awesome-mobile-security / Android / General - Blogs, Papers, How To's |
| Android: Gaining access to arbitrary* Content Providers | | | |
| Evernote: Universal-XSS, theft of all cookies from all sites, and more | | | |
| Interception of Android implicit intents | | | |
| TikTok: three persistent arbitrary code executions and one theft of arbitrary files | | | |
| Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913 | | | |
| Android: Access to app protected components | | | |
| Android: arbitrary code execution via third-party package contexts | | | |
| Android Pentesting Labs - Step by Step guide for beginners | | | |
| An Android Hacking Primer | | | |
| Secure an Android Device | | | |
| Security tips | | | |
| OWASP Mobile Security Testing Guide | | | |
| Security Testing for Android Cross Platform Application | | | |
| Dive deep into Android Application Security | | | |
| Pentesting Android Apps Using Frida | | | |
| Mobile Security Testing Guide | | | |
| Mobile Application Penetration Testing Cheat Sheet | 280 | almost 8 years ago | |
| Android Applications Reversing 101 | | | |
| Android Security Guidelines | | | |
| Android WebView Vulnerabilities | | | |
| OWASP Mobile Top 10 | | | |
| Practical Android Phone Forensics | | | |
| Mobile Reverse Engineering Unleashed | | | |
| Android Root Detection Bypass Using Objection and Frida Scripts | | | |
| quark-engine - An Obfuscation-Neglect Android Malware Scoring System | 1,342 | 11 months ago | |
| Root Detection Bypass By Manual Code Manipulation. | | | |
| Application and Network Usage in Android | | | |
| GEOST BOTNET - the discovery story of a new Android banking trojan | | | |
| Mobile Pentesting With Frida | | | |
| Magisk Systemless Root - Detection and Remediation | | | |
| AndrODet: An adaptive Android obfuscation detector | | | |
| Hands On Mobile API Security | | | |
| Zero to Hero - Mobile Application Testing - Android Platform | | | |
| How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8 | 47 | about 6 years ago | |
| Android Malware Adventures | | | |
| AAPG - Android application penetration testing guide | | | |
| Bypassing Android Anti-Emulation | | | |
| Bypassing Xamarin Certificate Pinning | | | |
| Configuring Burp Suite With Android Nougat | | | |
awesome-mobile-security / Android / Books |
| SEI CERT Android Secure Coding Standard | | | |
| Android Security Internals | | | |
| Android Cookbook | | | |
| Android Hacker's Handbook | | | |
| Android Security Cookbook | | | |
| The Mobile Application Hacker's Handbook | | | |
| Android Malware and Analysis | | | |
| Android Security: Attacks and Defenses | | | |
awesome-mobile-security / Android / Courses |
| Learning-Android-Security | | | |
| Mobile Application Security and Penetration Testing | | | |
| Advanced Android Development | | | |
| Learn the art of mobile app development | | | |
| Learning Android Malware Analysis | | | |
| Android App Reverse Engineering 101 | | | |
| Android Pentesting for Beginners | | | |
| |
| Amandroid – A Static Analysis Framework | | | |
| Androwarn – Yet Another Static Code Analyzer | 485 | almost 6 years ago | |
| APK Analyzer – Static and Virtual Analysis Tool | 1,019 | over 2 years ago | |
| APK Inspector – A Powerful GUI Tool | 833 | over 12 years ago | |
| Droid Hunter – Android application vulnerability analysis and Android pentest tool | 288 | about 7 years ago | |
| Error Prone – Static Analysis Tool | 6,878 | 11 months ago | |
| Findbugs – Find Bugs in Java Programs | | | |
| Find Security Bugs – A SpotBugs plugin for security audits of Java web applications. | 2,293 | 11 months ago | |
| Flow Droid – Static Data Flow Tracker | 1,076 | 11 months ago | |
| Smali/Baksmali – Assembler/Disassembler for the dex format | 6,364 | almost 2 years ago | |
| Smali-CFGs – Smali Control Flow Graph’s | | | |
| SPARTA – Static Program Analysis for Reliable Trusted Apps | | | |
| Thresher – To check heap reachability properties | | | |
| Vector Attack Scanner – To search vulnerable points to attack | 5 | over 10 years ago | |
| Gradle Static Analysis Plugin | 405 | over 3 years ago | |
| Checkstyle – A tool for checking Java source code | 8,375 | 11 months ago | |
| PMD – An extensible multilanguage static code analyzer | 4,907 | 11 months ago | |
| Soot – A Java Optimization Framework | 2,902 | 11 months ago | |
| Android Quality Starter | 32 | almost 8 years ago | |
| QARK – Quick Android Review Kit | 3,210 | almost 2 years ago | |
| Infer – A Static Analysis tool for Java, C, C++ and Objective-C | 15,024 | 11 months ago | |
| Android Check – Static Code analysis plugin for Android Project | 266 | over 7 years ago | |
| FindBugs-IDEA Static byte code analysis to look for bugs in Java code | | | |
| APK Leaks – Scanning APK file for URIs, endpoints & secrets | 4,989 | about 1 year ago | |
| Adhrit - Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks | 537 | almost 3 years ago | |
| Android Hooker - Opensource project for dynamic analyses of Android applications | 408 | about 9 years ago | |
| AppAudit - Online tool ( including an API) uses dynamic and static analysis | | | |
| AppAudit - A bare-metal analysis tool on Android devices | 91 | over 8 years ago | |
| CuckooDroid - Extension of Cuckoo Sandbox the Open Source software | 580 | about 5 years ago | |
| DroidBox - Dynamic analysis of Android applications | | | |
| Droid-FF - Android File Fuzzing Framework | 85 | over 3 years ago | |
| Drozer | | | |
| Marvin - Analyzes Android applications and allows tracking of an app | 75 | almost 7 years ago | |
| Inspeckage | 2,827 | about 5 years ago | |
| PATDroid - Collection of tools and data structures for analyzing Android applications | 118 | over 8 years ago | |
| AndroL4b - Android security virtual machine based on ubuntu-mate | 1,110 | over 2 years ago | |
| Radare2 - Unix-like reverse engineering framework and commandline tools | 20,862 | 11 months ago | |
| Cutter - Free and Open Source RE Platform powered by radare2 | | | |
| ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger) | | | |
| Mobile-Security-Framework MobSF | 17,691 | 11 months ago | |
| CobraDroid - Custom build of the Android operating system geared specifically for application security | | | |
| Magisk v20.2 - Root & Universal Systemless Interface | | | |
| Runtime Mobile Security (RMS) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime | 2,649 | 11 months ago | |
| MOBEXLER - A Mobile Application Penetration Testing Platform | | | |
| Oversecured | | | A static vulnerability scanner for Android apps (APK files) containing 90+ vulnerability categories |
| Android Observatory APK Scan | | | |
| Android APK Decompiler | | | |
| AndroTotal | | | |
| NVISO ApkScan | | | |
| VirusTotal | | | |
| Scan Your APK | | | |
| AVC Undroid | | | |
| OPSWAT | | | |
| ImmuniWeb Mobile App Scanner | | | |
| Ostor Lab | | | |
| Quixxi | | | |
| TraceDroid | | | |
| Visual Threat | | | |
| App Critique | | | |
awesome-mobile-security / Android / Labs |
| OVAA (Oversecured Vulnerable Android App) | 662 | over 1 year ago | |
| DIVA (Damn insecure and vulnerable App) | 974 | over 2 years ago | |
| SecurityShepherd | 1,356 | over 1 year ago | |
| Damn Vulnerable Hybrid Mobile App (DVHMA) | 258 | about 7 years ago | |
| OWASP-mstg | 11,816 | 11 months ago | |
| VulnerableAndroidAppOracle | 42 | over 7 years ago | |
| Android InsecureBankv2 | 1,268 | over 1 year ago | |
| Purposefully Insecure and Vulnerable Android Application (PIIVA) | 106 | over 5 years ago | |
| Sieve app | 3,978 | about 1 year ago | |
| DodoVulnerableBank | 21 | about 10 years ago | |
| Digitalbank | 37 | about 10 years ago | |
| OWASP GoatDroid | 239 | over 11 years ago | |
| AppKnox Vulnerable Application | 19 | almost 10 years ago | |
| Vulnerable Android Application | 5 | over 11 years ago | |
| MoshZuk | | | |
| Hackme Bank | | | |
| Android Security Labs | 109 | over 6 years ago | |
| Android-InsecureBankv2 | 1,268 | over 1 year ago | |
| Android-security | 139 | over 8 years ago | |
| VulnDroid | 10 | over 4 years ago | |
| FridaLab | | | |
| Santoku Linux - Mobile Security VM | | | |
| Vuldroid | 62 | about 4 years ago | |
awesome-mobile-security / Android / Talks |
| Blowing the Cover of Android Binary Fuzzing (Slides) | | | |
| One Step Ahead of Cheaters -- Instrumenting Android Emulators | | | |
| Vulnerable Out of the Box: An Evaluation of Android Carrier Devices | | | |
| Rock appround the clock: Tracking malware developers by Android | | | |
| Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre | | | |
| Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets | | | |
| Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening | | | |
| Hide Android Applications in Images | | | |
| Scary Code in the Heart of Android | | | |
| Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android | | | |
| Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library | | | |
| Android FakeID Vulnerability Walkthrough | | | |
| Unleashing D* on Android Kernel Drivers | | | |
| The Smarts Behind Hacking Dumb Devices | | | |
| Overview of common Android app vulnerabilities | | | |
| Android Dev Summit 2019 | | | |
| Android security architecture | | | |
| Get the Ultimate Privilege of Android Phone | | | |
awesome-mobile-security / Android / Misc. |
| Android-Reports-and-Resources | 1,496 | over 1 year ago | |
| android-security-awesome | 8,270 | 11 months ago | |
| Android Penetration Testing Courses | | | |
| Lesser-known Tools for Android Application PenTesting | | | |
| android-device-check - a set of scripts to check Android device security configuration | 83 | about 6 years ago | |
| apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection | 4,003 | over 1 year ago | |
| Andriller - is software utility with a collection of forensic tools for smartphones | 1,356 | over 3 years ago | |
| Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper | | | |
| Chasing the Joker | | | |
| Side Channel Attacks in 4G and 5G Cellular Networks-Slides | | | |
| Shodan.io-mobile-app for Android | 141 | over 2 years ago | |
| Popular Android Malware 2018 | 44 | over 6 years ago | |
| Popular Android Malware 2019 | 247 | almost 6 years ago | |
| Popular Android Malware 2020 | 287 | almost 5 years ago | |
awesome-mobile-security / iOS / General - Blogs, Papers, How to's |
| iOS Security | | | |
| Basic iOS Apps Security Testing lab | | | |
| IOS Application security – Setting up a mobile pentesting platform | | | |
| Collection of the most common vulnerabilities found in iOS applications | 1,391 | almost 3 years ago | |
| IOS_Application_Security_Testing_Cheat_Sheet | | | |
| OWASP iOS Basic Security Testing | | | |
| Dynamic analysis of iOS apps w/o Jailbreak | | | |
| iOS Application Injection | | | |
| Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps | | | |
| Checkra1n Era - series | | | |
| BFU Extraction: Forensic Analysis of Locked and Disabled iPhones | | | |
| HowTo-decrypt-Signal.sqlite-for-IOS | 48 | almost 6 years ago | |
| Can I Jailbreak? | | | |
| How to Extract Screen Time Passcodes and Voice Memos from iCloud | | | |
| Reverse Engineering Swift Apps | 138 | over 8 years ago | |
| Mettle your iOS with FRIDA | | | |
| A run-time approach for pentesting iOS applications | | | |
| iOS Internals vol 2 | | | |
| Understanding usbmux and the iOS lockdown service | | | |
| A Deep Dive into iOS Code Signing | | | |
| AirDoS: remotely render any nearby iPhone or iPad unusable | | | |
| How to access and traverse a #checkra1n jailbroken iPhone File system using SSH | | | |
| Deep dive into iOS Exploit chains found in the wild - Project Zero | | | |
| The Fully Remote Attack Surface of the iPhone - Project Zero | | | |
awesome-mobile-security / iOS / Books |
| Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It | | | |
| iOS Penetration Testing | | | |
| iOS App Security, Penetration Testing, and Development | | | |
| IOS Hacker's Handbook | | | |
| Hacking iOS Applications a detailed testing guide | | | |
| Develop iOS Apps (Swift) | | | |
| iOS Programming Cookbook | | | |
awesome-mobile-security / iOS / Courses |
| Pentesting iOS Applications | | | |
| Reverse Engineering iOS Applications | 2,669 | over 1 year ago | |
| App Design and Development for iOS | | | |
| |
| Cydia Impactor | | | |
| checkra1n jailbreak | | | |
| idb - iOS App Security Assessment Tool | | | |
| Frida | 16,429 | 11 months ago | |
| Objection - mobile exploration toolkit by Frida | 7,624 | about 1 year ago | |
| Bfinject | 626 | over 3 years ago | |
| iFunbox | | | |
| Libimobiledevice - library to communicate with the services of the Apple ios devices | | | |
| iRET (iOS Reverse Engineering Toolkit) | | | includes oTool, dumpDecrypted, SQLite, Theos, Keychain_dumper, Plutil |
| Myriam iOS | 255 | over 2 years ago | |
| iWep Pro - wireless suite of useful applications used to turn your iOS device into a wireless network diagnostic tool | | | |
| Burp Suite | | | |
| Cycript | | | |
| needle - The iOS Security Testing Framework | 1,338 | about 5 years ago | |
| iLEAPP - iOS Logs, Events, And Preferences Parser | 767 | 11 months ago | |
| Cutter - Free and Open Source RE Platform powered by radare2 | | | |
| decrypt0r - automatically download and decrypt SecureRom stuff | 50 | almost 6 years ago | |
| iOS Security Suite - an advanced and easy-to-use platform security & anti-tampering library | 2,405 | about 1 year ago | |
awesome-mobile-security / iOS / Labs |
| OWASP iGoat | | | |
| Damn Vulnerable iOS App (DVIA) v2 | 905 | over 1 year ago | |
| Damn Vulnerable iOS App (DVIA) v1 | 431 | almost 6 years ago | |
| iPhoneLabs | 58 | about 14 years ago | |
| iOS-Attack-Defense | 20 | about 6 years ago | |
awesome-mobile-security / iOS / Talks |
| Behind the Scenes of iOS Security | | | |
| Modern iOS Application Security | | | |
| Demystifying the Secure Enclave Processor | | | |
| HackPac Hacking Pointer Authentication in iOS User Space | | | |
| Analyzing and Attacking Apple Kernel Drivers | | | |
| Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox | | | |
| Reverse Engineering iOS Mobile Apps | | | |
| iOS 10 Kernel Heap Revisited | | | |
| KTRW: The journey to build a debuggable iPhone | | | |
| The One Weird Trick SecureROM Hates | | | |
| Tales of old: untethering iOS 11-Spoiler: Apple is bad at patching | | | |
| Messenger Hacking: Remotely Compromising an iPhone through iMessage | | | |
| Recreating An iOS 0-Day Jailbreak Out Of Apple's Security Updates | | | |
| Reverse Engineering the iOS Simulator’s SpringBoard | | | |
| Attacking iPhone XS Max | | | |
awesome-mobile-security / iOS / Misc. |
| Most usable tools for iOS penetration testing | 1,047 | about 2 years ago | |
| iOS-Security-Guides | 262 | over 5 years ago | |
| osx-security-awesome - OSX and iOS related security tools | 1,346 | about 1 year ago | |
| Trust in Apple's Secret Garden: Exploring & Reversing Apple's Continuity Protocol-Slides | | | |
| Apple Platform Security | | | |
| Mobile security, forensics & malware analysis with Santoku Linux | | | |
awesome-mobile-security 
vavkamil/awesome-bugbounty-toolshrishikesh7665/android-pentesting-checklist
tanprathan/mobileapp-pentest-cheatsheet
ivan-sincek/android-penetration-testing-cheat-sheet
stamparm/maltrail
ajinabraham/mobile-security-framework-mobsf
androguard/androguard
as0ler/r2flutch
nixawk/pentest-wiki
detekt/detekt
sundowndev/hacker-roadmap
chaitin/passionfruit