Automated Firebase recon and security scanner. Extracts from APKs or IPAs and checks for unauthorized read and write access on Firestore, Realtime Database, Storage buckets, Remote Config, Cloud Functions, and detects hardcoded service accounts.

The Flutter Decompiler: CLI tool that decompiles Flutter Android AOT (libapp.so) into Dart-like pseudocode, supporting obfuscated builds.

Complete Kali NetHunter KeX Rootless Setup for Android with Working Audio & Browser Sound | Mobile Penetration Testing Environment | Termux

🪝 Android pentesting toolkit - Frida server manager + Burp Suite proxy

APK-Translate is a Python script that converts localized app strings to English to simplify mobile pentesting, reverse engineering, and API security testing workflows.

A comprehensive collection of Frida scripts and Python tools for Android dynamic analysis. Includes PoCs for bypassing SSL pinning, root detection, obfuscation, and client-side cryptographic integrity checks.

A curated resource for mobile security testing based on OWASP MASTG. Includes notes, tools, and practical examples for pentesters and developers.

Not So deepLink is a python script allowing to list and verify deeplinks and Universal Links from Android and iOS apps using an ADB access or an APK/IPA file. It can also list some potential deeplinks handling in code samples using pattern matches (Android Only).

Your complete roadmap to Android Mobile Penetration Testing Interactive mindmap with tools, methodologies, vulnerable practice apps, and official documentation links. Everything in one place for beginners and pros alike.

A comprehensive penetration testing toolkit for Flutter applications. Includes SSL pinning bypass techniques, Frida scripts, static/dynamic analysis guides, automated security scanning tools, and real-world case studies. Everything you need to assess Flutter app security on Android & iOS

🔧 Automate Burp CA installation on Android with this Bash script, converting certificates and ensuring network interception works seamlessly.

🔐 Conduct penetration tests on Flutter applications for iOS and Android, ensuring robust security for your mobile applications with this essential toolkit.

Intentionally vulnerable Android e-commerce app for mobile penetration testing training with 40+ documented vulnerabilities across OWASP Mobile Top 10, LLM Top 10 and Business Logic flaws

Hermes-Sens is an automated static analysis tool for React Native Android applications. It decompiles APKs using apktool, decompiles Hermes bytecode into pseudo-JavaScript, and extracts sensitive artifacts such as secrets, tokens, endpoints, and authentication logic using pattern-based analysis.