A comprehensive, human-readable index of all tests, techniques, and tools from the OWASP Mobile Application Security Testing Guide (MASTG), organized by MASVS v2.1.0 control groups.
Generated from OWASP/mastg at commit
cfdc384.
8 MASVS groups · 133 tests (81 Android, 49 iOS) · 139 techniques · 131 tools
Tests by MASVS Group
- MASVS-STORAGE — Storage (23 tests)
- MASVS-CRYPTO — Cryptography (18 tests)
- MASVS-AUTH — Authentication and Authorization (11 tests)
- MASVS-NETWORK — Network Communication (18 tests)
- MASVS-PLATFORM — Platform Interaction (23 tests)
- MASVS-CODE — Code Quality (10 tests)
- MASVS-RESILIENCE — Resilience Against Reverse Engineering and Tampering (19 tests)
- MASVS-PRIVACY — Privacy (8 tests)
Reference
- Techniques (139)
- Tools (131)
- MASVS-STORAGE-1: The app securely stores sensitive data.
- MASVS-STORAGE-2: The app prevents leakage of sensitive data.
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0200 |
Files Written to External Storage | dynamic | MASWE-0007 |
L1, L2 |
MASTG-TEST-0201 |
Runtime Use of APIs to Access External Storage | dynamic | MASWE-0007 |
L1, L2 |
MASTG-TEST-0202 |
References to APIs and Permissions for Accessing External Storage | static | MASWE-0007 |
L1, L2 |
MASTG-TEST-0203 |
Runtime Use of Logging APIs | dynamic | MASWE-0001 |
L1, L2, P |
MASTG-TEST-0207 |
Runtime Storage of Unencrypted Data in the App Sandbox | dynamic, filesystem | MASWE-0006 |
L2 |
MASTG-TEST-0216 |
Sensitive Data Not Excluded From Backup | dynamic, filesystem | MASWE-0004 |
L1, L2, P |
MASTG-TEST-0231 |
References to Logging APIs | static | MASWE-0001 |
L1, L2, P |
MASTG-TEST-0262 |
References to Backup Configurations Not Excluding Sensitive Data | static | MASWE-0004 |
L1, L2, P |
MASTG-TEST-0287 |
Sensitive Data Stored Unencrypted via the SharedPreferences API to the App Sandbox | static, dynamic | MASWE-0006 |
L1, L2 |
MASTG-TEST-0304 |
Sensitive Data Stored Unencrypted via SQLite | static, dynamic | MASWE-0006 |
L1, L2 |
MASTG-TEST-0305 |
Sensitive Data Stored Unencrypted via DataStore | static, dynamic | MASWE-0006 |
L1, L2 |
MASTG-TEST-0306 |
Sensitive Data Stored Unencrypted via Android Room DB | static, dynamic | MASWE-0006 |
L1, L2 |
- MASVS-CRYPTO-1: The app employs current strong cryptography and uses it according to industry best practices.
- MASVS-CRYPTO-2: The app performs key management according to industry best practices.
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0209 |
Insufficient Key Sizes | static, dynamic | MASWE-0009 |
L1, L2 |
MASTG-TEST-0210 |
Broken Symmetric Encryption Algorithms | static, dynamic | MASWE-0020 |
L1, L2 |
MASTG-TEST-0211 |
Broken Hashing Algorithms | static, dynamic | MASWE-0021 |
L1, L2 |
MASTG-TEST-0213 |
Use of Hardcoded Cryptographic Keys in Code | static | MASWE-0014 |
L1, L2 |
MASTG-TEST-0214 |
Hardcoded Cryptographic Keys in Files | static | MASWE-0014 |
L1, L2 |
MASTG-TEST-0311 |
Insecure Random API Usage | static, dynamic | MASWE-0027 |
L1, L2 |
MASTG-TEST-0317 |
Broken Symmetric Encryption Modes | static, dynamic | MASWE-0020 |
L1, L2 |
- MASVS-AUTH-1: The app uses secure authentication and authorization protocols and follows the relevant best practices.
- MASVS-AUTH-2: The app performs local authentication securely according to the platform best practices.
- MASVS-AUTH-3: The app secures sensitive operations with additional authentication.
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0326 |
References to APIs Allowing Fallback to Non-Biometric Authentication | static | MASWE-0045 |
L2 |
MASTG-TEST-0327 |
References to APIs for Event-Bound Biometric Authentication | static | MASWE-0044 |
L2 |
MASTG-TEST-0328 |
References to APIs Detecting Biometric Enrollment Changes | static | MASWE-0046 |
L2 |
MASTG-TEST-0329 |
References to APIs Enforcing Authentication without Explicit User Action | static | MASWE-0044 |
L2 |
MASTG-TEST-0330 |
References to APIs for Keys used in Biometric Authentication with Extended Validity Duration | static | MASWE-0044 |
L2 |
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0266 |
References to APIs for Event-Bound Biometric Authentication | static | MASWE-0044 |
L2 |
MASTG-TEST-0267 |
Runtime Use Of Event-Bound Biometric Authentication | dynamic | MASWE-0044 |
L2 |
MASTG-TEST-0268 |
References to APIs Allowing Fallback to Non-Biometric Authentication | static | MASWE-0045 |
L2 |
MASTG-TEST-0269 |
Runtime Use Of APIs Allowing Fallback to Non-Biometric Authentication | dynamic | MASWE-0045 |
L2 |
MASTG-TEST-0270 |
References to APIs Detecting Biometric Enrollment Changes | static | MASWE-0046 |
L2 |
MASTG-TEST-0271 |
Runtime Use Of APIs Detecting Biometric Enrollment Changes | static | MASWE-0046 |
L2 |
- MASVS-NETWORK-1: The app secures all network traffic according to the current best practices.
- MASVS-NETWORK-2: The app performs identity pinning for all remote endpoints under the developer's control.
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0321 |
Hardcoded HTTP URLs | static | MASWE-0050 |
L1, L2 |
MASTG-TEST-0322 |
App Transport Security Configurations Allowing Cleartext Traffic | static | MASWE-0050 |
L1, L2 |
MASTG-TEST-0323 |
Uses of Low-Level Networking APIs for Cleartext Traffic | static | MASWE-0050 |
L1, L2 |
- MASVS-PLATFORM-1: The app uses IPC mechanisms securely.
- MASVS-PLATFORM-2: The app uses WebViews securely.
- MASVS-PLATFORM-3: The app uses the user interface securely.
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0276 |
Use of the iOS General Pasteboard | static | MASWE-0053 |
L2 |
MASTG-TEST-0277 |
Sensitive Data in the iOS General Pasteboard at Runtime | dynamic | MASWE-0053 |
L2 |
MASTG-TEST-0278 |
Pasteboard Contents Not Cleared After Use | static | MASWE-0053 |
L2 |
MASTG-TEST-0279 |
Pasteboard Contents Not Expiring | static | MASWE-0053 |
L2 |
MASTG-TEST-0280 |
Pasteboard Contents Not Restricted to Local Device | static | MASWE-0053 |
L2 |
MASTG-TEST-0290 |
Runtime Verification of Sensitive Content Exposure in Screenshots During App Backgrounding | dynamic, manual | MASWE-0055 |
L2 |
MASTG-TEST-0331 |
Use of Deprecated WebView APIs | static | MASWE-0072 |
L1, L2 |
MASTG-TEST-0332 |
Attacker-Controlled URI in WebViews | static | MASWE-0071 |
L1, L2, P |
MASTG-TEST-0333 |
Overly Broad File Read Access in WebViews | static | MASWE-0069 |
L1, L2 |
- MASVS-CODE-1: The app requires an up-to-date platform version.
- MASVS-CODE-2: The app has a mechanism for enforcing app updates.
- MASVS-CODE-3: The app only uses software components without known vulnerabilities.
- MASVS-CODE-4: The app validates and sanitizes all untrusted inputs.
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0222 |
Position Independent Code (PIC) Not Enabled | static | MASWE-0116 |
L2 |
MASTG-TEST-0223 |
Stack Canaries Not Enabled | static | MASWE-0116 |
L2 |
MASTG-TEST-0245 |
References to Platform Version APIs | static | MASWE-0077 |
L2 |
MASTG-TEST-0272 |
Identify Dependencies with Known Vulnerabilities in the Android Project | static | MASWE-0076 |
L1, L2 |
MASTG-TEST-0274 |
Dependencies with Known Vulnerabilities in the App's SBOM | static, developer | MASWE-0076 |
L1, L2 |
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0228 |
Position Independent Code (PIC) not Enabled | static | MASWE-0116 |
L2 |
MASTG-TEST-0229 |
Stack Canaries Not enabled | static | MASWE-0116 |
L2 |
MASTG-TEST-0230 |
Automatic Reference Counting (ARC) not enabled | static | MASWE-0116 |
L2 |
MASTG-TEST-0273 |
Identify Dependencies with Known Vulnerabilities by Scanning Dependency Managers Artifacts | static | MASWE-0076 |
L1, L2 |
MASTG-TEST-0275 |
Dependencies with Known Vulnerabilities in the App's SBOM | static, developer | MASWE-0076 |
L1, L2 |
- MASVS-RESILIENCE-1: The app validates the integrity of the platform.
- MASVS-RESILIENCE-2: The app implements anti-tampering mechanisms.
- MASVS-RESILIENCE-3: The app implements anti-static analysis mechanisms.
- MASVS-RESILIENCE-4: The app implements anti-dynamic analysis techniques.
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0224 |
Usage of Insecure APK Signature Version | static | MASWE-0104 |
R |
MASTG-TEST-0225 |
Usage of Insecure APK Signature Key Size | static | MASWE-0104 |
R |
MASTG-TEST-0226 |
Debuggable Flag Enabled in the AndroidManifest | static | MASWE-0067 |
R |
MASTG-TEST-0227 |
Debugging Enabled for WebViews | static | MASWE-0067 |
R |
MASTG-TEST-0247 |
References to APIs for Detecting Secure Screen Lock | static | MASWE-0008 |
L2 |
MASTG-TEST-0249 |
Runtime Use of Secure Screen Lock Detection APIs | dynamic | MASWE-0008 |
L2 |
MASTG-TEST-0263 |
Logging of StrictMode Violations | dynamic | MASWE-0094 |
R |
MASTG-TEST-0264 |
Runtime Use of StrictMode APIs | dynamic | MASWE-0094 |
R |
MASTG-TEST-0265 |
References to StrictMode APIs | static | MASWE-0094 |
R |
MASTG-TEST-0288 |
Debugging Symbols in Native Binaries | static | MASWE-0093 |
R |
MASTG-TEST-0324 |
References to Root Detection Mechanisms | static | MASWE-0097 |
R |
MASTG-TEST-0325 |
Runtime Use of Root Detection Techniques | dynamic | MASWE-0097 |
R |
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0219 |
Testing for Debugging Symbols | static | MASWE-0093 |
R |
MASTG-TEST-0220 |
Usage of Outdated Code Signature Format | static | MASWE-0104 |
R |
MASTG-TEST-0240 |
Jailbreak Detection in Code | dynamic | MASWE-0097 |
R |
MASTG-TEST-0241 |
Runtime Use of Jailbreak Detection Techniques | dynamic | MASWE-0097 |
R |
MASTG-TEST-0246 |
Runtime Use of Secure Screen Lock Detection APIs | dynamic | MASWE-0008 |
L2 |
MASTG-TEST-0248 |
References to APIs for Detecting Secure Screen Lock | static | MASWE-0008 |
L2 |
MASTG-TEST-0261 |
Debuggable Entitlement Enabled in the entitlements.plist | static | MASWE-0067 |
R |
- MASVS-PRIVACY-1: The app minimizes access to sensitive data and resources.
- MASVS-PRIVACY-2: The app prevents identification of the user.
- MASVS-PRIVACY-3: The app is transparent about data collection and usage.
- MASVS-PRIVACY-4: The app offers user control over their data.
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0206 |
Undeclared PII in Network Traffic Capture | dynamic, network | MASWE-0108 |
P |
MASTG-TEST-0254 |
Dangerous App Permissions | static | MASWE-0117 |
P |
MASTG-TEST-0255 |
Permission Requests Not Minimized | MASWE-0117 |
P | |
MASTG-TEST-0256 |
Missing Permission Rationale | MASWE-0117 |
P | |
MASTG-TEST-0257 |
Not Resetting Unused Permissions | MASWE-0117 |
P | |
MASTG-TEST-0318 |
References to SDK APIs Known to Handle Sensitive User Data | static | MASWE-0112 |
P |
MASTG-TEST-0319 |
Runtime Use of SDK APIs Known to Handle Sensitive User Data | dynamic | MASWE-0112 |
P |
| ID | Test | Type | Weakness | Profiles |
|---|---|---|---|---|
MASTG-TEST-0281 |
Undeclared Known Tracking Domains | static, dynamic | MASWE-0108 |
P |
MASTG-TECH-0047Reverse EngineeringMASTG-TECH-0048Static AnalysisMASTG-TECH-0049Dynamic AnalysisMASTG-TECH-0050Binary AnalysisMASTG-TECH-0051Tampering and Runtime InstrumentationMASTG-TECH-0119Intercepting HTTP Traffic by Hooking Network APIs at the Application LayerMASTG-TECH-0120Intercepting HTTP Traffic Using an Interception ProxyMASTG-TECH-0121Intercepting Non-HTTP Traffic Using an Interception ProxyMASTG-TECH-0122Passive EavesdroppingMASTG-TECH-0123Achieving a MITM Position via ARP SpoofingMASTG-TECH-0124Achieving a MITM Position Using a Rogue Access PointMASTG-TECH-0125Intercepting Xamarin Traffic
MASTG-TECH-0001Accessing the Device ShellMASTG-TECH-0002Host-Device Data TransferMASTG-TECH-0003Obtaining and Extracting AppsMASTG-TECH-0004Repackaging AppsMASTG-TECH-0005Installing AppsMASTG-TECH-0006Listing Installed AppsMASTG-TECH-0007Exploring the App PackageMASTG-TECH-0008Accessing App Data DirectoriesMASTG-TECH-0009Monitoring System LogsMASTG-TECH-0010Basic Network Monitoring/SniffingMASTG-TECH-0011Setting Up an Interception ProxyMASTG-TECH-0012Bypassing Certificate PinningMASTG-TECH-0013Reverse Engineering Android AppsMASTG-TECH-0014Static Analysis on AndroidMASTG-TECH-0015Dynamic Analysis on AndroidMASTG-TECH-0016Disassembling Code to SmaliMASTG-TECH-0017Decompiling Java CodeMASTG-TECH-0018Disassembling Native CodeMASTG-TECH-0019Retrieving StringsMASTG-TECH-0020Retrieving Cross ReferencesMASTG-TECH-0021Information Gathering - API UsageMASTG-TECH-0022Information Gathering - Network CommunicationMASTG-TECH-0023Reviewing Decompiled Java CodeMASTG-TECH-0024Reviewing Disassembled Native CodeMASTG-TECH-0025Automated Static AnalysisMASTG-TECH-0026Dynamic Analysis on Non-Rooted DevicesMASTG-TECH-0027Get Open FilesMASTG-TECH-0028Get Open ConnectionsMASTG-TECH-0029Get Loaded Native LibrariesMASTG-TECH-0030Sandbox InspectionMASTG-TECH-0031DebuggingMASTG-TECH-0032Execution TracingMASTG-TECH-0033Method TracingMASTG-TECH-0034Native Code TracingMASTG-TECH-0035JNI TracingMASTG-TECH-0036Emulation-based AnalysisMASTG-TECH-0037Symbolic ExecutionMASTG-TECH-0038PatchingMASTG-TECH-0039Repackaging & Re-SigningMASTG-TECH-0040Waiting for the DebuggerMASTG-TECH-0041Library InjectionMASTG-TECH-0042Getting Loaded Classes and Methods DynamicallyMASTG-TECH-0043Method HookingMASTG-TECH-0044Process ExplorationMASTG-TECH-0045Runtime Reverse EngineeringMASTG-TECH-0100Logging Sensitive Data from Network TrafficMASTG-TECH-0108Taint AnalysisMASTG-TECH-0109Intercepting Flutter HTTPS TrafficMASTG-TECH-0112Reverse Engineering Flutter ApplicationsMASTG-TECH-0115Obtaining Compiler-Provided Security FeaturesMASTG-TECH-0116Obtaining Information about the APK SignatureMASTG-TECH-0117Obtaining Information from the AndroidManifestMASTG-TECH-0126Obtaining App PermissionsMASTG-TECH-0127Inspecting an App's Backup DataMASTG-TECH-0128Performing a Backup and Restore of App DataMASTG-TECH-0129Verifying Android Dependencies at RuntimeMASTG-TECH-0130Software Composition Analysis (SCA) of Android Dependencies by Creating a SBOMMASTG-TECH-0131Software Composition Analysis (SCA) of Android Dependencies at Build TimeMASTG-TECH-0140Obtaining Debugging Information and SymbolsMASTG-TECH-0141Inspecting the Merged AndroidManifestMASTG-TECH-0142Inspecting WebView StorageMASTG-TECH-0143Monitor File System Operations in WebViewsMASTG-TECH-0144Bypassing Root DetectionMASTG-TECH-0145Working with XAPK Files
MASTG-TECH-0052Accessing the Device ShellMASTG-TECH-0053Host-Device Data TransferMASTG-TECH-0054Obtaining and Extracting AppsMASTG-TECH-0055Launching a Repackaged App in Debug ModeMASTG-TECH-0056Installing AppsMASTG-TECH-0057Listing Installed AppsMASTG-TECH-0058Exploring the App PackageMASTG-TECH-0059Accessing App Data DirectoriesMASTG-TECH-0060Monitoring System LogsMASTG-TECH-0061Dumping KeyChain DataMASTG-TECH-0062Basic Network Monitoring/SniffingMASTG-TECH-0063Setting up an Interception ProxyMASTG-TECH-0064Bypassing Certificate PinningMASTG-TECH-0065Reverse Engineering iOS AppsMASTG-TECH-0066Static Analysis on iOSMASTG-TECH-0067Dynamic Analysis on iOSMASTG-TECH-0068Disassembling Native CodeMASTG-TECH-0069Decompiling Native CodeMASTG-TECH-0070Extracting Information from the Application BinaryMASTG-TECH-0071Retrieving StringsMASTG-TECH-0072Retrieving Cross ReferencesMASTG-TECH-0073Information Gathering - API UsageMASTG-TECH-0074Information Gathering - Network CommunicationMASTG-TECH-0075Reviewing Decompiled Objective-C and Swift CodeMASTG-TECH-0076Reviewing Disassembled Objective-C and Swift CodeMASTG-TECH-0077Reviewing Disassembled Native CodeMASTG-TECH-0078Automated Static AnalysisMASTG-TECH-0079Obtaining a Developer Provisioning ProfileMASTG-TECH-0080Get Open FilesMASTG-TECH-0081Get Open ConnectionsMASTG-TECH-0082Get Shared LibrariesMASTG-TECH-0083TBDMASTG-TECH-0084DebuggingMASTG-TECH-0085Execution TracingMASTG-TECH-0086Method TracingMASTG-TECH-0087Native Code TracingMASTG-TECH-0088Emulation-based AnalysisMASTG-TECH-0089Symbolic ExecutionMASTG-TECH-0090Injecting Frida Gadget into an IPA AutomaticallyMASTG-TECH-0091Injecting Libraries into an IPA ManuallyMASTG-TECH-0092Signing IPA filesMASTG-TECH-0093Waiting for the debuggerMASTG-TECH-0094Getting Loaded Classes and Methods dynamicallyMASTG-TECH-0095Method HookingMASTG-TECH-0096Process ExplorationMASTG-TECH-0097Runtime Reverse EngineeringMASTG-TECH-0098Patching React Native AppsMASTG-TECH-0110Intercepting Flutter HTTPS TrafficMASTG-TECH-0111Extracting Entitlements from MachO BinariesMASTG-TECH-0112Obtaining the Code Signature Format VersionMASTG-TECH-0113Obtaining Debugging SymbolsMASTG-TECH-0114Demangling SymbolsMASTG-TECH-0118Obtaining Compiler-Provided Security FeaturesMASTG-TECH-0132Software Composition Analysis (SCA) of iOS Dependencies by Creating a SBOMMASTG-TECH-0133Software Composition Analysis (SCA) of iOS Dependencies by Scanning Package Manager ArtifactsMASTG-TECH-0134Monitoring the PasteboardMASTG-TECH-0135Bypassing Biometric AuthenticationMASTG-TECH-0136Retrieving PrivacyInfo.xcprivacy FilesMASTG-TECH-0137Analyzing PrivacyInfo.xcprivacy FilesMASTG-TECH-0138Convert Plist Files to JSONMASTG-TECH-0139Attach to WKWebViewMASTG-TECH-0146Dynamic Analysis on Non-Jailbroken DevicesMASTG-TECH-0147Patching
MASTG-TOOL-0031Frida (source)MASTG-TOOL-0032Frida CodeShare (source)MASTG-TOOL-0033Ghidra (source)MASTG-TOOL-0034LIEF (source)MASTG-TOOL-0035MobSF (source)MASTG-TOOL-0036r2frida (source)MASTG-TOOL-0037RMS Runtime Mobile Security (source)MASTG-TOOL-0038objection (source)MASTG-TOOL-0098iaito (source)MASTG-TOOL-0100reFlutter (source)MASTG-TOOL-0101disable-flutter-tls-verification (source)MASTG-TOOL-0104hermes-dec (source)MASTG-TOOL-0106Fridump (source)MASTG-TOOL-0108Corellium (source)MASTG-TOOL-0110semgrep (source)MASTG-TOOL-0129rabin2 (source)MASTG-TOOL-0131dependency-check (source)MASTG-TOOL-0132dependency-track (source)MASTG-TOOL-0133Visual Studio Code (vscode) (source)MASTG-TOOL-0134cdxgen (source)MASTG-TOOL-0144gitleaks (source)MASTG-TOOL-0145Frooky (source)
MASTG-TOOL-0001Frida (Android) (source)MASTG-TOOL-0002MobSF (Android) (source)MASTG-TOOL-0003nm (Android) (source)MASTG-TOOL-0004adb (source)MASTG-TOOL-0005Android NDK (source)MASTG-TOOL-0006Android SDK (source)MASTG-TOOL-0007Android Studio (source)MASTG-TOOL-0008Android-SSL-TrustKiller (source)MASTG-TOOL-0009APKiD (source)MASTG-TOOL-0010APKLab (source)MASTG-TOOL-0011Apktool (source)MASTG-TOOL-0012apkx (source)MASTG-TOOL-0013Busybox (source)MASTG-TOOL-0014Bytecode Viewer (source)MASTG-TOOL-0015drozer (source)MASTG-TOOL-0016gplaycli (source)MASTG-TOOL-0017House (source)MASTG-TOOL-0018jadx (source)MASTG-TOOL-0019jdb (source)MASTG-TOOL-0020JustTrustMe (source)MASTG-TOOL-0021Magisk (source)MASTG-TOOL-0022ProGuard (source)MASTG-TOOL-0023RootCloak Plus (source)MASTG-TOOL-0024Scrcpy (source)MASTG-TOOL-0025SSLUnpinning (source)MASTG-TOOL-0026Termux (source)MASTG-TOOL-0027Xposed (source)MASTG-TOOL-0028radare2 for Android (source)MASTG-TOOL-0029objection (Android) (source)MASTG-TOOL-0030Angr (source)MASTG-TOOL-0099FlowDroid (source)MASTG-TOOL-0103uber-apk-signer (source)MASTG-TOOL-0107jnitrace (source)MASTG-TOOL-0112pidcat (source)MASTG-TOOL-0116blutter (source)MASTG-TOOL-0120ProxyDroid (source)MASTG-TOOL-0123apksigner (source)MASTG-TOOL-0124aapt2 (source)MASTG-TOOL-0125Apkleaks (source)MASTG-TOOL-0130blint (source)MASTG-TOOL-0140frida-multiple-unpinning (source)MASTG-TOOL-0146RootBeer (source)MASTG-TOOL-0147Android RASP (source)MASTG-TOOL-0148apkeep (source)MASTG-TOOL-0149LSPosed (source)
MASTG-TOOL-0039Frida (iOS) (source)MASTG-TOOL-0040MobSF (iOS) (source)MASTG-TOOL-0041nm (iOS) (source)MASTG-TOOL-0042BinaryCookieReader (source)MASTG-TOOL-0043class-dump (source)MASTG-TOOL-0044class-dump-z (source)MASTG-TOOL-0045class-dump-dyld (source)MASTG-TOOL-0046Cycript (source)MASTG-TOOL-0047Cydia (source)MASTG-TOOL-0048dsdump (source)MASTG-TOOL-0049Frida-cycript (source)MASTG-TOOL-0050Frida-ios-dump (source)MASTG-TOOL-0051gdb (source)MASTG-TOOL-0053iOSbackup (source)MASTG-TOOL-0054ios-deploy (source)MASTG-TOOL-0055iproxy (source)MASTG-TOOL-0056Keychain-Dumper (source)MASTG-TOOL-0057lldb (source)MASTG-TOOL-0058MachoOView (source)MASTG-TOOL-0059optool (source)MASTG-TOOL-0060otool (source)MASTG-TOOL-0061Grapefruit (source)MASTG-TOOL-0062Plutil (source)MASTG-TOOL-0063security (source)MASTG-TOOL-0064Sileo (source)MASTG-TOOL-0065simctl (source)MASTG-TOOL-0066SSL Kill Switch 3 (source)MASTG-TOOL-0067swift-demangle (source)MASTG-TOOL-0068SwiftShield (source)MASTG-TOOL-0069Usbmuxd (source)MASTG-TOOL-0070Xcode (source)MASTG-TOOL-0071Xcode Command Line Tools (source)MASTG-TOOL-0072xcrun (source)MASTG-TOOL-0073radare2 (iOS) (source)MASTG-TOOL-0074objection (iOS) (source)MASTG-TOOL-0102ios-app-signer (source)MASTG-TOOL-0105ipsw (source)MASTG-TOOL-0111ldid (source)MASTG-TOOL-0114codesign (source)MASTG-TOOL-0117fastlane (source)MASTG-TOOL-0118Sideloadly (source)MASTG-TOOL-0121objdump (iOS) (source)MASTG-TOOL-0122c++filt (source)MASTG-TOOL-0126libimobiledevice suite (source)MASTG-TOOL-0127AppSync Unified (source)MASTG-TOOL-0128Filza (source)MASTG-TOOL-0135PlistBuddy (source)MASTG-TOOL-0136plistlib (source)MASTG-TOOL-0137GlobalWebInspect (source)MASTG-TOOL-0138ipainstaller (source)MASTG-TOOL-0139ElleKit (source)MASTG-TOOL-0141IOSSecuritySuite (source)MASTG-TOOL-0142Choicy (source)
MASTG-TOOL-0075tcpdump (Android) (source)MASTG-TOOL-0076bettercap (source)MASTG-TOOL-0077Burp Suite (source)MASTG-TOOL-0078MITM Relay (source)MASTG-TOOL-0079ZAP (Zed Attack Proxy) (source)MASTG-TOOL-0080tcpdump (source)MASTG-TOOL-0081Wireshark (source)MASTG-TOOL-0097mitmproxy (source)MASTG-TOOL-0109Nope-Proxy (source)MASTG-TOOL-0115HTTP Toolkit (source)MASTG-TOOL-0143badssl (source)
Generated by mastg-index from OWASP/mastg and MASVS v2.1.0.