search

๐ŸชSecurity Tools For Android Pentesting

hashtag
Static Analysis Tools

  1. APKToolarrow-up-right โ€“ Decompile/modify APK (smali-level)

  2. Jadxarrow-up-right / JD-GUI โ€“ Convert DEX to readable Java code

  3. MobSFarrow-up-right โ€“ Automated static + dynamic scanner

  4. Androguardarrow-up-right โ€“ Python tool for APK/DEX/smali analysis

  5. Bytecode Viewerarrow-up-right โ€“ Reverse engineering with multiple decompilers

  6. ClassySharkarrow-up-right โ€“ Explore APK classes/methods/manifest

  7. QARKarrow-up-right โ€“ Detects security issues in APKs

  8. Enjarifyarrow-up-right / dex2jar โ€“ DEX to Java JAR conversion

  9. APKLeaksarrow-up-right โ€“ Extract secrets, tokens, and URLs

hashtag
Dynamic Analysis Tools

  1. Fridaarrow-up-right โ€“ Hook/modify functions at runtime

  2. Objectionarrow-up-right โ€“ Runtime exploitation via Frida (no root required)

  3. Xposedarrow-up-right / LSPosedarrow-up-right โ€“ Framework for modifying app behavior

  4. Burp Suitearrow-up-right โ€“ Intercept/modify network traffic

  5. Drozerarrow-up-right โ€“ Android app attack framework

  6. Magiskarrow-up-right โ€“ Systemless root; works with LSPosed modules

  7. ADBarrow-up-right โ€“ Debugging bridge for Android device

hashtag
Logging Tools

  1. Logcat โ€“ Default Android logging system (adb logcat)

  2. Pidcatarrow-up-right โ€“ Filtered Logcat output by package

  3. MatLogarrow-up-right โ€“ GUI log reader (useful for non-rooted devices)

  4. XLog / Timber โ€“ In-app logging libraries used in apps

  5. Logd โ€“ Android logging daemon behind logcat

  6. Syslog โ€“ For rooted devices to log everything (system + kernel)

hashtag
๐Ÿ’ก Contribution

Feel free to raise issues or submit PRs to add more Android bug bounty and mobile hacking resources.

PreviousBypassing Security Protections in APKs via Objection and FridaNextPIDCAT for Android Bug Bounty Logging

Last updated