A comprehensive collection of tools, scripts, and documentation for mobile application security testing on Android and iOS platforms.
Mobile-PT/
├── docs/
│ ├── android/ # Android security documentation
│ ├── ios/ # iOS security documentation
│ ├── flutter/ # Flutter security documentation
│ ├── frida/ # FRIDA toolkit documentation
│ └── tools/ # Tool-specific guides
├── frida-scripts/ # Ready-to-use FRIDA scripts
│ ├── android/ # Android-specific scripts
│ ├── ios/ # iOS-specific scripts
│ ├── flutter/ # Flutter-specific scripts
│ └── universal/ # Cross-platform scripts
├── Applications/ # Sample vulnerable apps for testing
└── books/ # Reference materials and guides
- Android Testing: Start with Android Setup Guide
- iOS Testing: Begin with iOS Setup Guide
- Flutter Testing: Explore Flutter Security Guide
- FRIDA: Learn dynamic instrumentation with FRIDA Documentation
- Tools: Explore security tools in Tools Directory
- 🔍 Security Testing Checklist - Comprehensive testing methodology
- ⚡ Quick Reference Guide - Commands and cheat sheets
- Android Security Testing Guide
- Android Application Architecture
- Android Security Model
- Android File Structure
- Build Process
- Flutter Security Testing Guide
- Flutter Architecture & Security Model
- Flutter Network Traffic Interception
- Flutter Certificate Pinning Bypass
- Flutter Platform Channel Security
- SSL Pinning Bypass - Works on Android & iOS
Note: This playlist contains comprehensive tutorials covering Android, iOS, and Flutter security testing methodologies.
The Applications/ directory contains various vulnerable applications for testing:
- DIVA (Damn Insecure and Vulnerable App)
- InsecureBankv2 - Banking app with vulnerabilities
- UnCrackable Series - Reverse engineering challenges
- OWASP GoatDroid - Deliberately vulnerable app
- VulnApp - General vulnerability testing
- Drozer Agent - For component analysis
- Certificate Pinning Test Apps - For bypass testing
- Root Detection Apps - For evasion testing
# Run the environment validation script
./validate-environment.sh# ADB (Android Debug Bridge)
sudo apt-get install android-tools-adb
# FRIDA for Android
pip install frida-tools
# Download frida-server for your device architecture
# MobSF (Mobile Security Framework)
docker pull opensecurity/mobsf# Flutter SDK
git clone https://github.com/flutter/flutter.git -b stable
export PATH="$PATH:`pwd`/flutter/bin"
# Flutter security analysis tools
pip install reify
git clone https://github.com/ptswarm/reflutter.git
# Verify installation
flutter doctor# Burp Suite Community/Professional
# OWASP ZAP
# Wireshark for traffic analysis
# mitmproxy for advanced HTTP/HTTPS interception
pip install mitmproxy# Xcode (macOS only)
# Install from App Store
# FRIDA for iOS
pip install frida-tools
# Requires jailbroken device
# iOS Security Tools
brew install class-dump
brew install ios-deploy- App store analysis
- Permissions review
- Technology stack identification
- Framework detection (Native/Flutter/React Native)
- Code review
- Binary analysis
- Configuration assessment
- Hardcoded secrets detection
- Framework-specific analysis (Flutter assets, etc.)
- Runtime behavior monitoring
- Network traffic analysis
- Memory dumping
- API testing
- Platform channel monitoring (Flutter)
- Authentication bypass
- Authorization flaws
- Input validation
- Data storage security
- Communication security
- Certificate pinning bypass
- Vulnerability classification
- Risk assessment
- Remediation guidance
- Proof of concepts
- Android Security Internals - In-depth Android security architecture
- Mobile Application Security - Comprehensive mobile security guide
- OWASP Mobile Security Testing Guide - Industry standard testing methodology
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Add your improvements
- Submit a pull request
- New FRIDA scripts
- Additional vulnerable apps
- Documentation improvements
- Tool integration guides
- Video tutorial suggestions
This repository is for educational and authorized security testing purposes only. Always ensure you have proper authorization before testing any applications or systems. The authors are not responsible for any misuse of the tools and information provided.
- Issues: Use GitHub Issues for bug reports and feature requests
- Discussions: Join the community discussions
- Security Research: Share your findings responsibly
Happy Hacking! 🔐📱