dragonjar-android-pentesting-skill

What problem does it solve?

It solves the problem of quickly identifying Android APK security weaknesses and runtime defenses by combining static analysis, dynamic instrumentation, and MASVS-aligned reporting in one repeatable workflow.

Core Features & Use Cases

• APK security auditing (static): Decode and decompile APKs, run manifest permission/component checks, search for hardcoded secrets, and enrich findings with Semgrep rules.
• Runtime defense analysis (RASP): Detect protection categories such as root/emulator/debug instrumentation and Frida/screenshot detection, then output actionable results.
• Authorized bypass + instrumentation: Generate and run appropriate Frida bypass profiles (e.g., SSL pinning and root detection) and validate security control behavior under an authorized lab setup.
• MASVS compliance scoring + reporting: Score results against OWASP MASVS controls and produce professional, evidence-driven outputs for remediation.

Use case: You receive a new Android banking/app APK and need a single workflow to (1) find secrets and insecure patterns, (2) determine what runtime protections it uses, (3) confirm exploitability in an authorized environment, and (4) generate a MASVS-informed report to guide fixes.

Quick Start

Use the dragonjar-android-pentesting-skill to audit an APK for static vulnerabilities and then run MASVS scoring for prioritized remediation.