> For the complete documentation index, see [llms.txt](https://nightowl131.gitbook.io/aapg/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://nightowl131.gitbook.io/aapg/master.md).

# AAPG

## General information

My primary goal with this repo is to define a comprehensive **Android application penetration testing guide**. :nerd:&#x20;

This is an **operational** guide with the intention to assist you while performing a penetration-test and \
\&#xNAN;***NOT*** an educational guide (sorry guys :man\_shrugging:). \
\
I will provide what I've learned / will learn at work and share it here with you. To improve this guide, I would highly appreciate your help with everything you have successfully used in the wild and/or experienced so far at work.

## Used tools

* [apktool](https://ibotpeaches.github.io/Apktool/install/)&#x20;
  * AUR package (`yay -S android-apktool`)&#x20;
* [dex2jar](https://github.com/pxb1988/dex2jar)&#x20;
* [jd-gui](https://github.com/java-decompiler/jd-gui)&#x20;
* [jadx](https://github.com/skylot/jadx)&#x20;
* [adb](https://en.droidwiki.org/wiki/Android_Debug_Bridge)
  * I personally recommend installing *android-studio* \
    it comes with the SDK - including all platform-tools:
    * `sudo pacman -S andriod-studio`&#x20;
* [bettercap](https://www.bettercap.org/legacy/index.html#document-install)&#x20;
  * `sudo pacman -S bettercap`
* [dnSpy](https://github.com/0xd4d/dnSpy) - .NET decompiler (in case of Xamarin Apps)&#x20;
* [enjarify](https://github.com/google/enjarify)&#x20;
* [apk decompiler for lazy](https://github.com/b-mueller/apkx)

{% hint style="info" %}
All recommendations are based on my personal experience only.
{% endhint %}
