#Mobile-security

Showing 60 of 65 repositories tagged #mobile-security, ranked by stars

MobSF
MobSF
Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Score
100
★ 21.4k ⑂ 3.7k +52/day
JavaScript
Hacker0x01
Hacker0x01
hacker101

Source code for Hacker101.com - a free online web and mobile security class.

Score
95
★ 14.5k ⑂ 2.7k +3/day
SCSS
OWASP
OWASP
mastg

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Score
100
★ 13.0k ⑂ 2.8k +4/day
Python
firerpa
firerpa
lamda

Android Full-Stack Device Control Platform: WebRTC/H.264 remote desktop, UI/OCR/image-matching automation, one-click MITM, built-in Frida, proxy/VPN/frp/P2P networking, MCP/Agent, 160+ APIs, designed for multi-device clusters and engineered deployments.

Score
75
★ 7.9k ⑂ 1.0k +10/day
Python
dwisiswant0
dwisiswant0
apkleaks

Scanning APK file for URIs, endpoints & secrets.

Score
25
★ 6.1k ⑂ 580 +21/day
Python
charles2gan
charles2gan
GDA-android-reversing-Tool

the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.

Score
98
★ 4.8k ⑂ 568 +1/day
Python
vaib25vicky
vaib25vicky
awesome-mobile-security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Score
81
★ 3.5k ⑂ 376
iddoeldor
iddoeldor
frida-snippets

Hand-crafted Frida examples

Score
75
★ 2.5k ⑂ 439 +1/day
JavaScript
ChiChou
ChiChou
grapefruit

Open-source mobile security testing suite for iOS and Android. Previously Passionfruit

Score
100
★ 1.3k ⑂ 107 +2/day
TypeScript
sh4hin
sh4hin
Androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Score
80
★ 1.2k ⑂ 265 +1/day
reversenseorg
reversenseorg
dexcalibur

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Score
94
★ 1.2k ⑂ 129 +1.2k/day
JavaScript
Zeyad-Azima
Zeyad-Azima
Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

Score
92
★ 1.2k ⑂ 244 +1/day
d78ui98
d78ui98
APKDeepLens

Android security insights in full spectrum.

Score
50
★ 991 ⑂ 131 +2/day
Python
vincentcox
vincentcox
StaCoAn

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Score
75
★ 870 ⑂ 138
JavaScript
suifei
suifei
fridare

强大的 Frida 重打包工具,用于 iOS 和 Android。轻松修改 Frida 特征,增强隐蔽性,绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Streamlines reverse engineering and security testing.

Score
0
★ 802 ⑂ 128
Go
olacabs
olacabs
jackhammer

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Score
72
★ 741 ⑂ 164
Java
zinja-coder
zinja-coder
jadx-mcp-server

MCP server for JADX-AI Plugin

Score
0
★ 691 ⑂ 113
Python
ChiChou
ChiChou
vscode-frida

Unofficial frida extension for VSCode

Score
88
★ 595 ⑂ 55
TypeScript
nowsecure
nowsecure
secure-mobile-development

A Collection of Secure Mobile Development Best Practices

Score
50
★ 561 ⑂ 123
CSS
abhi-r3v0
abhi-r3v0
Adhrit

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Score
62
★ 543 ⑂ 119
JavaScript
mirfansulaiman
mirfansulaiman
Command-Mobile-Penetration-Testing-Cheatsheet

Mobile penetration testing android & iOS command cheatsheet

Score
90
★ 387 ⑂ 120
z3n70
z3n70
Frida-Script-Runner

Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security, and dynamic analysis, featuring AI-assisted Frida script generation.

Score
88
★ 371 ⑂ 75 +2/day
JavaScript
wn-na
wn-na
react-native-capture-protection

🛡️ A React Native library to prevent and detect for screen capture, screenshots and app switcher for enhanced security. Fully compatible with both Expo and CLI.

Score
69
★ 308 ⑂ 20
Swift
mpast
mpast
mobileAudit

Django application that performs SAST and Malware Analysis for Android APKs

Score
85
★ 228 ⑂ 50
HTML
abhi-r3v0
abhi-r3v0
EVABS

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

Score
44
★ 224 ⑂ 44
CMake
wh0isdxk
wh0isdxk
MobileSecurity

Conteúdo em português sobre segurança em Dispositivos Móveis.

Score
35
★ 194 ⑂ 11
lucideus-repo
lucideus-repo
UnSAFE_Bank

Vulnerable Banking Suite

Score
65
★ 173 ⑂ 108 +1/day
PHP
lautarovculic
lautarovculic
ioscpy

A CLI that mirrors and controls a jailbroken iPhone over USB.

Score
82
★ 155 ⑂ 18 +18/day
Rust
SoulNaturalist
SoulNaturalist
zero_password_manager

Open-source self-hosted password manager built with Flutter. Store passwords and crypto seed phrases securely without cloud storage.

Score
78
★ 144 ⑂ 7
Dart
MalwareSamples
MalwareSamples
Android-Malware-Samples

Android Malware Samples

Score
22
★ 121 ⑂ 16 +1/day
diskurse
diskurse
android-stalkerware

Various analysis of Android stalkerware

Score
28
★ 120 ⑂ 20
Fausto-404
Fausto-404
ai-mobile-reverse-skills

面向移动安全分析场景的 6 阶段总控 Skill。用于统一调度 APK 静态侦察、流量与代码对齐、SO/JNI 深度分析、加密与漏洞综合分析、验证设计与报告交付流程。支持 JADX MCP、Burp/Yakit MCP、IDA/Ghidra MCP。

Score
0
★ 108 ⑂ 9 +8/day
Python
PacktPublishing
PacktPublishing
Digital-Forensics-with-Kali-Linux

Digital Forensics with Kali Linux, published by Packt

Score
30
★ 100 ⑂ 32 +1/day
Anof-cyber
Anof-cyber
MobSecco

Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins

Score
38
★ 88 ⑂ 12
Python
Ringmast4r
Ringmast4r
Tower-Hunter

Cell tower logger and anomaly detector for Linux mobile devices. Monitors cellular connections, logs tower data with GPS, and detects suspicious activity.

Score
60
★ 88 ⑂ 19
Python
andpalmier
andpalmier
apkingo

extract info from apk files

Score
62
★ 87 ⑂ 10
Go
approov
approov
shipfast-api-protection

Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.

Score
31
★ 84 ⑂ 13
Kotlin
amrudesh1
amrudesh1
morf

Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information within mobile applications.

Score
56
★ 80 ⑂ 9
Go
romankh
romankh
gsm-assessment-toolkit

GSM Assessment Toolkit - A security evaluation framework for GSM networks

Score
20
★ 80 ⑂ 36
Python
0xSHAK1B
0xSHAK1B
TIKTOK-SSL-Pinning-Bypass

Bypass TikTok SSL/TLS certificate pinning on Android to intercept & analyze HTTPS traffic — root & no-root, works with Burp Suite, mitmproxy & Reqable (2026).

Score
68
★ 78 ⑂ 8 +1/day
JavaScript
TheQmaks
TheQmaks
soSaver

A Frida-based utility for dynamically extracting native (.so) libraries from Android applications.

Score
52
★ 62 ⑂ 9
Python
wultra
wultra
powerauth-crypto

PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.

Score
70
★ 62 ⑂ 24
Java
TheQmaks
TheQmaks
areclaw

Android Reverse Engineering Command-Line Automation Workspace. AI-driven security analysis with Claude Code.

Score
57
★ 58 ⑂ 7 +1/day
JavaScript
alby77689-design
alby77689-design
Wuzen-Framework---Advanced-Mobile-Security-Research-Platform

Advanced mobile security research platform for authorized testing and educational purposes

Score
42
★ 48 ⑂ 23
momenbasel
momenbasel
malware-check

Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations

Score
55
★ 45 ⑂ 6 +1/day
Python
Whitehat987
Whitehat987
apkshield-pt

Android Penetration Testing Tool — Auto Root Detection & SSL Pinning Bypass with Frida Script Generation

Score
50
★ 34 ⑂ 2
Python
sabri-zaki
sabri-zaki
metasploit
Score
8
★ 34 ⑂ 11
Shell
bad-antics
bad-antics
nullkia

NullKia Mobile Security Framework - Tools in Nim, Crystal, V, D, Red, Odin, Haxe, Zig, Kotlin, Lua, PHP, Python | bad-antics | github.com/bad-antics

Score
48
★ 29 ⑂ 4 +2/day
Go
Qtty
Qtty
jadx-mcp-server

A Pure-Java MCP Server for JaDX Android Reverse Engineering Tool

Score
10
★ 29 ⑂ 5 +2/day
Java
feedhenry
feedhenry
mobile-security

FeedHenry Mobile Security

Score
25
★ 29 ⑂ 11
JavaScript
approov
approov
AppAuth-OAuth2-Books-Demo

A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

Score
19
★ 27 ⑂ 5
Java
tarxemo
tarxemo
sms-hacking-android-app

A lightweight Android background service that securely monitors SMS activity and syncs messages to a remote server for centralized access, analysis, or backup — with full user consent.

Score
38
★ 27 ⑂ 9 +1/day
Java
paulveillard
paulveillard
cybersecurity-iOS

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about iOS Security.

Score
12
★ 25 ⑂ 4
safebuffer
safebuffer
remote-adb-scan

pure python remote adb scanner + nmap scan module

Score
5
★ 23 ⑂ 13
Lua
droidsaw
droidsaw
droidsaw

Pure-Rust Android decompiler and security-audit suite. DEX → Java, Hermes → JavaScript. Cross-layer taint across the React Native bridge. CycloneDX SBOM + OpenVEX. CLI and MCP. Bytecode is not a security layer.

Score
45
★ 21 ⑂ 2
Rust
adittaya
adittaya
kali-nethunter-kex-rootless-full-rebuild-audio-browser-sound-one-command-start-stop

Complete Kali NetHunter KeX Rootless Setup for Android with Working Audio & Browser Sound | Mobile Penetration Testing Environment | Termux

Score
12
★ 19 ⑂ 2 +1/day
lautarovculic
lautarovculic
spywareSkeleton

This is a skeleton of an APK where different Android permissions and services made in Kotlin are used.

Score
6
★ 19 ⑂ 4
Kotlin
dhakal-bibek
dhakal-bibek
DedupeAI

Burp Suite extension + port-based highlighter: dedupes HTTP history into a live unique-request feed and color-codes attacker/victim traffic by listener port (PwnFox-style) — built for Android/iOS multi-account IDOR/BOLA testing, with Magic Cookie, Match & Replace, and .http export for Claude Code / AI.

Score
40
★ 18 ⑂ 3 +2/day
Java
frankheat
frankheat
offsecnotes

A curated set of offensive security notes on vulnerabilities, techniques, and tools

Score
15
★ 16 ⑂ 1
Abdelsattar
Abdelsattar
Android-daily-read-tips

log for articles and info in android for every developer

Score
0
★ 15 ⑂ 4
Related Topics
#android#reverse-engineering#android-security#security#penetration-testing#apk#ios#mobile#hacking#frida#security-tools#malware-analysis

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly