This is a great tool that will decompile an apk into source or smali code and scan for vulnerabilities.

# Setup script
$ git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
$ cd Mobile-Security-Framework-MobSF   
$ ./setup.sh


$ ./run.sh 127.0.0.1:8000
[2022-10-03 13:15:50 -0500] [65969] [INFO] Starting gunicorn 20.1.0
[2022-10-03 13:15:50 -0500] [65969] [INFO] Listening at: http://127.0.0.1:8000 (65969)
[2022-10-03 13:15:50 -0500] [65969] [INFO] Using worker: gthread
[2022-10-03 13:15:50 -0500] [65970] [INFO] Booting worker with pid: 65970
[INFO] 03/Oct/2022 18:16:36 - 
  __  __       _    ____  _____       _____  ____  
 |  \/  | ___ | |__/ ___||  ___|_   _|___ / | ___| 
 | |\/| |/ _ \| '_ \___ \| |_  \ \ / / |_ \ |___ \ 
 | |  | | (_) | |_) |__) |  _|  \ V / ___) | ___) |
 |_|  |_|\___/|_.__/____/|_|     \_/ |____(_)____/ 

[INFO] 03/Oct/2022 18:16:36 - Mobile Security Framework v3.5.2 Beta
REST API Key: c1bc9c8d57fa99ac65d805eeecd4d4b7444084216348bceff9632d20d7c15327
[INFO] 03/Oct/2022 18:16:36 - OS: Darwin
[INFO] 03/Oct/2022 18:16:36 - Platform: macOS-12.6-x86_64-i386-64bit
[INFO] 03/Oct/2022 18:16:36 - Dist: darwin 21.6.0
GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a...

Mobile Application Penetration Testing Cheat Sheet
The Mobile App Pentest cheat sheet was created to provide concise collection ofhigh value information on specific mobile application penetration testing topicsand checklist, which is mapped OWASP Mobile Risk Top 10 for conducting pentest. Mobile Application Security Testing Distributions * Appieā€¦