The Flutter Decompiler: CLI tool that decompiles Flutter Android AOT (libapp.so) into Dart-like pseudocode, supporting obfuscated builds.
Automated Firebase recon and security scanner. Extracts from APKs or IPAs and checks for unauthorized read and write access on Firestore, Realtime Database, Storage buckets, Remote Config, Cloud Functions, and detects hardcoded service accounts.
Complete Kali NetHunter KeX Rootless Setup for Android with Working Audio & Browser Sound | Mobile Penetration Testing Environment | Termux
🪝 Android pentesting toolkit - Frida server manager + Burp Suite proxy
Magisk module for installing Burp Suite CA certificates into Android system trust stores for controlled mobile pentesting labs.
APK-Translate is a Python script that converts localized app strings to English to simplify mobile pentesting, reverse engineering, and API security testing workflows.
A comprehensive collection of Frida scripts and Python tools for Android dynamic analysis. Includes PoCs for bypassing SSL pinning, root detection, obfuscation, and client-side cryptographic integrity checks.
Android deeplink, Intent, and WebView bridge assessment helper for ethical hacking
A curated resource for mobile security testing based on OWASP MASTG. Includes notes, tools, and practical examples for pentesters and developers.
Not So deepLink is a python script allowing to list and verify deeplinks and Universal Links from Android and iOS apps using an ADB access or an APK/IPA file. It can also list some potential deeplinks handling in code samples using pattern matches (Android Only).
Your complete roadmap to Android Mobile Penetration Testing Interactive mindmap with tools, methodologies, vulnerable practice apps, and official documentation links. Everything in one place for beginners and pros alike.
A comprehensive penetration testing toolkit for Flutter applications. Includes SSL pinning bypass techniques, Frida scripts, static/dynamic analysis guides, automated security scanning tools, and real-world case studies. Everything you need to assess Flutter app security on Android & iOS
Intentionally vulnerable Android e-commerce app for mobile penetration testing training with 40+ documented vulnerabilities across OWASP Mobile Top 10, LLM Top 10 and Business Logic flaws
Hermes-Sens is an automated static analysis tool for React Native Android applications. It decompiles APKs using apktool, decompiles Hermes bytecode into pseudo-JavaScript, and extracts sensitive artifacts such as secrets, tokens, endpoints, and authentication logic using pattern-based analysis.
🔐 Conduct penetration tests on Flutter applications for iOS and Android, ensuring robust security for your mobile applications with this essential toolkit.
Demo application with encrypted HTTP communication, used to test Frida scripts for intercepting traffic.
High-speed multithreaded ICMP network discovery tool for Termux (no root required)
Add a description, image, and links to the mobile-pentesting topic page so that developers can more easily learn about it.
To associate your repository with the mobile-pentesting topic, visit your repo's landing page and select "manage topics."