Mobile Pentesting Tools
This is my listing of iOS and Android assessment tools for my personal bookmarks.
Apktool
A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc.
Install on Kali:
sudo apt install -y apktool
Decompile an app:
apktool d test.apk
Frida
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Jadx
Command line and GUI tools for produce Java source code from Android Dex and Apk files.
Installation on Kali: sudo apt install -y jadx
Drozer
Drozer (formerly Mercury) is the leading security testing framework for Android.
drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.
drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).
drozer is open source software, maintained by MWR InfoSecurity.
MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Fridump
Fridump (v0.1) is an open source memory dumping tool, primarily aimed to penetration testers and developers. Fridump is using the Frida framework to dump accessible memory addresses from any platform supported. It can be used from a Windows, Linux or Mac OS X system to dump the memory of an iOS, Android or Windows application.
Passionfruit
Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs.
Objection
Objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
frida-ios-dump
Pull decrypted ipa from jailbreak device
Santoku Linux
Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.
When I need to use Drozer, I always run it from a Santoku virtual machine due to Java and other environment dependencies that are setup correctly in Santoku.
APKiD
APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android.
Runtime Mobile Security
Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.
firebaseEnum
Enumerate exposed firebase databases
-Downloads APKs from APKpure.com and analyse Android files for misconfigured Firebase databasases -List of APKs based on categories, or search for specific APK or search for keywords (to-do) -Mutate a keyword to find exposed Firebase databases (to-do) -Could be useful for when searching for a specific company
