Awesome Tools

List of all the awesome mobile appsec tools, that mobexler comes preinstalled with.

Android Studio

It is Integrated development Enviroment (IDE) and Used for Android App Development.

How to use ?

It is a GUI based tool,so simply run and use it.

Burp Suite

Burp community version includes few essential manual tools from the Burp platform, however some of the features are available only in paid version.

How to use ?

It is one of the good GUI based tool for pentesters to use for pentesting. It is simple to run and use:).

Bytecode Viewer

Free open source user friendly and advance java Reverse engineering suite with six diffrent java decompilers two byte code editors,a java compiler,plugins, jars and many more

How to use ?

drag and drop the file(APK,class,jar,dex,zip) and explore it.

Frida

It is a toolkit which allows run time hooking into application for developers, reverse-engineers and security researchers.

How to use ?

adb push frida-server /data/local/tmp adb shell "chmod+x /data/local/tmp/frida-server" adb shell "/data/local/tmp/frida-server &"

JADX-GUI

JADX has Command line and GUI tools for produce Java source code from Android Dex and JADX-GUI is UI based. .

How to use ?

It is gui based tool and support(APK,zip etc.)file formats to analyse in java source code.

JD-GUI

It is a standalone graphical utility it helps in displays Java sources from CLASS files.

How to use ?

It is GUI tool and just need to open class file to read it in java source code.

Logcat - Pidcat

It shows log entries for processes from a specific application package.

How to use ?

Run it and it will show you options to use :)

MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis.

How to use ?

Run it docker app of MobSF and it i ask you for the password of lab. once password is entered ,go and browse 127.0.0.1:8000 you will see MobSF interface. Drag and drop to analyse apk.

SUPER-Analyzer

It is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes .apk files in search for vulnerabilities.

How to use ?

Run it and give the absolute path of Apk

Wireshark

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

How to use ?

It has UI interface and easy to use.

Smali & baksmali

Smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android's Java VM implementation .

How to use ?

java -jar smali-x.x.x.jar

Radare2

Radare is a portable reversing framework that can Disassemble/assemble many different architectures.

How to use ?

Use r2 to run it.

Mara Framework

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools.

How to use ?

Goto mara folder and run ./mara.sh it will show the supported options with mara-framework.

SIGN


How to use ?

java -jar sign.jar.

TCPDUMP

It is a powerful command-line packet analyzer; and libpcap for network traffic capture.

How to use ?

tcpdump --help and it wil show the available options for this command line tool.

Objection

Objection is a runtime mobile exploration toolkit, powered by Frida It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.

How to use ?

Run objection --help and it will show all the available info/options for frida.

Drozer

It is a security pentesting framework.Drozer allows pentesters to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM.

How to use ?

Run drozer command and also install the drozer client(adb install agent.apk) in Mobile device. port forword using : adb forword tcp:31415 tcp:31415 launch Drozer console using : drozer console connect

Ghidra

A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate and this reverse engineering tool helps to dig up the source code of a proprietary program which further gives you the ability to detect virus threats or potential bugs

How to use ?

got to Ghidra folder and run ./ghidraRun. It will open the GUI interface and you can use it.

Cydia Impactor

You can use this tool to install IPA files on iOS and APK files on Android. It also can help you exploit the series of Android "Master Key" vulnerabilities.

How to use ?

Run Cydia and connect your IOS device to computer ,wait until it gets detected. Drag IPA to cydia impactor window and install. It will prompt for Apple ID and password and IPA file will be instlled successfully.

Filezilla

It is used for transferring files over the Network.

How to use ?

Filezilla is GUI based so it is pretty easy to use :) just simply run !!!and you can use it.

Putty

it is an SSH and telnet client..

How to use ?

It has Ui interface,Simply run and use it.

Hopper Disassembler

Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications.

How to use ?

Hopper Disassembler is UI based tool so simply run and use it.

Metasploit

It is a penetration testing framework that enables pentesters to find, exploit, and validate vulnerabilities.

How to use ?

To start metasploit use command "msfconsole".

Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws

How to use ?

just run sqlmap -h and it will show available options to use with it.

DB Browser for SQLite

DB Browser for SQLite (DB4S) is a high quality, visual, open source tool to create, design, and edit database files compatible with SQLite.

How to use ?

Just run DB Browser for SQLite from the application menu.

frida-ios-dump

Pull a decrypted IPA from a jailbroken device.

How to use ?

Go to frida-ios-dumo directory, run ./dump.py App_Name.

Nmap

Nmap Free Security Scanner, Port Scanner, & Network Exploration Tool.

How to use ?

nmap --help will show all the available options to use.

swift-frida

Swift runtime interop from Frida -- interact with iOS apps written in Swift, using Frida.

How to use ?

Go to swift-frida directory inside iOSZone and run.

Runtime Mobile Security

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.

How to use ?

Go to Application Menu --> AndroidZone --> RMS.

PassionFruit

Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs.

How to use ?

Go to Application Menu --> iOSZone --> Passionfruit.

AndroBugs Framework

AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less than 2 minutes per scan in average) and more accurate.

How to use ?

Run Androbug Analyzer by clicking the application icon from application menu.

Have suggestions for us ?? Want your favorite tools added to mobexler ?

Contact us