mobile-pentest
CommunityComprehensive mobile app security testing
Authorwoohyun212
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Identifies security weaknesses in Android and iOS applications by combining static analysis, dynamic instrumentation, network interception, and storage inspection to find insecure storage, certificate pinning and root/jailbreak bypasses, and exposed secrets mapped to OWASP MASVS.
Core Features & Use Cases
- Static analysis: Decompile and inspect APKs/IPAs for hardcoded secrets, exported components, and insecure configuration using tools like JADX, apktool, class-dump, and otool.
- Dynamic instrumentation: Use Frida and objection to bypass SSL pinning, observe runtime behavior, and extract sensitive runtime artifacts.
- Network and storage inspection: Intercept traffic with a proxy, inspect SharedPreferences/NSUserDefaults, SQLite/Keychain, and validate TLS and certificate pinning controls.
- MASVS-aligned reporting: Map findings to OWASP MASVS categories and generate a structured findings report for remediation and compliance.
- Use Cases: Pre-release security assessments, bug bounty triage for mobile targets, and MASVS/MASTG compliance audits.
Quick Start
Request a full assessment of /tmp/target.apk to detect SSL pinning, exposed secrets, insecure storage, and produce a MASVS-mapped findings report.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: mobile-pentest Download link: https://github.com/woohyun212/security-skill/archive/main.zip#mobile-pentest Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.