Mobile App Resources

Mobile app testing resources for reversing, instrumentation, and vulnerability research. Tools and guides are listed separately for quick access.

📘

Guides & Playbooks

OWASP Mobile Application Security Testing Guide (MASTG)

Comprehensive mobile security testing methodology and reference.

github.com/OWASP/mastg

Mobile App Pentest Cheatsheet

Quick reference checklist for Android and iOS testing.

github.com/tanprathan/MobileApp-Pentest-Cheatsheet

Awesome Mobile Security

Curated list of mobile security resources and tooling.

github.com/vaib25vicky/awesome-mobile-security

Android Applications Reversing 101

Introductory guide to Android reversing workflows.

evilsocket.net/2017/04/27/Android-Applications-Reversing-101

APK Pentesting Checklist

Android app security testing checklist and guidance.

sallam.gitbook.io/sec-88/android-appsec/apk-pentesting-checklist

iOS Jailbreak Tools Directory

Reference list of jailbreak tools for testing.

idevicecentral.com/jailbreak-tools/all-ios-jailbreak-tools

Deep Dive into Android Security

Blog series on Android security internals.

blog.0daylabs.com/2019/09/18/deep-dive-into-Android-security

🧰

Tools & Labs

JADX

Dex to Java decompiler for Android apps.

github.com/skylot/jadx

JustTrustMe

Bypass SSL pinning on Android apps.

github.com/Fuzion24/JustTrustMe

Drozer

Android security assessment framework.

github.com/ReversecLabs/drozer

MobSF

Mobile Security Framework for static and dynamic analysis.

github.com/MobSF/Mobile-Security-Framework-MobSF

Android Magisk + Burp + Objection Guide

Setup guide for rooted Android testing environments.

github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy

RMS Runtime Mobile Security

Runtime security monitoring for mobile apps.

github.com/m0bilesecurity/RMS-Runtime-Mobile-Security

Objection

Runtime instrumentation for mobile apps and Frida scripting.

github.com/sensepost/objection

APKHunt

Android application analysis and testing toolkit.

github.com/Cyber-Buddy/APKHunt

APKLeaks

Scan Android APKs for secrets and URLs.

github.com/dwisiswant0/apkleaks

Apktool

Decode and rebuild Android APKs.

github.com/iBotPeaches/Apktool

JD-GUI

Java decompiler useful for APK analysis.

github.com/java-decompiler/jd-gui

Detox

End-to-end testing framework for mobile apps.

github.com/wix/Detox

Frida Snippets

Collection of Frida instrumentation scripts.

github.com/iddoeldor/frida-snippets

HOUSE

Mobile security testing framework by NCC Group.

github.com/nccgroup/house

OWASP iGoat

Intentionally vulnerable iOS app for training.

github.com/OWASP/igoat

MASTG Hacking Playground

Lab environments for practicing MASTG techniques.

github.com/OWASP/MASTG-Hacking-Playground