#Android-security
Showing 47 of 47 repositories tagged #android-security, ranked by stars
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Scanning APK file for URIs, endpoints & secrets.
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
The repo contains a series of challenges for learning Frida for Android Exploitation.
[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Android security insights in full spectrum.
Official DedSec Project GitHub Repository
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling
强大的 Frida 重打包工具,用于 iOS 和 Android。轻松修改 Frida 特征,增强隐蔽性,绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Streamlines reverse engineering and security testing.
Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
A large repository of malware samples with 2500+ malware samples & source codes for a variety of platforms by Cryptware Apps.
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
LockKnife: The Ultimate Android Security Research Tool. A unified TUI workspace and headless CLI for deep Android security research, built for researchers and hackers. Powered by Python orchestration and a Rust-accelerated core, enabling AI agent–driven hacking, credential recovery/cracking, APK analysis, intelligence gathering, runtime inspection.
软件安全工程师技能表
PounceKey's is a Accessibility Service keylogger
Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security, and dynamic analysis, featuring AI-assisted Frida script generation.
Django application that performs SAST and Malware Analysis for Android APKs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Android Malware Samples
a useful utility for android app security testing
Tool to check the strength of Android root and emulator detection
A dynamic, Zygisk module for hot-swapping native libraries into Android applications without rebooting.
PINkman is a library to help implementing an authentication by a PIN code in a secure manner. The library derives hash from the user's PIN using Argon2 function and stores it in an encrypted file. The file is encrypted with the AES-256 algorithm in the GCM mode and keys are stored in the AndroidKeystore.
Cybersecurity Notes For Intermediate and Advanced Hackers | CEH Exam Prep Also Included
Bypass TikTok SSL/TLS certificate pinning on Android to intercept & analyze HTTPS traffic — root & no-root, works with Burp Suite, mitmproxy & Reqable (2026).
An Activist Grade Privacy & Security App that provides multi-layered defense by isolating data within encrypted sandbox, inaccessible to other apps, the OS, or unauthorized physical extraction - With the Belief "Privacy Without the Tradeoff of Ease"
A comprehensive collection of free cybersecurity eBooks categorized by topics and updated regularly
A Frida-based utility for dynamically extracting native (.so) libraries from Android applications.
A Universal Android NFC research and analysis toolkit. Made for Android security researchers and developers. Clone, analyze, and test contactless cards including MIFARE, NTAG, and ISO14443 protocols. Features card data extraction, analysis tools, and emulation capabilities for penetration testing and research.
Android Reverse Engineering Command-Line Automation Workspace. AI-driven security analysis with Claude Code.
Advanced mobile security research platform for authorized testing and educational purposes
The MAS Crackmes aka. UnCrackable Apps, a collection of mobile reverse engineering challenges part of the OWASP MAS project.
All-in-one Android security suite — deepfake detection, antivirus, Tor VPN, breach monitoring, phishing scanner, and 50+ security tools. On-device, no API keys, open source.
A Pure-Java MCP Server for JaDX Android Reverse Engineering Tool
An Android app that actively scans and identifies nearby BLE devices like trackers (AirTags, Tiles, etc.), gadgets (Ray-Ban glasses, Flipper Zeros, etc.), drones, and more in real time. Focused on customizable environmental awareness and BLE research. Now features offensive bluetooth spam attacks!
pure python remote adb scanner + nmap scan module
Burp Suite extension + port-based highlighter: dedupes HTTP history into a live unique-request feed and color-codes attacker/victim traffic by listener port (PwnFox-style) — built for Android/iOS multi-account IDOR/BOLA testing, with Magic Cookie, Match & Replace, and .http export for Claude Code / AI.
Automate Android devices with an LLM agent that takes natural language commands from messaging apps and runs device tasks autonomously
List of resources about CyberSecurity such as CTF, DFIR, Offsec, etc
A universal Frida Script that prevents application self-termination at Java and native layers on Android.
Bypass Facebook Messenger SSL/TLS certificate pinning on Android to intercept & analyze HTTPS traffic — root & no-root, works with Burp Suite & mitmproxy (2026).
Advanced Android Remote Administration Tool (RAT) for Educational Security Testing | Meterpreter Payload Generator | Play Protect Bypass | Stealth Mode | Full Device Control