https://github.com/hahwul/MobileHackersWeapons

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
https://github.com/hahwul/MobileHackersWeapons

List: MobileHackersWeapons

android awesome-list bugbounty bugbountytips hacking ios mobilehacks scanner security tools

Last synced: 4 months ago
JSON representation

Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting

• Host: GitHub
• URL: https://github.com/hahwul/MobileHackersWeapons
• Owner: hahwul
• License: mit
• Created: 2021-01-12T16:03:41.000Z (almost 5 years ago)
• Default Branch: main
• Last Pushed: 2024-10-20T04:02:44.000Z (about 1 year ago)
• Last Synced: 2024-11-21T07:37:43.474Z (12 months ago)
• Topics: android, awesome-list, bugbounty, bugbountytips, hacking, ios, mobilehacks, scanner, security, tools
• Language: Go
• Homepage:
• Size: 2.07 MB
• Stars: 765
• Watchers: 47
• Forks: 125
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

• awesome-hacking-lists - hahwul/MobileHackersWeapons - Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting (Go)
• ultimate-awesome - MobileHackersWeapons - Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting. (Other Lists / TeX Lists)

README

          

























A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting


## Family project

[![WebHackersWeapons](https://img.shields.io/github/stars/hahwul/WebHackersWeapons?label=WebHackersWeapons)](https://github.com/hahwul/WebHackersWeapons)

[![MobileHackersWeapons](https://img.shields.io/github/stars/hahwul/MobileHackersWeapons?label=MobileHackersWeapons)](https://github.com/hahwul/MobileHackersWeapons)

## Table of Contents

- [Weapons](#weapons)

- [Contribute](/CONTRIBUTING.md)

- [Thanks to contributor](#thanks-to-contributor)

## Weapons

*Attributes*

|       | Attributes                                        |

|-------|---------------------------------------------------|

| Types | `Analysis` `Pentest` `Proxy` `RE` `Scripts` `Scanner` `Utils` `Device` `Discovery`, `Monitor`, `NFC`, `Target`, `Bluetooth`, `Jailbreak`, `Inject`, `Unpinning`|

| Tags  | [`Unpinning`](/categorize/tags/Unpinning.md) [`Target`](/categorize/tags/Target.md) [`Inject`](/categorize/tags/Inject.md) [`SCRIPTS`](/categorize/tags/SCRIPTS.md) [`Jailbreak`](/categorize/tags/Jailbreak.md) [`Bluetooth`](/categorize/tags/Bluetooth.md) [`NFC`](/categorize/tags/NFC.md) [`Discovery`](/categorize/tags/Discovery.md) [`Hijack`](/categorize/tags/Hijack.md) [`Monitor`](/categorize/tags/Monitor.md)                         |

| Langs | [`Python`](/categorize/langs/Python.md) [`C++`](/categorize/langs/C++.md) [`JavaScript`](/categorize/langs/JavaScript.md) [`Unknown`](/categorize/langs/Unknown.md) [`TypeScript`](/categorize/langs/TypeScript.md) [`Ruby`](/categorize/langs/Ruby.md) [`Shell`](/categorize/langs/Shell.md) [`Java`](/categorize/langs/Java.md) [`Go`](/categorize/langs/Go.md) [`Objective-C`](/categorize/langs/Objective-C.md) [`Meson`](/categorize/langs/Meson.md) [`Kotlin`](/categorize/langs/Kotlin.md) [`C`](/categorize/langs/C.md) [`Objective-C++`](/categorize/langs/Objective-C++.md)                        |

### All

| Type | Name | Description | Star |

| --- | --- | --- | --- |

|Analysis|[RMS-Runtime-Mobile-Security](https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security)|Runtime Mobile Security (RMS) 📱🔥  - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime|![](https://img.shields.io/github/stars/m0bilesecurity/RMS-Runtime-Mobile-Security?label=%20)|

|Analysis|[flipper](https://github.com/facebook/flipper)|A desktop debugging platform for mobile developers.|![](https://img.shields.io/github/stars/facebook/flipper?label=%20)|

|Analysis|[scrounger](https://github.com/nettitude/scrounger)|Mobile application testing toolkit|![](https://img.shields.io/github/stars/nettitude/scrounger?label=%20)|

|Pentest|[metasploit-framework](https://github.com/rapid7/metasploit-framework)|Metasploit Framework|![](https://img.shields.io/github/stars/rapid7/metasploit-framework?label=%20)|

|Proxy|[BurpSuite](https://portswigger.net/burp)|The BurpSuite||

|Proxy|[zaproxy](https://github.com/zaproxy/zaproxy)|The OWASP ZAP core project|![](https://img.shields.io/github/stars/zaproxy/zaproxy?label=%20)|

|Proxy|[httptoolkit](https://github.com/httptoolkit/httptoolkit)|HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac|![](https://img.shields.io/github/stars/httptoolkit/httptoolkit?label=%20)|

|Proxy|[proxify](https://github.com/projectdiscovery/proxify)|Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.|![](https://img.shields.io/github/stars/projectdiscovery/proxify?label=%20)|

|Proxy|[hetty](https://github.com/dstotijn/hetty)|Hetty is an HTTP toolkit for security research.|![](https://img.shields.io/github/stars/dstotijn/hetty?label=%20)|

|RE|[frida-tools](https://github.com/frida/frida-tools)|Frida CLI tools|![](https://img.shields.io/github/stars/frida/frida-tools?label=%20)|

|RE|[fridump](https://github.com/Nightbringer21/fridump)|A universal memory dumper using Frida|![](https://img.shields.io/github/stars/Nightbringer21/fridump?label=%20)|

|RE|[ghidra](https://github.com/NationalSecurityAgency/ghidra)|Ghidra is a software reverse engineering (SRE) framework|![](https://img.shields.io/github/stars/NationalSecurityAgency/ghidra?label=%20)|

|RE|[diff-gui](https://github.com/antojoseph/diff-gui)|GUI for Frida -Scripts|![](https://img.shields.io/github/stars/antojoseph/diff-gui?label=%20)|

|RE|[frida](https://github.com/frida/frida)|Clone this repo to build Frida|![](https://img.shields.io/github/stars/frida/frida?label=%20)|

|Scanner|[StaCoAn](https://github.com/vincentcox/StaCoAn)|StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.|![](https://img.shields.io/github/stars/vincentcox/StaCoAn?label=%20)|

|Scanner|[Mobile-Security-Framework-MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF)|Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.|![](https://img.shields.io/github/stars/MobSF/Mobile-Security-Framework-MobSF?label=%20)|

|Utils|[watchman](https://github.com/facebook/watchman)|Watches files and records, or triggers actions, when they change.|![](https://img.shields.io/github/stars/facebook/watchman?label=%20)|

||[frida-scripts](https://github.com/0xdea/frida-scripts)|A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps.|![](https://img.shields.io/github/stars/0xdea/frida-scripts?label=%20)|

||[frida-gadget](https://github.com/ksg97031/frida-gadget)|frida-gadget is a tool that can be used to patch APKs in order to utilize the Frida gadget.|![](https://img.shields.io/github/stars/ksg97031/frida-gadget?label=%20)|

### iOS

| Type | Name | Description | Star |

| --- | --- | --- | --- |

|Analysis|[objection](https://github.com/sensepost/objection)|📱 objection - runtime mobile exploration|![](https://img.shields.io/github/stars/sensepost/objection?label=%20)|

|Analysis|[iblessing](https://github.com/Soulghost/iblessing)|iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.|![](https://img.shields.io/github/stars/Soulghost/iblessing?label=%20)|

|Analysis|[iFunBox](http://www.i-funbox.com/)|General file management software for iPhone and other Apple products||

|Analysis|[needle](https://github.com/FSecureLABS/needle)|The iOS Security Testing Framework|![](https://img.shields.io/github/stars/FSecureLABS/needle?label=%20)|

|RE|[Clutch](https://github.com/KJCracks/Clutch)|Fast iOS executable dumper|![](https://img.shields.io/github/stars/KJCracks/Clutch?label=%20)|

|RE|[iRET](https://github.com/S3Jensen/iRET)|iOS Reverse Engineering Toolkit.|![](https://img.shields.io/github/stars/S3Jensen/iRET?label=%20)|

|RE|[class-dump](https://github.com/nygard/class-dump)|Generate Objective-C headers from Mach-O files.|![](https://img.shields.io/github/stars/nygard/class-dump?label=%20)|

|RE|[iSpy](https://github.com/BishopFox/iSpy)|A reverse engineering framework for iOS|![](https://img.shields.io/github/stars/BishopFox/iSpy?label=%20)|

|RE|[momdec](https://github.com/atomicbird/momdec)|Core Data Managed Object Model Decompiler|![](https://img.shields.io/github/stars/atomicbird/momdec?label=%20)|

|RE|[ipsw](https://github.com/blacktop/ipsw)|iOS/macOS Research Swiss Army Knife|![](https://img.shields.io/github/stars/blacktop/ipsw?label=%20)|

|RE|[frida-ios-dump](https://github.com/AloneMonkey/frida-ios-dump)|pull decrypted ipa from Jailbreak device|![](https://img.shields.io/github/stars/AloneMonkey/frida-ios-dump?label=%20)|

|Utils|[idb](https://github.com/facebook/idb)|idb is a flexible command line interface for automating iOS simulators and devices|![](https://img.shields.io/github/stars/facebook/idb?label=%20)|

||[MEDUZA](https://github.com/kov4l3nko/MEDUZA)|A more or less universal SSL unpinning tool for iOS|![](https://img.shields.io/github/stars/kov4l3nko/MEDUZA?label=%20)|

||[bfinject](https://github.com/BishopFox/bfinject)|Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra Jailbreaks|![](https://img.shields.io/github/stars/BishopFox/bfinject?label=%20)|

||[ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2)|Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps|![](https://img.shields.io/github/stars/nabla-c0d3/ssl-kill-switch2?label=%20)|

||[Liberty](https://yaluJailbreak.net/liberty/)|Bypass Jailbreak and SSL Pinning||

||[HideJB](http://cydia.saurik.com/package/com.thuthuatjb.hidejb/)|a tweak has the ability to skip Jailbreak detection on iOS apps.||

||[toothpicker](https://github.com/seemoo-lab/toothpicker)|ToothPicker is an in-process, coverage-guided fuzzer for iOS. for iOS Bluetooth|![](https://img.shields.io/github/stars/seemoo-lab/toothpicker?label=%20)|

||[A-Jailbreak](https://www.ios-repo-updates.com/repository/baw-repo/package/com.rpgfarm.a-Jailbreak/)|Super Jailbreak detection Jailbreak!||

||[FlyJB-X](https://github.com/XsF1re/FlyJB-X)|You can HIDE Doing Jailbreak your iDevice.|![](https://img.shields.io/github/stars/XsF1re/FlyJB-X?label=%20)|

||[ipainstaller](https://github.com/autopear/ipainstaller)|Install IPA from command line|![](https://img.shields.io/github/stars/autopear/ipainstaller?label=%20)|

### Android

| Type | Name | Description | Star |

| --- | --- | --- | --- |

|Analysis|[apkleaks](https://github.com/dwisiswant0/apkleaks)|Scanning APK file for URIs, endpoints & secrets.|![](https://img.shields.io/github/stars/dwisiswant0/apkleaks?label=%20)|

|Analysis|[drozer](https://github.com/FSecureLABS/drozer)|The Leading Security Assessment Framework for Android.|![](https://img.shields.io/github/stars/FSecureLABS/drozer?label=%20)|

|Pentest|[Kali NetHunter](https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-project)|Mobile Penetration Testing Platform||

|RE|[jadx](https://github.com/skylot/jadx)|Dex to Java decompiler|![](https://img.shields.io/github/stars/skylot/jadx?label=%20)|

|RE|[apkx](https://github.com/b-mueller/apkx)|One-Step APK Decompilation With Multiple Backends|![](https://img.shields.io/github/stars/b-mueller/apkx?label=%20)|

|RE|[dex-oracle](https://github.com/CalebFenton/dex-oracle)|A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis|![](https://img.shields.io/github/stars/CalebFenton/dex-oracle?label=%20)|

|RE|[androguard](https://github.com/androguard/androguard)|Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)|![](https://img.shields.io/github/stars/androguard/androguard?label=%20)|

|RE|[jd-gui](https://github.com/java-decompiler/jd-gui)|A standalone Java Decompiler GUI|![](https://img.shields.io/github/stars/java-decompiler/jd-gui?label=%20)|

|RE|[JEB](https://www.pnfsoftware.com/jeb/)|reverse-engineering platform to perform disassembly, decompilation, debugging, and analysis of code and document files, manually or as part of an analysis pipeline.||

|RE|[bytecode-viewer](https://github.com/Konloch/bytecode-viewer/)|A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)|![](https://img.shields.io/github/stars/Konloch/bytecode-viewer/?label=%20)|

|RE|[enjarify](https://github.com/Storyyeller/enjarify)|Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications.|![](https://img.shields.io/github/stars/Storyyeller/enjarify?label=%20)|

|RE|[procyon](https://github.com/mstrobel/procyon)|Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler.|![](https://img.shields.io/github/stars/mstrobel/procyon?label=%20)|

|RE|[dex2jar](https://github.com/pxb1988/dex2jar)|Tools to work with android .dex and java .class files|![](https://img.shields.io/github/stars/pxb1988/dex2jar?label=%20)|

|RE|[Apktool](https://github.com/iBotPeaches/Apktool)|A tool for reverse engineering Android apk files|![](https://img.shields.io/github/stars/iBotPeaches/Apktool?label=%20)|

|RE|[btrace](https://github.com/bytedance/btrace)|🔥🔥 btrace(AKA RheaTrace) is a high performance Android trace tool which is based on Systrace, it support to define custom events automatically during building apk and using bhook to provider more native events like IO.|![](https://img.shields.io/github/stars/bytedance/btrace?label=%20)|

|RE|[Smali-CFGs](https://github.com/EugenioDelfa/Smali-CFGs)|Smali Control Flow Graph's|![](https://img.shields.io/github/stars/EugenioDelfa/Smali-CFGs?label=%20)|

|Scanner|[qark](https://github.com/linkedin/qark)|Tool to look for several security related Android application vulnerabilities|![](https://img.shields.io/github/stars/linkedin/qark?label=%20)|

|Utils|[behe-keyboard](https://github.com/VladThodo/behe-keyboard)|A lightweight hacking & programming keyboard with material design|![](https://img.shields.io/github/stars/VladThodo/behe-keyboard?label=%20)|

|Utils|[termux-app](https://github.com/termux/termux-app)|Termux - a terminal emulator application for Android OS extendible by variety of packages.|![](https://img.shields.io/github/stars/termux/termux-app?label=%20)|

|Utils|[Magisk](https://github.com/topjohnwu/Magisk)|The Magic Mask for Android|![](https://img.shields.io/github/stars/topjohnwu/Magisk?label=%20)|

|Device|[scrcpy](https://github.com/Genymobile/scrcpy)|Display and control your Android device|![](https://img.shields.io/github/stars/Genymobile/scrcpy?label=%20)|

||[gplaydl](https://github.com/rehmatworks/gplaydl)|Command Line Google Play APK downloader. Download APK files to your PC directly from Google Play Store.|![](https://img.shields.io/github/stars/rehmatworks/gplaydl?label=%20)|

||[gplaycli](https://github.com/matlink/gplaycli)|Google Play Downloader via Command line|![](https://img.shields.io/github/stars/matlink/gplaycli?label=%20)|

||[googleplay](https://github.com/89z/googleplay)|Download APK from Google Play or send API requests|![](https://img.shields.io/github/stars/89z/googleplay?label=%20)|

||[nfcgate](https://github.com/nfcgate/nfcgate)|An NFC research toolkit application for Android|![](https://img.shields.io/github/stars/nfcgate/nfcgate?label=%20)|

||[PlaystoreDownloader](https://github.com/ClaudiuGeorgiu/PlaystoreDownloader)|A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)|![](https://img.shields.io/github/stars/ClaudiuGeorgiu/PlaystoreDownloader?label=%20)|

||[PortAuthority](https://github.com/aaronjwood/PortAuthority)|A handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts.|![](https://img.shields.io/github/stars/aaronjwood/PortAuthority?label=%20)|

||[Hijacker](https://github.com/chrisk44/Hijacker)|Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android|![](https://img.shields.io/github/stars/chrisk44/Hijacker?label=%20)|

||[PCAPdroid](https://github.com/emanuele-f/PCAPdroid)|No-root network monitor, firewall and PCAP dumper for Android|![](https://img.shields.io/github/stars/emanuele-f/PCAPdroid?label=%20)|

## Thanks to (Contributor)

WHW's open-source project and made it with ❤️ if you want contribute this project, please see [CONTRIBUTING.md](https://github.com/hahwul/MobileHackersWeapons/blob/main/CONTRIBUTING.md) and Pull-Request with cool your contents.

[![](/images/CONTRIBUTORS.svg)](https://github.com/hahwul/MobileHackersWeapons/graphs/contributors)