Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

• UpdatedJul 17, 2025
• JavaScript

Scanning APK file for URIs, endpoints & secrets.

• UpdatedMar 26, 2025
• Python

Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)

• UpdatedSep 1, 2021

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

• UpdatedOct 10, 2023
• Shell

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

• UpdatedMar 1, 2024

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

• UpdatedJun 11, 2025
• JavaScript

A curated list of Android Security materials and resources For Pentesters and Bug Hunters

• UpdatedMay 5, 2025

A big list of Android Hackerone disclosed reports and other resources.

• UpdatedAug 4, 2024

Radare2 and Frida better together.

• UpdatedJul 18, 2025
• TypeScript

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

• UpdatedFeb 2, 2023
• JavaScript

The repo contains a series of challenges for learning Frida for Android Exploitation.

• UpdatedJul 26, 2024

Android security insights in full spectrum.

• UpdatedMay 1, 2025
• Python

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

• UpdatedJan 17, 2025
• Go

An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling

• UpdatedFeb 24, 2024
• Shell

Oversecured Vulnerable Android App

• UpdatedJul 18, 2024
• Java

A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.

• UpdatedJun 25, 2021
• Kotlin

Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.

• UpdatedDec 13, 2023
• Java

Swiss army knife for identifying and fingerprinting Android devices. MIT license, no restrictions on usage in production. See link below to get the Pro version with 500K free monthly API calls.

• UpdatedDec 10, 2024
• Kotlin

Android security guides, roadmap, docs, courses, write-ups, and teryaagh.

• UpdatedJun 11, 2025

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

• UpdatedJan 6, 2023
• JavaScript