
























MobSleuth is a collection of scripts using which we can setup a virtual lab for Android App security assessments.
Download now from the GitHub Repository
✨ With MobSleuth we get:
root access to the Android container.Setting up an Android app hacking lab has always been a challenge and many of us face the below challenges:
Most security engineers use third-party tools such as Genymotion, Bluestacks, Noxplayer, Memuplay. While these are good options to emulate your android app, they have propriataty usage licenses, needs an account before you use them and some even show advertisements 🧐.
Mobsleuth tries to solve this problem by using open-source tools and scripts to automate the setup of configuring Android hacking lab and provide useful scripts to ease the process of interceping traffic and perform dynamic instrumentation.
Few months back I discovered a great tool for Android emulation on x86-64 devices, called ReDroid. This was a perfect android emulator which I found to run well inside a docker container and also it was open-source.
Now, what remains is to install tools to intercept the traffic 🚧, decompile the APK, and perform dynamic instrumentation.
| Tool Name | Type | Description |
|---|---|---|
| MobSF | FOSS | Mobile Security Framework is an open-source, automated mobile app security testing tool. |
| reDroid | FOSS | Remote anDroid solution for emulating an Android device in a container. |
| Scrcpy | FOSS | A free and open-source tool that allows you to mirror and control your Android device from your computer via ADB. |
| Frida | FOSS | Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. |
| Jadx | FOSS | Dex to Java decompiler. |
| Objection | FOSS | Runtime Mobile Exploration. |
| Pidcat | FOSS | Colored logcat script which only shows log entries for a specific application package. |
| APKiD | FOSS | Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android. |
| ApkTool | FOSS | A tool for reverse engineering Android apk files. |
| BurpSuite CE | proprietary | Powerful web application security testing platform with interception, scanning, fuzzing, and more. |
I have created a simple architecture diagram to show how the tools are connected and how they interact with each other. Here is the diagram:
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。