Mobile Pentesting Tools

This is my listing of iOS and Android assessment tools for my personal bookmarks.


A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc.

Install on Kali:

sudo apt install -y apktool

Decompile an app:

apktool d test.apk


Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.


Command line and GUI tools for produce Java source code from Android Dex and Apk files.

Installation on Kali: sudo apt install -y jadx


Drozer (formerly Mercury) is the leading security testing framework for Android.

drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).

drozer is open source software, maintained by MWR InfoSecurity.


Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.


Fridump (v0.1) is an open source memory dumping tool, primarily aimed to penetration testers and developers. Fridump is using the Frida framework to dump accessible memory addresses from any platform supported. It can be used from a Windows, Linux or Mac OS X system to dump the memory of an iOS, Android or Windows application.


Simple iOS app blackbox assessment tool. Powered by and vuejs.


Objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.


Pull decrypted ipa from jailbreak device

Santoku Linux

Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.

When I need to use Drozer, I always run it from a Santoku virtual machine due to Java and other environment dependencies that are setup correctly in Santoku.


APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android.

Runtime Mobile Security

Runtime Mobile Security (RMS) is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime.


Enumerate exposed firebase databases

-Downloads APKs from and analyse Android files for misconfigured Firebase databasases -List of APKs based on categories, or search for specific APK or search for keywords (to-do) -Mutate a keyword to find exposed Firebase databases (to-do) -Could be useful for when searching for a specific company

Written on March 5, 2020