• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

kyawthiha7/Mobile-App-Pentest

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

kyawthiha7/Mobile-App-Pentest

开源软件地址(OpenSource Url):

https://github.com/kyawthiha7/Mobile-App-Pentest

开源编程语言(OpenSource Language):


开源软件介绍(OpenSource Introduction):

Mobile App Pentest

Mobile Application Penetration Testing - iOS and Andorid

Android

labs

Tools

  • frida : hooking method , bypassing root detection , bypassing cert pinning, etc .
  • Burpsuite : intercept request
  • apktool : reversing
  • Xposed Framework : hooking native method
  • Drozer : reverse engineerring
  • Tcpdump : capture the traffic
  • adb , fastboot : install apk , logging , push or pull file from devices.
  • sqlite browser : to browse sqlite database.
  • zipgrep : Searching purpose.
  • jdgui : code review
  • dex2jar : reverse engineering purpose
  • modSF : Dynamic Analysis
  • jarsigner : tool to sign and verify Java Archive (JAR/APK) files

Techniques

Tutorials & courses & books

CheckLists & Testing Guide

Public Exploits

iOS

jailbreak chart

Labs

Tools

  • Frida : hooking , bypassing , anlysis dynamic
  • GDB : Dynamic analysis
  • Cycript : Dynamic analysis
  • Clutch : Static Analysis
  • dumpdecrypted : dumping decrypted iPhone Applications to a file
  • class-dump : dumping class info
  • class-dump-z : dumping class info
  • otool : disassembler
  • strings : print all the strings in a given binary.
  • nm : utility that displays the symbol table of a given binary.
  • cydia impactor : for jailbreaking
  • openssh (cydia)
  • wget (cydia)
  • Erica Utilities
  • Snoop-it (cydia)
  • unzip (cydia)
  • adv-cmds (cydia)
  • usbmuxd : SSH over USB
  • syslogd
  • socat
  • burpsuite
  • iphonessh
  • idb

Techniques

Tutorials & courses & books

CheckLists & Testing Guide

Public Exploits

Checklist

Categories Issues
Network Certificate pinning
Weak Cipher
API to negotiated with SSL
Leak Info via Side Channel
Improper Usage of HTTP Method
Server Authentication
Injection
Session Management Issues
Server banners
Device Insecure Data Storage (log, database, keychain, NSUserDefaults, cache, etc)
JavaScript Execution(Webview)
Code Quality (codesign , debug symbol,free security features, etc ..)
Anti-reversing Detection(jailbreak/root detection, File integrity , Device Bonding )



鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap