Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-mobile-security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
https://github.com/vaib25vicky/awesome-mobile-security
Last synced: 4 days ago
JSON representation
-
Android
-
General - Blogs, Papers, How To's
- Android Pentesting Labs - Step by Step guide for beginners
- Android: Gaining access to arbitrary* Content Providers
- Evernote: Universal-XSS, theft of all cookies from all sites, and more
- Interception of Android implicit intents
- TikTok: three persistent arbitrary code executions and one theft of arbitrary files
- Dive deep into Android Application Security
- Pentesting Android Apps Using Frida
- Mobile Security Testing Guide
- Android Applications Reversing 101
- Android Security Guidelines
- Android WebView Vulnerabilities
- Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913
- Android: Access to app protected components
- Android: arbitrary code execution via third-party package contexts
- Android Pentesting Labs - Step by Step guide for beginners
- An Android Hacking Primer
- Secure an Android Device
- OWASP Mobile Security Testing Guide
- Security Testing for Android Cross Platform Application
- Mobile Reverse Engineering Unleashed
- Android Root Detection Bypass Using Objection and Frida Scripts
- Root Detection Bypass By Manual Code Manipulation.
- Application and Network Usage in Android
- GEOST BOTNET - the discovery story of a new Android banking trojan
- Mobile Pentesting With Frida
- AndrODet: An adaptive Android obfuscation detector
- Hands On Mobile API Security
- Zero to Hero - Mobile Application Testing - Android Platform
- Android Malware Adventures
- Bypassing Android Anti-Emulation
- Bypassing Xamarin Certificate Pinning
- Configuring Burp Suite With Android Nougat
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Mobile Security Testing Guide
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Mobile Application Penetration Testing Cheat Sheet
- quark-engine - An Obfuscation-Neglect Android Malware Scoring System
- How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8
- AAPG - Android application penetration testing guide
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Mobile Reverse Engineering Unleashed
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- OWASP Mobile Security Testing Guide
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Secure an Android Device
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
- Android Pentesting Labs - Step by Step guide for beginners
-
Talks
- Scary Code in the Heart of Android
- Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android
- Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
- Android FakeID Vulnerability Walkthrough
- Unleashing D* on Android Kernel Drivers
- The Smarts Behind Hacking Dumb Devices
- Overview of common Android app vulnerabilities
- Android Dev Summit 2019
- Android security architecture
- Get the Ultimate Privilege of Android Phone
- Blowing the Cover of Android Binary Fuzzing (Slides)
- One Step Ahead of Cheaters -- Instrumenting Android Emulators
- Vulnerable Out of the Box: An Evaluation of Android Carrier Devices
- Rock appround the clock: Tracking malware developers by Android
- Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre
- Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
- Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening
- Hide Android Applications in Images
-
Misc.
- Chasing the Joker
- Android-Reports-and-Resources
- android-security-awesome
- Side Channel Attacks in 4G and 5G Cellular Networks-Slides
- Android Penetration Testing Courses
- Lesser-known Tools for Android Application PenTesting
- Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper
-
Tools
- NVISO ApkScan
- VirusTotal
- Scan Your APK
- AVC Undroid
- OPSWAT
- ImmuniWeb Mobile App Scanner
- Ostor Lab
- Quixxi
- TraceDroid
- App Critique
- Amandroid – A Static Analysis Framework
- Findbugs – Find Bugs in Java Programs
- Smali-CFGs – Smali Control Flow Graph’s
- SPARTA – Static Program Analysis for Reliable Trusted Apps
- Thresher – To check heap reachability properties
- Infer – A Static Analysis tool for Java, C, C++ and Objective-C
- FindBugs-IDEA Static byte code analysis to look for bugs in Java code
- AppAudit - Online tool ( including an API) uses dynamic and static analysis
- DroidBox - Dynamic analysis of Android applications
- Drozer
- AndroL4b - Android security virtual machine based on ubuntu-mate
- ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
- Magisk v20.2 - Root & Universal Systemless Interface
- MOBEXLER - A Mobile Application Penetration Testing Platform
- Oversecured - A static vulnerability scanner for Android apps (APK files) containing 90+ vulnerability categories
- Android Observatory APK Scan
- Android APK Decompiler
- AndroTotal
- APK Analyzer – Static and Virtual Analysis Tool
- Droid Hunter – Android application vulnerability analysis and Android pentest tool
- Error Prone – Static Analysis Tool
- Flow Droid – Static Data Flow Tracker
- Smali/Baksmali – Assembler/Disassembler for the dex format
- Vector Attack Scanner – To search vulnerable points to attack
- Gradle Static Analysis Plugin
- Checkstyle – A tool for checking Java source code
- PMD – An extensible multilanguage static code analyzer
- Android Quality Starter
- QARK – Quick Android Review Kit
- Android Check – Static Code analysis plugin for Android Project
- APK Leaks – Scanning APK file for URIs, endpoints & secrets
- Adhrit - Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks
- Android Hooker - Opensource project for dynamic analyses of Android applications
- AppAudit - A bare-metal analysis tool on Android devices
- CuckooDroid - Extension of Cuckoo Sandbox the Open Source software
- Droid-FF - Android File Fuzzing Framework
- Marvin - Analyzes Android applications and allows tracking of an app
- Inspeckage
- PATDroid - Collection of tools and data structures for analyzing Android applications
- Radare2 - Unix-like reverse engineering framework and commandline tools
- Mobile-Security-Framework MobSF
- Runtime Mobile Security (RMS) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
- Cutter - Free and Open Source RE Platform powered by radare2
- CobraDroid - Custom build of the Android operating system geared specifically for application security
- Drozer
-
Labs
- OWASP-mstg
- Sieve app
- MoshZuk
- FridaLab
- Santoku Linux - Mobile Security VM
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Hackme Bank
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
- Sieve app
-
Courses
-
Books
-
-
iOS
-
Talks
- Analyzing and Attacking Apple Kernel Drivers
- Behind the Scenes of iOS Security
- Modern iOS Application Security
- Demystifying the Secure Enclave Processor
- HackPac Hacking Pointer Authentication in iOS User Space
- Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox
- Reverse Engineering iOS Mobile Apps
- iOS 10 Kernel Heap Revisited
- KTRW: The journey to build a debuggable iPhone
- The One Weird Trick SecureROM Hates
- Tales of old: untethering iOS 11-Spoiler: Apple is bad at patching
- Messenger Hacking: Remotely Compromising an iPhone through iMessage
- Recreating An iOS 0-Day Jailbreak Out Of Apple's Security Updates
- Reverse Engineering the iOS Simulator’s SpringBoard
- Attacking iPhone XS Max
-
General - Blogs, Papers, How to's
- iOS Security
- Basic iOS Apps Security Testing lab
- IOS_Application_Security_Testing_Cheat_Sheet
- OWASP iOS Basic Security Testing
- Dynamic analysis of iOS apps w/o Jailbreak
- iOS Application Injection
- Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps
- Checkra1n Era - series
- BFU Extraction: Forensic Analysis of Locked and Disabled iPhones
- Can I Jailbreak?
- How to Extract Screen Time Passcodes and Voice Memos from iCloud
- Reverse Engineering Swift Apps
- Mettle your iOS with FRIDA
- A run-time approach for pentesting iOS applications
- iOS Internals vol 2
- Understanding usbmux and the iOS lockdown service
- A Deep Dive into iOS Code Signing
- AirDoS: remotely render any nearby iPhone or iPad unusable
- How to access and traverse a #checkra1n jailbroken iPhone File system using SSH
- Deep dive into iOS Exploit chains found in the wild - Project Zero
- The Fully Remote Attack Surface of the iPhone - Project Zero
-
Books
- Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It
- iOS Penetration Testing
- iOS App Security, Penetration Testing, and Development
- IOS Hacker's Handbook
- Hacking iOS Applications a detailed testing guide
- Develop iOS Apps (Swift)
- iOS Programming Cookbook
- Develop iOS Apps (Swift)
-
Courses
-
Tools
- Cydia Impactor
- checkra1n jailbreak
- idb - iOS App Security Assessment Tool
- Frida
- iFunbox
- Libimobiledevice - library to communicate with the services of the Apple ios devices
- iRET (iOS Reverse Engineering Toolkit) - includes oTool, dumpDecrypted, SQLite, Theos, Keychain_dumper, Plutil
- iWep Pro - wireless suite of useful applications used to turn your iOS device into a wireless network diagnostic tool
- Burp Suite
- Cycript
-
Labs
-
Misc.
-
Categories
Sub Categories
Keywords
android
8
static-analysis
7
mobile-security
6
java
5
security
4
code-quality
4
apk
4
static-code-analysis
4
reverse-engineering
4
android-security
4
dynamic-analysis
2
checkstyle
2
findbugs
2
gradle
2
penetration-testing
2
vulnerability
2
malware-analysis
2
ios-security
2
pmd
2
c
2
novoda
1
gradle-plugin
1
open-source
1
detekt
1
command-line-tool
1
android-lint
1
flowdroid
1
data-flow-tracker
1
apex
1
scanner
1
awesome
1
awesome-list
1
list
1
cpp
1
objective-c
1
application-security
1
malware-analyzer
1
ios
1
ai
1
artificial-intelligence
1
blackbox
1
blackbox-testing
1
blackhat
1
defcon
1
llm-agent
1
security-vulnerability-assessment
1
hacking
1
xposed
1
bytecode
1
dalvik
1