Knowledge Base for Penetration Testing
Overview A compilation of commonly used Mobile Application Testing Tools, broken down by tool and denoted by Platform (Android or iOS). MobSF – Platform: Android, iOS MobSF is as close as you’ll likely get to free, Open-Source Vulnerability Scanning for Android and iOS Applications. Extremely intuitive to use. To scan an application, upload the respective […]
Jailbreaking Before you start: You’ll need an Apple ID/ Apple Developer Account via https://appleid.apple.com/ and https://developer.apple.com I believe that Impactor needs a full developer account at this point. unc0ver Jailbreak for iOS 11.0 – 12.2 Cydia Impactor: Unc0ver.ipa: Installing Unc0verMake sure you create a backup in iTunes and/or iCloud before doing this, just to be safe Steps: Using […]
Installing the VM Notes:Once the VM has been powered on this file cannot be edited, so ensure you untick “power on VM after installation”.During the setup process you’ll be asked to configure the file system with read/write access. Ensure you select yes for this for later steps. Configuring Android GUI Intercepting HTTP Traffic with Burp Device […]
Rooting Android & Jailbreaking iOS Android It is recommended to use an android device to test the application. If you cannot get one, then you can use an Android VM. Alternatively, you can configure an Android device. There are lots of guides on the Internet to root an Android device. A guide for Google Pixel rooting […]
Step by step guide on how to Root an Android Mobile Device. Google Pixel is used for demonstration. You can either connect the physical device through USB to the local computer or use Android Studio to run phone emulators.
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics and checklist, which is mapped OWASP Mobile Risk Top 10 for conducting pentest. Mobile Application Security Testing Distributions All-in-One Mobile Security Frameworks Android Application Penetration Testing Reverse Engineering and Static Analysis Dynamic […]
Most commonly used Android Debug Bridge (ADB) Shell Commands for Mobile Penetration Testing. The Android Debug Bridge is a programming tool used for the debugging of Android-based devices. The daemon on the Android device connects with the server on the host PC over USB or TCP, which connects to the client that is used by the end-user over TCP.
This is a great tool that will decompile an apk into source or smali code and scan for vulnerabilities. https://github.com/MobSF/Mobile-Security-Framework-MobSF https://hack.technoherder.com/mobile-application-penetration-testing-cheat-sheet/
Mobile device management (MDM) is the process of tracking, controlling, and securing the organization’s mobile infrastructure. MDM solutions are usually web-based platforms that enable administrators to work from a centralized console. Using MDM, the organization can enforce its security policies, as well as manage applications, data, and other content, all at once on every mobile […]
Apple has a strong reputation for security. Even so, all software has flaws, no matter how carefully you test it. CVEdetails.com lists over 4,000 vulnerabilities related to Apple products, with over 2,000 attributed to Mac OS X and over 1,400 related to iPhone iOS. Both the phone and desktop operating systems derive some of their […]
by 
