APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
☆954Jan 17, 2025Updated last year
Alternatives and similar repositories for APKHunt
Users that are interested in APKHunt are comparing it to the libraries listed below
Sorting:
- Mobile Edge-Dynamic Unified Security Analysis☆2,183Updated this week
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues☆374Jul 25, 2023Updated 2 years ago
- A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomain…☆888May 3, 2023Updated 2 years ago
- NucleiFuzzer is a robust automation tool that efficiently detects web application vulnerabilities, including XSS, SQLi, SSRF, and Open Re…☆1,823Aug 20, 2025Updated 6 months ago
- A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities …☆2,276Jun 9, 2024Updated last year
- Scanning APK file for URIs, endpoints & secrets.☆5,974Aug 20, 2025Updated 6 months ago
- A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets☆1,529Jan 15, 2026Updated last month
- A simple tool for bypassing file upload restrictions.☆894Jul 22, 2024Updated last year
- Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime☆2,973Feb 25, 2026Updated last week
- Community curated list of nuclei templates for finding "unknown" security vulnerabilities.☆89May 2, 2024Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆753Dec 19, 2023Updated 2 years ago
- An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws☆3,925Oct 4, 2025Updated 5 months ago
- A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.☆319Nov 12, 2025Updated 3 months ago
- fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.☆937Aug 24, 2023Updated 2 years ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,771May 22, 2024Updated last year
- Hidden parameters discovery suite☆2,027Sep 8, 2024Updated last year
- linWinPwn is a bash script that streamlines the use of a number of Active Directory tools☆2,156Updated this week
- Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.☆1,583Mar 4, 2024Updated last year
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆978Jan 12, 2024Updated 2 years ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.☆576Sep 25, 2025Updated 5 months ago
- A python script to scan for Apache Tomcat server vulnerabilities.☆887Jan 12, 2026Updated last month
- i will upload more templates here to share with the comunity.☆567Apr 17, 2024Updated last year
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,370Oct 27, 2023Updated 2 years ago
- Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…☆1,153Jan 21, 2026Updated last month
- reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and findin…☆7,259Updated this week
- Standalone utility for service discovery on open ports!☆718Jan 13, 2026Updated last month
- Quickly discover exposed hosts on the internet using multiple search engines.☆2,827Feb 25, 2026Updated last week
- Real-world infosec wordlists, updated regularly☆1,642Updated this week
- A lightweight tool for orchestrating and organizing your bug hunting recon / pentesting command-line workflows☆300Sep 8, 2023Updated 2 years ago
- An IIS short filename enumeration tool☆1,126Nov 25, 2024Updated last year
- Smart context-based SSRF vulnerability scanner.☆360May 5, 2022Updated 3 years ago
- An XSS exploitation command-line interface and payload generator.☆1,414Jan 19, 2025Updated last year
- The repo contains a series of challenges for learning Frida for Android Exploitation.☆1,216Feb 22, 2026Updated last week
- Fast and customizable subdomain wordlist generator using DSL☆928Feb 5, 2026Updated 3 weeks ago
- Android security insights in full spectrum.☆949Jul 26, 2025Updated 7 months ago
- Automating situational awareness for cloud penetration tests.☆2,299Updated this week
- This map lists the essential techniques to bypass anti-virus and EDR☆3,161Mar 28, 2025Updated 11 months ago
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one pl…☆1,039Aug 23, 2025Updated 6 months ago
- 🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast…☆1,519Updated this week