Mobile Security

ApktoolJava

A tool for reverse engineering Android APK files, enabling resource decoding, modification, and smali debugging.

Mobile-Security-Framework MobSFJavaScript

An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework.

OWASP Mobile Security Testing GuidePython

A comprehensive manual for mobile app security testing and reverse engineering, aligned with OWASP MASVS and MASWE.

MVT (Mobile Verification Toolkit)Python

A forensic toolkit for gathering and analyzing traces on Android and iOS devices to identify potential spyware compromise.

android-security-awesomeMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and penetration testing.

Android SecurityMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and reverse engineering.

ObjectionPython

A runtime mobile exploration toolkit powered by Frida for security assessment of iOS and Android apps without jailbreak.

AndroguardPython

A Python toolkit for reverse engineering, analyzing, and pentesting Android applications (APK, DEX, resources).

APKLeaksPython

A tool to scan APK files for URIs, endpoints, secrets, and sensitive data patterns.

google-authenticatorJava

Open-source implementations of one-time passcode generators for Blackberry and iOS, supporting HOTP and TOTP standards.

Mobile App Pentest Cheat Sheet

A comprehensive cheat sheet and tool collection for mobile application penetration testing, mapped to OWASP Mobile Top 10 risks.

DrozerPython

A security testing framework for Android that identifies vulnerabilities by interacting with apps, IPC endpoints, and the OS.

APKLabTypeScript

A VS Code extension that integrates Android reverse-engineering tools for APK analysis, modification, and debugging.

react-native-keychainKotlin

Securely store passwords, tokens, and sensitive data in React Native apps using iOS Keychain and Android Keystore.

Runtime Mobile Security (RMS)JavaScript

A web interface powered by FRIDA for runtime manipulation, analysis, and security testing of Android and iOS applications.

InspeckageJava

An Xposed module for dynamic analysis of Android apps via API hooks, unexported activity launching, and runtime inspection.

OWASP MASVSPython

The OWASP Mobile Application Security Verification Standard (MASVS) is the industry standard for mobile app security.

react-native-app-authJava

A React Native bridge for AppAuth SDKs to implement OAuth2 and OpenID Connect authentication with native best practices.

BridaJava

A Burp Suite extension that bridges to Frida, enabling dynamic analysis and manipulation of mobile app traffic using the app's own code.

AppMonJavaScript

An automated framework for monitoring and tampering with system API calls of native macOS, iOS, and Android apps using Frida.

krGo

A deprecated CLI tool for SSH authentication and Git commit/tag signing using keys stored on a mobile device.

react-native-touch-idJava

React Native library for biometric authentication (Touch ID and Face ID) on iOS and Android.

reFlutterPython

A reverse engineering framework for Flutter apps, enabling traffic interception and dynamic analysis via patched Flutter engines.

HouseJavaScript

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, for dynamic function hooking and intercepting.

ObfuscapkPython

A modular, black-box obfuscation tool for Android apps (APK/AAB) that works without source code.

AndroBugsPython

An efficient Android vulnerability scanner that finds security issues and missing best practices in APK files.

Android UnpackerC

A collection of tools and scripts for unpacking and analyzing protected Android applications, originally presented at Defcon 22.

Androl4b

A virtual machine for Android application security assessment, reverse engineering, and malware analysis.

Damn Insecure Vulnerable Application (DIVA)Java

An intentionally insecure Android app designed to teach secure coding and penetration testing through hands-on vulnerability challenges.

Android-Security-Reference

A work-in-progress reference guide for Android security topics, tools, and version-specific details.

android app security checklist

A comprehensive checklist for designing, testing, and releasing secure Android applications based on OWASP standards.

StaCoAnJavaScript

A cross-platform static code analysis tool for mobile applications (APK/IPA) to find security vulnerabilities like hardcoded credentials and API keys.

Oversecured Vulnerable Android App (OVAA)Java

A vulnerable Android app aggregating known security vulnerabilities for testing and educational purposes.

FingerprintJS AndroidKotlin

A lightweight Kotlin library for stateless device identification and fingerprinting on Android.

SwipeCaptchaJava

A customizable Android library for implementing swipe-based captcha verification with puzzle piece dragging.

MIRACLC

A C library providing elliptic curve cryptography optimized for constrained environments like embedded systems and mobile apps.