A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
Weapons
OS | Type | Name | Description |
---|---|---|---|
All | Analysis | RMS-Runtime-Mobile-Security | Runtime Mobile Security (RMS) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime |
All | Analysis | scrounger | Mobile application testing toolkit |
All | Proxy | BurpSuite | The BurpSuite |
All | Proxy | hetty | Hetty is an HTTP toolkit for security research. |
All | Proxy | httptoolkit | HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac |
All | Proxy | proxify | Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go. |
All | Proxy | zaproxy | The OWASP ZAP core project |
All | RE | frida | Clone this repo to build Frida |
All | RE | frida-tools | Frida CLI tools |
All | RE | fridump | A universal memory dumper using Frida |
All | RE | ghidra | Ghidra is a software reverse engineering (SRE) framework |
All | SCRIPTS | frida-scripts | A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps. |
All | Scanner | Mobile-Security-Framework-MobSF | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. |
Android | Analysis | apkleaks | Scanning APK file for URIs, endpoints & secrets. |
Android | Analysis | drozer | The Leading Security Assessment Framework for Android. |
Android | NFC | nfcgate | An NFC research toolkit application for Android |
Android | Pentest | Kali NetHunter | Mobile Penetration Testing Platform |
Android | RE | Apktool | A tool for reverse engineering Android apk files |
Android | RE | apkx | One-Step APK Decompilation With Multiple Backends |
Android | RE | bytecode-viewer | A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More) |
Android | RE | dex-oracle | A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis |
Android | RE | dex2jar | Tools to work with android .dex and java .class files |
Android | RE | enjarify | Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications. |
Android | RE | jadx | Dex to Java decompiler |
Android | RE | jd-gui | A standalone Java Decompiler GUI |
Android | RE | procyon | Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler. |
Android | Scanner | qark | Tool to look for several security related Android application vulnerabilities |
iOS | Analysis | iFunBox | General file management software for iPhone and other Apple products |
iOS | Analysis | idb | idb is a tool to simplify some common tasks for iOS pentesting and research |
iOS | Analysis | needle | The iOS Security Testing Framework |
iOS | Analysis | objection |
īą
objection - runtime mobile exploration
iOS | Bluetooth | toothpicker | ToothPicker is an in-process, coverage-guided fuzzer for iOS. for iOS Bluetooth
iOS | Inject | bfinject | Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaks
iOS | RE | Clutch | Fast iOS executable dumper
iOS | RE | class-dump | Generate Objective-C headers from Mach-O files.
iOS | RE | frida-ios-dump | pull decrypted ipa from jailbreak device
iOS | RE | iRET | iOS Reverse Engineering Toolkit.
iOS | RE | momdec | Core Data Managed Object Model Decompiler
iOS | Unpinning | MEDUZA | A more or less universal SSL unpinning tool for iOS
iOS | Unpinning | ssl-kill-switch2 | Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps
github.com/0xdea/frida-scripts
github.com/AloneMonkey/frida-ios-dump
github.com/atomicbird/momdec
github.com/b-mueller/apkx
github.com/BishopFox/bfinject
github.com/CalebFenton/dex-oracle
github.com/dmayer/idb
github.com/dstotijn/hetty
github.com/dwisiswant0/apkleaks
github.com/frida/frida
github.com/frida/frida-tools
github.com/FSecureLABS/drozer
github.com/FSecureLABS/needle
github.com/hahwul/MobileHackersWeapons
github.com/httptoolkit/httptoolkit
github.com/iBotPeaches/Apktool
github.com/java-decompiler/jd-gui
github.com/KJCracks/Clutch
github.com/Konloch/bytecode-viewer/
github.com/kov4l3nko/MEDUZA
github.com/linkedin/qark
github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
github.com/MobSF/Mobile-Security-Framework-MobSF
github.com/mstrobel/procyon
github.com/nabla-c0d3/ssl-kill-switch2
github.com/NationalSecurityAgency/ghidra
github.com/nettitude/scrounger
github.com/nfcgate/nfcgate
github.com/Nightbringer21/fridump
github.com/nygard/class-dump
github.com/projectdiscovery/proxify
github.com/pxb1988/dex2jar
github.com/S3Jensen/iRET
github.com/seemoo-lab/toothpicker
github.com/sensepost/objection
github.com/skylot/jadx
github.com/Storyyeller/enjarify
github.com/zaproxy/zaproxy
gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-project