Mobile Pentest

Tools and Common vulnerabilities

ko-fi

CheckList

LogoPentestingEverything/Mobile Pentesting/Android Pentesting at main · m14r41/PentestingEverythingGitHub

Create a Lab for Android Pentest

LogoThe bug hunter’s guide to building an Android mobile hacking labYesWeHack

Emulator

Genymotion is not compatible with last app running only on ARM devices. Create a AVD with Android Studio for this kind of apps

LogoGenymotion - Android Emulator in the Cloud and for PC & MacGenymotion

Intercept traffic

LogoGitHub - kaizensecurity/Intercept-Flutter-Apps: Learn how to intercept flutter appsGitHub
LogoGitHub - ptswarm/reFlutter: Flutter Reverse Engineering FrameworkGitHub

Dex2jar

LogoGitHub - pxb1988/dex2jar: Tools to work with android .dex and java .class filesGitHub

MobSF

LogoGitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.GitHub

cSploit

LogoGitHub - cSploit/android: cSploit - The most complete and advanced IT security professional toolkit on Android.GitHub

Apepe

LogoGitHub - 000pp/Apepe: 📲 Python project developed to help on the process of searching for vulnerabilities in Android mobile applications. It takes the APK file and use apktool to decompile, and Python libraries to analyze the extracted information.GitHub

Apktool

LogoApktoolapktool.org

Troubleshooting: "Could not decode"

Androguard

LogoGitHub - androguard/androguard: Reverse engineering and pentesting for Android applicationsGitHub

Drozer

LogoGitHub - ReversecLabs/drozer: The Leading Security Assessment Framework for Android.GitHub
LogoExploiting Android Activities with Drozer: A Step-by-Step GuideMedium

Frida

LogoAndroidFrida • A world-class dynamic instrumentation toolkit

SSL-bypass

This Frida script bypasses root detection and SSL pinning in Android apps by blocking root checks, hiding root management tools, and overriding SSL/TLS trust settings to intercept encrypted traffic.

LogoGitHub - 0xCD4/SSL-bypass: SSL bypass checkGitHub

APKLeaks

LogoGitHub - dwisiswant0/apkleaks: Scanning APK file for URIs, endpoints & secrets.GitHub

APKx

Find sensitive info (key, etc.)

LogoGitHub - h0tak88r/apkX: Advanced APK analysis tool with intelligent caching, pattern matching, and comprehensive security vulnerability detectionGitHub

Firebase checker

LogoGitHub - Suryesh/Firebase_Checker: Firebase_Checker is Python tool to analyze APK files and web applications for Firebase-related vulnerabilities. This tool identifies security misconfigurations in Firebase implementations for both Android and web applications. Designed for security researchers, developers, and penetration testers to identify potential security risks in applicationsGitHub
LogoHacking Firebase Targets: Advanced Exploitation GuideIntigriti

MobApp-Storage Inspector

A tool for inspecting and analyzing mobile application storage files.

LogoGitHub - thecybersandeep/mobapp-storage-inspector: A tool for inspecting and analyzing mobile application storage files.GitHub

PAPIMonitor

Monitor user-select APIs during the app execution.

LogoGitHub - 0xdad0/PAPIMonitor: Python API Monitor for Android appsGitHub

Code Analysis

Code Analysis

Search for API Keys

LogoReverse Engineer Android Apps for API Keyspwn.guide

Open the APK with JADX:

Search for API Keys:

  • Look for hardcoded strings, especially in files like BuildConfig.java, Constants.java, or any class that handles network requests.

Common Vulnerabilities

Cleartext Communications

In Android applications before 7.0 (API level 24), cleartext traffic was allowed by default. The 7.0 release introduced the Network Security Configuration (NSC) feature, allowing developers to customize network security settings through a declarative XML file. It wasn't until the release of Android 9 (API level 28) that cleartext traffic was disabled by default.

To use an NSC file, it must be declared in the application's AndroidManifest.xml file:

The res/xml/network_security_config.xml file must be manually created with the cleartextTrafficPermitted set to "false" to override the insecure default setting:

ZipSlip

LogoZip Path Traversal | Android Notebookandroid-notebook.hanmajid.com

Resources

LogoGitHub - vaib25vicky/awesome-mobile-security: An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.GitHub
LogoThe ultimate beginner’s guide to Android hacking | @BugcrowdBugcrowd
LogoPentesting for Android Mobile Applications | HackerOneHackerOne

iOS Pentesting

LogoA basic guide to iOS testing | @BugcrowdBugcrowd

Jailbreak for iPhone 5s through iPhone X, iOS 12.0 and up

Logocheckra1ncheckra1n

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

ko-fi

buymeacoffee

PreviousWifi PentestNextConfiguration Audit / Hardening

Last updated