A collection of open source android tools
3rd-party lists
Backdooring / code injection
- sensepost/kwetza - Python script to inject existing Android applications with a Meterpreter payload
- dana-at-cp/backdoor-apk - a shell script that simplifies the process of adding a backdoor to any Android APK file
- jlrodriguezf/WhatsPwn - Linux tool used to extract sensitive data, inject backdoor or drop remote shells on android devices
- Injecting Metasploit Payloads into Android Applications – Manually
Dynamic debugging
- smaliidea - a smali language plugin for IntelliJ IDEA/Android Studio
- swdunlop/AndBug - Android Debugging Library
- mateuszk87/BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
- feicong/jni_helper - Android SO自动化分析工具
Deobfuscation
- CalebFenton/simplify - Generic Android Deobfuscator
- CalebFenton/dex-oracle - A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
- apk-deguard.com - DeGuard | Statistical Deobfuscation for Android
Fuzzing
Emulator / Symbolic execution
- evilsocket/smali_emulator - emulate a smali source file generated by apktool
- AiC 2.0 - Test your Android applications in the Cloud
- angr - The next-generation binary analysis platform from UC Santa Barbara's Seclab
Static analysis
- reddr/LibScout - a light-weight and effective static analysis tool to detect third-party libraries in Android apps
- rednaga/APKiD - Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
- dorneanu/smalisca - Static Code Analysis for Smali files
- Xbalien/ADVDroid - statically vetting android apps based soot
- necst/heldroid - Dissect Android Apps Looking for Ransomware Functionalities
- mhelwig/apk-anal - Android APK analyzer based on radare2 and others, root/emulators detection, interesting API access
Decompiler
- handroguard - Reverse engineering, Malware and goodware analysis of Android applications
- Storyyeller/enjarify - a tool for translating Dalvik bytecode to equivalent Java bytecode
- Storyyeller/Krakatau - Java decompiler, assembler, and disassembler
- MinecraftForge/FernFlower - the first actually working analytical decompiler for Java and probably for a high-level programming language in general
- konloch/bytecode-viewer - A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
- anestisb/vdexExtractor - Tool to decompile & extract Android Dex bytecode from Vdex files
- skylot/jadx - Dex to Java decompiler
Unpacking
- bunnyblue/DexExtractor - android dex extractor
- CheckPointSW/android_unpacker - A generic unpacker for packed Android apps
- DrizzleRisk/TUnpacker - TUnpacker是一款Android脱壳工具
- smartdone/dexdump - 快速脱一代壳的xposed插件
Instrumentation
- frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers
- Frida CodeShare
- brompwnie/uitkyk - Android Frida library to hunt Android Malware
- VerSprite/engage - Scripts and Resources for the Frida Engage Blog Series
- Mind0xP/Frida-Python-Binding - Easy to use Frida python binding script
- roxanagogonea/frida-scripts - Frida scripts
- samyk/frisky - Instruments to assist in binary application reversing and augmentation, geared towards walled gardens like iOS and macOS
- fortiguard-lion/FRIDA-scripts - this repo contains some FRIDA scripts used for Android RE
- integrity-sa/android - frida/hooks/pinning
- OALabs/frida-wshook - Script analysis tool based on Frida.re
- IOActive/BlueCrawl - Frida (Android) Script for extracting bluetooth information
- iddoeldor/frida-snippets - Hand-crafted Frida examples
- 0xdea/frida-scripts - A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps
- eybisi/fridaScripts - quick&dirty frida scripts
- hookmaster/frida-all-in-one - 《FRIDA操作手册》by @hluwa @r0ysue
- samsung/adbi - Android Dynamic Binary Instrumentation tool for tracing Android native layer
- asLody/legend - a Hook framework for Android Development, it allows you to Hook Java methods without ROOT
- rrrfff/AndHook - Android hook framework
- tiann/epic - Dynamic java method AOP hook for Android(continution of Dexposed on ART), Supporting 4.0~8.1
- AndroidHooker/hooker - an opensource project for dynamic analyses of Android applications
- Xposed module
- pylerSM/NoDeviceCheck - [Xposed module] Disable SafeAPI device compatibility check
- ac-pm/SSLUnpinning_Xposed - Android Xposed Module to bypass SSL certificate validation (Certificate Pinning)
- Fuzion24/JustTrustMe - An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
- ac-pm/Inspeckage - Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
- android-hacker/VirtualXposed - A Simple App to use Xposed without root or unlock the bootloader(or modify system image etc)
- veeti/DisableFlagSecure - An Xposed Framework module that disables FLAG_SECURE on windows system-wide.
Hooking
- ele7enxxh/Android-Inline-Hook - thumb16/thumb32/arm32/inline hook library for Android
- nccgroup/assethook - an LD_PRELOAD-based hooking library that allows for replacing APK asset files dynamically without modifying an APK
- iqiyi/xHook - a PLT (Procedure Linkage Table) hook library for Android native ELF (executable and shared libraries)
- rk700/YAHFA - Yet Another Hook Framework for ART
Vulnerability identification
Analysis framework / Integrated Environment
- Droidefense: Advance Android Malware Analysis Framework http://droidefense.com
- xtiankisutsa/MARA_Framework - a Mobile Application Reverse engineering and Analysis Framework
- MobSF/Mobile-Security-Framework-MobSF - an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing
- flankerhqd/JAADAS - Joint Advanced Defect assEsment for android applications
- trueseeing - a fast, accurate and resillient vulnerabilities scanner for Android apps. It operates on Android Packaging File (APK) and outputs a comprehensive report in HTML. It doesn’t matter if the APK is obfuscated or not
- nccgroup/LazyDroid - bash script to facilitate some aspects of an Android application assessment
- Appie – Android Pentesting Portable Integrated Environment
- ernw/AndroTickler - A java tool that helps to pentest Android apps faster, more easily and more efficiently
- cSploit/android - Android network pentesting suite
- AndroidSecurityTools/lobotomy - Android security toolkit that will automate different Android assessments and reverse engineering tasks
- AndroidVTS/android-vts - Android Vulnerability Test Suite
- Qrilee/ApkToolBox - ApkTool Box,Apk集成反编译工具箱
- abhi-r3v0/Adhrit - an open source Android APK reversing and analysis tool that can help secuity researchers and CTF enthusiasts alike
- 1N3/ReverseAPK - Quickly analyze and reverse engineer Android packages
- zsdlove/ApkVulCheck - 安卓漏洞扫描工具
Fastboot tool
Forensics
VM detection
3rdparty OS
Packer
- sslab-gatech/avpass - Tool for leaking and bypassing Android malware detection system
- leonnewton/selfmodify - Dalvik字节码自篡改原理及实现
Libraries
Uncategorized
- strazzere/android-scripts - Collection of Android reverse engineering scripts
- vaibhavpandeyvpz/apkstudio - Cross-platform Qt5 based IDE for reverse-engineering android applications
- CyberSaxosTiGER/androidDump - A tool pulls loaded binaries ordered by memory regions
- CERTCC/keyfinder - A tool for finding and analyzing private (and public) key files, including support for Android APK files
- anbox - a container-based approach to boot a full Android system on a regular GNU/Linux system
- google/python-ad - Python ADB + Fastboot implementation
- ashishb/adb-enhanced - ADB enhanced for developers
- Genymobile/gnirehtet - Gnirehtet provides reverse tethering for Android
- UltimateHackers/Diggy - Extract enpoints from apk files
- oranav/i9300_emmc_toolbox - Samsung Galaxy S3 GT-I9300 eMMC toolbox
- Genymobile/scrcpy - Display and control your Android device
- WooyunDota/DroidSSLUnpinning - Android certificate pinning disable tools
- BryanSharp/hibeaver - an android plugin for AOP design by modifying project byte code during build of the package
- bkerler/dump_avb_signature - Dump/Verify Android Verified Boot Signature Hash
- android-art-intel/Nougat - ART-Extension for Android Nougat
- XekriCorp/LeakVM - Research & Pentesting Framework for Android, Run security tests instantly
- chrisk44/Hijacker - Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android
- fourbrother/kstools - Android中自动爆破签名工具
- airbus-seclab/android_emuroot - a Python script that allows to grant root privileges to Google API Playstore emulator shells on the fly to help Reverse Engineers to go deeper into their investigations
- topjohnwu/Magisk - A Magic Mask to Alter Android System Systemless-ly
SDL
- tanprathan/MobileApp-Pentest-Cheatsheet - provide concise collection of high value information on specific mobile application penetration testing topics
- b-mueller/android_app_security_checklist - Android App Security Checklist
- The Grey Matter of Securing Android Applications
- doridori/Android-Security-Reference - A W.I.P Android Security Ref
Writeups
Pure wiki
Books