AAPG

[A]ndroid [A]pplication [P]entest [G]uide

General information

My primary goal with this repo is to define a comprehensive Android application penetration testing guide. 🤓

This is an operational guide with the intention to assist you while performing a penetration-test and NOT an educational guide (sorry guys 🤷‍♂️). I will provide what I've learned / will learn at work and share it here with you. To improve this guide, I would highly appreciate your help with everything you have successfully used in the wild and/or experienced so far at work.

Used tools

apktool
- AUR package (yay -S android-apktool)
dex2jar
jd-gui
jadx
adb
- I personally recommend installing android-studio it comes with the SDK - including all platform-tools:
  - sudo pacman -S andriod-studio
bettercap
- sudo pacman -S bettercap
dnSpy - .NET decompiler (in case of Xamarin Apps)
enjarify
apk decompiler for lazy

All recommendations are based on my personal experience only.

Next1. MANUAL STATIC ANALYSIS

Last updated 4 years ago