๐ŸชSecurity Tools For Android Pentesting

Static Analysis Tools

  1. APKTool โ€“ Decompile/modify APK (smali-level)

  2. Jadx / JD-GUI โ€“ Convert DEX to readable Java code

  3. MobSF โ€“ Automated static + dynamic scanner

  4. Androguard โ€“ Python tool for APK/DEX/smali analysis

  5. Bytecode Viewer โ€“ Reverse engineering with multiple decompilers

  6. ClassyShark โ€“ Explore APK classes/methods/manifest

  7. QARK โ€“ Detects security issues in APKs

  8. Enjarify / dex2jar โ€“ DEX to Java JAR conversion

  9. APKLeaks โ€“ Extract secrets, tokens, and URLs

Dynamic Analysis Tools

  1. Frida โ€“ Hook/modify functions at runtime

  2. Objection โ€“ Runtime exploitation via Frida (no root required)

  3. Xposed / LSPosed โ€“ Framework for modifying app behavior

  4. Burp Suite โ€“ Intercept/modify network traffic

  5. Drozer โ€“ Android app attack framework

  6. Magisk โ€“ Systemless root; works with LSPosed modules

  7. ADB โ€“ Debugging bridge for Android device

Logging Tools

  1. Logcat โ€“ Default Android logging system (adb logcat)

  2. Pidcat โ€“ Filtered Logcat output by package

  3. MatLog โ€“ GUI log reader (useful for non-rooted devices)

  4. XLog / Timber โ€“ In-app logging libraries used in apps

  5. Logd โ€“ Android logging daemon behind logcat

  6. Syslog โ€“ For rooted devices to log everything (system + kernel)

๐Ÿ’ก Contribution

Feel free to raise issues or submit PRs to add more Android bug bounty and mobile hacking resources.

PreviousBypassing Security Protections in APKs via Objection and FridaNextPIDCAT for Android Bug Bounty Logging

Last updated