Mobile Security

ApktoolJava

A tool for reverse engineering Android APK files, enabling resource decoding, modification, and smali debugging.

Mobile-Security-Framework MobSFJavaScript

An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework.

OWASP Mobile Security Testing GuidePython

A comprehensive manual for mobile app security testing and reverse engineering, aligned with OWASP MASVS and MASWE.

MVT (Mobile Verification Toolkit)Python

A forensic toolkit for gathering and analyzing traces on Android and iOS devices to identify potential spyware compromise.

Android SecurityMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and reverse engineering.

android-security-awesomeMakefile

A comprehensive, curated collection of tools, research, and resources for Android application security analysis and penetration testing.

ObjectionPython

A runtime mobile exploration toolkit powered by Frida for security assessment of iOS and Android apps without jailbreak.

AndroguardPython

A Python toolkit for reverse engineering, analyzing, and pentesting Android applications (APK, DEX, resources).

APKLeaksPython

A tool to scan APK files for URIs, endpoints, secrets, and sensitive data patterns.

google-authenticatorJava

Open-source implementations of one-time passcode generators for Blackberry and iOS, supporting HOTP and TOTP standards.

Mobile App Pentest Cheat Sheet

A comprehensive cheat sheet and tool collection for mobile application penetration testing, mapped to OWASP Mobile Top 10 risks.

DrozerPython

A security testing framework for Android that identifies vulnerabilities by interacting with apps, IPC endpoints, and the OS.

APKLabTypeScript

A VS Code extension that integrates Android reverse-engineering tools for APK analysis, modification, and debugging.

react-native-keychainKotlin

Securely store passwords, tokens, and sensitive data in React Native apps using iOS Keychain and Android Keystore.

Runtime Mobile Security (RMS)JavaScript

A web interface powered by FRIDA for runtime manipulation, analysis, and security testing of Android and iOS applications.

InspeckageJava

An Xposed module for dynamic analysis of Android apps via API hooks, unexported activity launching, and runtime inspection.

OWASP MASVSPython

The OWASP Mobile Application Security Verification Standard (MASVS) is the industry standard for mobile app security.

react-native-app-authJava

A React Native bridge for AppAuth SDKs to implement OAuth2 and OpenID Connect authentication with native best practices.

BridaJava

A Burp Suite extension that bridges to Frida, enabling dynamic analysis and manipulation of mobile app traffic using the app's own code.

AppMonJavaScript

An automated framework for monitoring and tampering with system API calls of native macOS, iOS, and Android apps using Frida.

krGo

A deprecated CLI tool for SSH authentication and Git commit/tag signing using keys stored on a mobile device.

react-native-touch-idJava

React Native library for biometric authentication (Touch ID and Face ID) on iOS and Android.