing best practices in APK files.

Android Malware Github repoShell

The largest open collection of Android malware samples for security research and analysis.

Android UnpackerC

A collection of tools and scripts for unpacking and analyzing protected Android applications, originally presented at Defcon 22.

Androl4b

A virtual machine for Android application security assessment, reverse engineering, and malware analysis.

Damn Insecure Vulnerable Application (DIVA)Java

An intentionally insecure Android app designed to teach secure coding and penetration testing through hands-on vulnerability challenges.

Android-ExploitsHTML

A curated collection of Android exploits, hacking tools, and resources for security research and penetration testing.

Android-Security-Reference

A work-in-progress reference guide for Android security topics, tools, and version-specific details.

adbsploitPython

A Python-based tool for exploiting and managing Android devices via ADB with capabilities like screen recording, data extraction, and remote control.

android app security checklist

A comprehensive checklist for designing, testing, and releasing secure Android applications based on OWASP standards.

DroidboxPython

Dynamic analysis tool for Android applications that monitors runtime behavior, detects information leaks, and visualizes app activity.

Injured Android - CTFKotlin

A vulnerable Android CTF application demonstrating real-world security vulnerabilities and exploitation techniques.

Oversecured Vulnerable Android App (OVAA)Java

A vulnerable Android app aggregating known security vulnerabilities for testing and educational purposes.

FingerprintJS AndroidKotlin

A lightweight Kotlin library for stateless device identification and fingerprinting on Android.

Apk2GoldShell

A CLI tool that decompiles Android APKs into readable Java source with reconstructed R.* references.

MARAPython

A comprehensive mobile application reverse engineering and analysis framework for security testing against OWASP mobile threats.

CuckooDroidPython

An extension of Cuckoo Sandbox that adds automated Android malware analysis capabilities for executing and analyzing Android applications.

Insider CLIGo

A static application security testing (SAST) CLI tool that scans source code for OWASP Top 10 vulnerabilities across multiple programming languages.

AndrowarnHTML

A static code analyzer that detects and reports potential malicious behaviors in Android applications.

IntrospyJava

A blackbox security profiling tool for Android that hooks and analyzes security-sensitive APIs at runtime.

SUPERRust

A secure, extensible command-line Android APK vulnerability analyzer written in Rust for automated security testing.

Android HookerPython

An open-source toolkit for automated dynamic analysis of Android applications by intercepting and modifying API calls.