by This is a great tool that will decompile an apk into source or smali code and scan for vulnerabilities.
### Setup script
$ git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
$ cd Mobile-Security-Framework-MobSF
$ ./setup.sh
$ ./run.sh 127.0.0.1:8000
[2022-10-03 13:15:50 -0500] [65969] [INFO] Starting gunicorn 20.1.0
[2022-10-03 13:15:50 -0500] [65969] [INFO] Listening at: http://127.0.0.1:8000 (65969)
[2022-10-03 13:15:50 -0500] [65969] [INFO] Using worker: gthread
[2022-10-03 13:15:50 -0500] [65970] [INFO] Booting worker with pid: 65970
[INFO] 03/Oct/2022 18:16:36 -
__ __ _ ____ _____ _____ ____
| \/ | ___ | |__/ ___|| ___|_ _|___ / | ___|
| |\/| |/ _ \| '_ \___ \| |_ \ \ / / |_ \ |___ \
| | | | (_) | |_) |__) | _| \ V / ___) | ___) |
|_| |_|\___/|_.__/____/|_| \_/ |____(_)____/
[INFO] 03/Oct/2022 18:16:36 - Mobile Security Framework v3.5.2 Beta
REST API Key: c1bc9c8d57fa99ac65d805eeecd4d4b7444084216348bceff9632d20d7c15327
[INFO] 03/Oct/2022 18:16:36 - OS: Darwin
[INFO] 03/Oct/2022 18:16:36 - Platform: macOS-12.6-x86_64-i386-64bit
[INFO] 03/Oct/2022 18:16:36 - Dist: darwin 21.6.0https://github.com/MobSF/Mobile-Security-Framework-MobSF
https://hack.technoherder.com/mobile-application-penetration-testing-cheat-sheet/