README.md
March 1, 2026 ยท View on GitHub
A collection of awesome tools used by Mobile hackers. Happy hacking , Happy bug-hunting!
Family project
Table of Contents
Weapons
Attributes
| Attributes | |
|---|---|
| Types | Analysis Pentest Proxy RE Scripts Scanner Utils Device Discovery, Monitor, NFC, Target, Bluetooth, Jailbreak, Inject, Unpinning |
| Tags | SCRIPTS NFC Target Jailbreak Inject Hijack Unpinning Bluetooth Monitor Discovery |
| Langs | TypeScript Python Unknown C++ JavaScript Ruby Shell Java Go Objective-C Meson Kotlin C Objective-C++ |
All
| Type | Name | Description | Star |
|---|---|---|---|
| Analysis | flipper | A desktop debugging platform for mobile developers. |  |
| Analysis | RMS-Runtime-Mobile-Security | Runtime Mobile Security (RMS) ๐ฑ๐ฅ - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime |  |
| Analysis | scrounger | Mobile application testing toolkit |  |
| Pentest | metasploit-framework | Metasploit Framework |  |
| Proxy | zaproxy | The OWASP ZAP core project |  |
| Proxy | proxify | Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go. |  |
| Proxy | hetty | Hetty is an HTTP toolkit for security research. |  |
| Proxy | httptoolkit | HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac |  |
| Proxy | BurpSuite | The BurpSuite | |
| RE | frida-tools | Frida CLI tools |  |
| RE | fridump | A universal memory dumper using Frida |  |
| RE | frida | Clone this repo to build Frida |  |
| RE | ghidra | Ghidra is a software reverse engineering (SRE) framework |  |
| RE | diff-gui | GUI for Frida -Scripts |  |
| Scanner | StaCoAn | StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. |  |
| Scanner | Mobile-Security-Framework-MobSF | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. |  |
| Utils | watchman | Watches files and records, or triggers actions, when they change. |  |
| frida-scripts | A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps. |  | |
| frida-gadget | frida-gadget is a tool that can be used to patch APKs in order to utilize the Frida gadget. |  |
iOS
| Type | Name | Description | Star |
|---|---|---|---|
| Analysis | needle | The iOS Security Testing Framework |  |
| Analysis | iFunBox | General file management software for iPhone and other Apple products | |
| Analysis | iblessing | iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining. |  |
| Analysis | objection | ๐ฑ objection - runtime mobile exploration |  |
| RE | momdec | Core Data Managed Object Model Decompiler |  |
| RE | iSpy | A reverse engineering framework for iOS |  |
| RE | iRET | iOS Reverse Engineering Toolkit. |  |
| RE | Clutch | Fast iOS executable dumper |  |
| RE | class-dump | Generate Objective-C headers from Mach-O files. |  |
| RE | frida-ios-dump | pull decrypted ipa from Jailbreak device |  |
| RE | ipsw | iOS/macOS Research Swiss Army Knife |  |
| Utils | idb | idb is a flexible command line interface for automating iOS simulators and devices |  |
| ipainstaller | Install IPA from command line |  | |
| HideJB | a tweak has the ability to skip Jailbreak detection on iOS apps. | ||
| bfinject | Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra Jailbreaks |  | |
| A-Jailbreak | Super Jailbreak detection Jailbreak! | ||
| MEDUZA | A more or less universal SSL unpinning tool for iOS |  | |
| ssl-kill-switch2 | Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps |  | |
| Liberty | Bypass Jailbreak and SSL Pinning | ||
| toothpicker | ToothPicker is an in-process, coverage-guided fuzzer for iOS. for iOS Bluetooth |  | |
| FlyJB-X | You can HIDE Doing Jailbreak your iDevice. |  |
Android
| Type | Name | Description | Star |
|---|---|---|---|
| Analysis | apkleaks | Scanning APK file for URIs, endpoints & secrets. |  |
| Analysis | drozer | The Leading Security Assessment Framework for Android. |  |
| Pentest | HacknDroid | Automation of some Mobile Application Penetration Testing activities and interaction with the mobile Android device. |  |
| Pentest | Kali NetHunter | Mobile Penetration Testing Platform | |
| RE | bytecode-viewer | A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More) |  |
| RE | Apktool | A tool for reverse engineering Android apk files |  |
| RE | androguard | Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !) |  |
| RE | dex2jar | Tools to work with android .dex and java .class files |  |
| RE | jadx | Dex to Java decompiler |  |
| RE | jd-gui | A standalone Java Decompiler GUI |  |
| RE | JEB | reverse-engineering platform to perform disassembly, decompilation, debugging, and analysis of code and document files, manually or as part of an analysis pipeline. | |
| RE | btrace | ๐ฅ๐ฅ btrace(AKA RheaTrace) is a high performance Android trace tool which is based on Systrace, it support to define custom events automatically during building apk and using bhook to provider more native events like IO. |  |
| RE | jadx-ai-mcp | MCP server that provides access to JADX decompiler for AI assistants to analyze Android apps |  |
| RE | apkx | One-Step APK Decompilation With Multiple Backends |  |
| RE | Smali-CFGs | Smali Control Flow Graph's |  |
| RE | dex-oracle | A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis |  |
| RE | procyon | Procyon is a suite of Java metaprogramming tools, including a rich reflection API, a LINQ-inspired expression tree API for runtime code generation, and a Java decompiler. |  |
| RE | enjarify | Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications. |  |
| Scanner | qark | Tool to look for several security related Android application vulnerabilities |  |
| Utils | behe-keyboard | A lightweight hacking & programming keyboard with material design |  |
| Utils | termux-app | Termux - a terminal emulator application for Android OS extendible by variety of packages. |  |
| Utils | Magisk | The Magic Mask for Android |  |
| Device | scrcpy | Display and control your Android device |  |
| nfcgate | An NFC research toolkit application for Android |  | |
| googleplay | Download APK from Google Play or send API requests |  | |
| gplaydl | Command Line Google Play APK downloader. Download APK files to your PC directly from Google Play Store. |  | |
| Hijacker | Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI Application for Android |  | |
| PCAPdroid | No-root network monitor, firewall and PCAP dumper for Android |  | |
| gplaycli | Google Play Downloader via Command line |  | |
| PlaystoreDownloader | A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required) |  | |
| PortAuthority | A handy systems and security-focused tool, Port Authority is a very fast Android port scanner. Port Authority also allows you to quickly discover hosts on your network and will display useful network information about your device and other hosts. |  |
Thanks to (Contributor)
WHW's open-source project and made it with โค๏ธ if you want contribute this project, please see CONTRIBUTING.md and Pull-Request with cool your contents.
