#Mobile-security
Showing 60 of 65 repositories tagged #mobile-security, ranked by stars
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Source code for Hacker101.com - a free online web and mobile security class.
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.
Android Full-Stack Device Control Platform: WebRTC/H.264 remote desktop, UI/OCR/image-matching automation, one-click MITM, built-in Frida, proxy/VPN/frp/P2P networking, MCP/Agent, 160+ APIs, designed for multi-device clusters and engineered deployments.
Scanning APK file for URIs, endpoints & secrets.
the fastest and most powerful android decompiler(native tool working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, data decryption, and encryption, etc.
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Hand-crafted Frida examples
Open-source mobile security testing suite for iOS and Android. Previously Passionfruit
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
A Huge Learning Resources with Labs For Offensive Security Players
Android security insights in full spectrum.
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
强大的 Frida 重打包工具,用于 iOS 和 Android。轻松修改 Frida 特征,增强隐蔽性,绕过检测。简化逆向工程和安全测试。Powerful Frida repackaging tool for iOS and Android. Easily modify Frida servers to enhance stealth and bypass detection. Streamlines reverse engineering and security testing.
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
MCP server for JADX-AI Plugin
Unofficial frida extension for VSCode
A Collection of Secure Mobile Development Best Practices
Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Mobile penetration testing android & iOS command cheatsheet
Web-based Frida framework and toolkit for Android & iOS penetration testing, mobile security, and dynamic analysis, featuring AI-assisted Frida script generation.
🛡️ A React Native library to prevent and detect for screen capture, screenshots and app switcher for enhanced security. Fully compatible with both Expo and CLI.
Django application that performs SAST and Malware Analysis for Android APKs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Conteúdo em português sobre segurança em Dispositivos Móveis.
Vulnerable Banking Suite
A CLI that mirrors and controls a jailbroken iPhone over USB.
Open-source self-hosted password manager built with Flutter. Store passwords and crypto seed phrases securely without cloud storage.
Android Malware Samples
Various analysis of Android stalkerware
面向移动安全分析场景的 6 阶段总控 Skill。用于统一调度 APK 静态侦察、流量与代码对齐、SO/JNI 深度分析、加密与漏洞综合分析、验证设计与报告交付流程。支持 JADX MCP、Burp/Yakit MCP、IDA/Ghidra MCP。
Digital Forensics with Kali Linux, published by Packt
Cloning apk for bypassing code tampering detection, Google Safety Net and scanning vulnerable plugins
Cell tower logger and anomaly detector for Linux mobile devices. Monitors cellular connections, logs tower data with GPS, and detects suspicious activity.
extract info from apk files
Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information within mobile applications.
GSM Assessment Toolkit - A security evaluation framework for GSM networks
Bypass TikTok SSL/TLS certificate pinning on Android to intercept & analyze HTTPS traffic — root & no-root, works with Burp Suite, mitmproxy & Reqable (2026).
A Frida-based utility for dynamically extracting native (.so) libraries from Android applications.
PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.
Android Reverse Engineering Command-Line Automation Workspace. AI-driven security analysis with Claude Code.
Advanced mobile security research platform for authorized testing and educational purposes
Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations
Android Penetration Testing Tool — Auto Root Detection & SSL Pinning Bypass with Frida Script Generation
NullKia Mobile Security Framework - Tools in Nim, Crystal, V, D, Red, Odin, Haxe, Zig, Kotlin, Lua, PHP, Python | bad-antics | github.com/bad-antics
A Pure-Java MCP Server for JaDX Android Reverse Engineering Tool
FeedHenry Mobile Security
A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk
A lightweight Android background service that securely monitors SMS activity and syncs messages to a remote server for centralized access, analysis, or backup — with full user consent.
A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about iOS Security.
pure python remote adb scanner + nmap scan module
Pure-Rust Android decompiler and security-audit suite. DEX → Java, Hermes → JavaScript. Cross-layer taint across the React Native bridge. CycloneDX SBOM + OpenVEX. CLI and MCP. Bytecode is not a security layer.
Complete Kali NetHunter KeX Rootless Setup for Android with Working Audio & Browser Sound | Mobile Penetration Testing Environment | Termux
This is a skeleton of an APK where different Android permissions and services made in Kotlin are used.
Burp Suite extension + port-based highlighter: dedupes HTTP history into a live unique-request feed and color-codes attacker/victim traffic by listener port (PwnFox-style) — built for Android/iOS multi-account IDOR/BOLA testing, with Magic Cookie, Match & Replace, and .http export for Claude Code / AI.
A curated set of offensive security notes on vulnerabilities, techniques, and tools
log for articles and info in android for every developer