This is a great tool that will decompile an apk into source or smali code and scan for vulnerabilities.
# Setup script
$ git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
$ cd Mobile-Security-Framework-MobSF
$ ./setup.sh
$ ./run.sh 127.0.0.1:8000
[2022-10-03 13:15:50 -0500] [65969] [INFO] Starting gunicorn 20.1.0
[2022-10-03 13:15:50 -0500] [65969] [INFO] Listening at: http://127.0.0.1:8000 (65969)
[2022-10-03 13:15:50 -0500] [65969] [INFO] Using worker: gthread
[2022-10-03 13:15:50 -0500] [65970] [INFO] Booting worker with pid: 65970
[INFO] 03/Oct/2022 18:16:36 -
__ __ _ ____ _____ _____ ____
| \/ | ___ | |__/ ___|| ___|_ _|___ / | ___|
| |\/| |/ _ \| '_ \___ \| |_ \ \ / / |_ \ |___ \
| | | | (_) | |_) |__) | _| \ V / ___) | ___) |
|_| |_|\___/|_.__/____/|_| \_/ |____(_)____/
[INFO] 03/Oct/2022 18:16:36 - Mobile Security Framework v3.5.2 Beta
REST API Key: c1bc9c8d57fa99ac65d805eeecd4d4b7444084216348bceff9632d20d7c15327
[INFO] 03/Oct/2022 18:16:36 - OS: Darwin
[INFO] 03/Oct/2022 18:16:36 - Platform: macOS-12.6-x86_64-i386-64bit
[INFO] 03/Oct/2022 18:16:36 - Dist: darwin 21.6.0GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a...
MobSFMobile Application Penetration Testing Cheat Sheet
The Mobile App Pentest cheat sheet was created to provide concise collection ofhigh value information on specific mobile application penetration testing topicsand checklist, which is mapped OWASP Mobile Risk Top 10 for conducting pentest. Mobile Application Security Testing Distributions * Appieā¦
Andrew Herd
