Here you’ll find tools that are commonly used when checking the security of mobile applications. Whether it’s Android or iOS doesn’t matter much — the underlying principles are largely the same. Some of these tools are used for reverse engineering, others help observe what happens inside an app while it’s running, and some simply make it easier to understand how it behaves outside controlled, lab-like conditions.
It automatically analyses Android and iOS applications, highlighting weak points, configuration issues, and suspicious areas in the code. It works well as a starting point before deeper manual analysis, especially when time is limited.
It decompiles DEX files into readable Java code that can be properly worked with. It’s especially useful for analysing application logic, spotting hard-coded keys, and understanding how specific features are implemented.
It’s often used as an intermediate step before working with Java decompilers. It’s well suited for quick tasks where you need to access the code without extra setup or complexity.
It’s used in reverse engineering, digital forensics, binary analysis, and even exploit development. While it has a steeper learning curve, it offers a high level of control and flexibility when you need to work at a low level.
It allows you to quickly run applications, simulate different devices, and automate tests. It’s convenient for both developers and testers when it’s important to see how an app behaves in a real-world environment.
It’s often used to bypass SSL pinning, intercept function calls, and explore an application’s internal logic without recompiling it. A very powerful tool that opens up many possibilities for deep security analysis.
A set of scripts used to bypass SSL pinning in mobile applications. It allows HTTPS traffic to be intercepted even when developers have intentionally tried to block it.
