Grapefruit(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
EvabsAn open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
OvaaOversecured Vulnerable Android App
ApkleaksScanning APK file for URIs, endpoints & secrets.
IosreextensionA fast and elegant extension for VSCode used for iOSre projects.
Awesome Mobile SecurityAn effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Gda Android Reversing ToolGDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…
Rms Runtime Mobile SecurityRuntime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
VyapiVyAPI - A cloud based vulnerable hybrid Android App
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
PivaaCreated by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.
Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
StacoanStaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
JackhammerJackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Dexcalibur[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
AdhritAndroid Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
BadintentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
reFlutterFlutter Reverse Engineering Framework
AppAuth-OAuth2-Books-DemoA companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk
powerauth-cryptoPowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.
mobileAuditDjango application that performs SAST and Malware Analysis for Android APKs
dumproidAndroid process memory dump tool without ndk.
powerauth-mobile-sdkPowerAuth Mobile SDK for adds capability for authentication and transaction signing into the mobile apps (ios, watchos, android).
allsafeIntentionally vulnerable Android application.
BadIntentIntercept, modify, repeat and attack Android's Binder transactions using Burp Suite
grapefruit(WIP) Runtime Application Instruments for iOS. Previously Passionfruit
mobiletrackersA repository of telemetry domains and URLs used by mobile location tracking, user profiling, targeted marketing and aggressive ads libraries.