Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Documentation:

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Hand-crafted Frida examples

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

A Collection of Secure Mobile Development Best Practices

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Android Security Suite for APK reversing, in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Mobile penetration testing android & iOS command cheatsheet

Unofficial frida extension for VSCode

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

(WIP) Runtime Application Instruments for iOS. Previously Passionfruit

Testowanie oprogramowania - Książka dla początkujących testerów

A fast and elegant extension for VSCode used for iOSre projects.

Scanning APK file for URIs, endpoints & secrets.

VyAPI - A cloud based vulnerable hybrid Android App

Created by High-Tech Bridge, the Purposefully Insecure and Vulnerable Android Application (PIVAA) replaces outdated DIVA for benchmark of mobile vulnerability scanners.

GSM Assessment Toolkit - A security evaluation framework for GSM networks

GSM Scanner, RTL-SDR, StingWatch, Meteor

PowerAuth - Open-source solution for authentication, secure data storage and transport security in mobile banking.

Vulnerable Banking Suite

A repository for scripting a mobile attack toolchain

Digital Forensics with Kali Linux, published by Packt