AAPG
[A]ndroid [A]pplication [P]entest [G]uide

General information

My primary goal with this repo is to define a comprehensive Android application penetration testing guide.
πŸ€“
This is an operational guide with the intention to assist you while performing a penetration-test and NOT an educational guide (sorry guys
πŸ€·β™‚
). I will provide what I've learned / will learn at work and share it here with you. To improve this guide, I would highly appreciate your help with everything you have successfully used in the wild and/or experienced so far at work.

Used tools

  • ​apktool
    • AUR package (yay -S android-apktool)
  • ​dex2jar
  • ​jd-gui
  • ​jadx
  • ​adb​
    • I personally recommend installing android-studio it comes with the SDK - including all platform-tools:
      • sudo pacman -S andriod-studio
  • ​bettercap
    • sudo pacman -S bettercap
  • ​dnSpy - .NET decompiler (in case of Xamarin Apps)
  • ​enjarify
All recommendations are based on my personal experience only.
​
Last modified 2yr ago