Mobile Security
A nice CLI tool to scan process memory, using frida
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
Frida scripts to rewrite mobile applications at runtime to directly MitM all HTTPS traffic
Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
A Frida script to bypass Xamarin certificate pinning implementations
Extract DLL files from a Xamarin libmonodroid_app_bundle.so bundle
Extract .NET assemblies from Xamarin mobile applications.
Python utility for parsing Xamarin AssemblyStore blob files
All the mono c exports, ready to be used in frida!
Decompress Xamarin .NET compressed binaries so they can be decompiled.
Work in progress...
The app used in my Medium article "What Is Android Intent Redirection Vulnerability and How to Prevent It"
📱 objection - runtime mobile exploration
Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder".
Runtime code generation for the Java virtual machine.
This repository explain how to write frida hook scripts and analysis written hooks.
DNSChef (NG) - DNS proxy for Penetration Testers and Malware Analysts
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
Vulnerable Ios application for Ostolab Security Scanner
Vulnerable Android application for Ostolab Security Scanner
Reverse engineering and pentesting for Android applications
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`