search

Security Tools For Android Pentesting

hashtag
Static Analysis Tools

  1. APKToolarrow-up-right – Decompile/modify APK (smali-level)

  2. Jadxarrow-up-right / JD-GUI – Convert DEX to readable Java code

  3. MobSFarrow-up-right – Automated static + dynamic scanner

  4. Androguardarrow-up-right – Python tool for APK/DEX/smali analysis

  5. Bytecode Viewerarrow-up-right – Reverse engineering with multiple decompilers

  6. ClassySharkarrow-up-right – Explore APK classes/methods/manifest

  7. QARKarrow-up-right – Detects security issues in APKs

  8. Enjarifyarrow-up-right / dex2jar – DEX to Java JAR conversion

  9. APKLeaksarrow-up-right – Extract secrets, tokens, and URLs

hashtag
Dynamic Analysis Tools

  1. Fridaarrow-up-right – Hook/modify functions at runtime

  2. Objectionarrow-up-right – Runtime exploitation via Frida (no root required)

  3. Xposedarrow-up-right / LSPosedarrow-up-right – Framework for modifying app behavior

  4. Burp Suitearrow-up-right – Intercept/modify network traffic

  5. Drozerarrow-up-right – Android app attack framework

  6. Magiskarrow-up-right – Systemless root; works with LSPosed modules

  7. ADBarrow-up-right – Debugging bridge for Android device

hashtag
Logging Tools

  1. Logcat – Default Android logging system (adb logcat)

  2. Pidcatarrow-up-right – Filtered Logcat output by package

  3. MatLogarrow-up-right – GUI log reader (useful for non-rooted devices)

  4. XLog / Timber – In-app logging libraries used in apps

  5. Logd – Android logging daemon behind logcat

  6. Syslog – For rooted devices to log everything (system + kernel)

hashtag
πŸ’‘ Contribution

Feel free to raise issues or submit PRs to add more Android bug bounty and mobile hacking resources.

PreviousCLI Commands & ShortcutsNextDrozer Tutorial

Last updated