OWASP / owasp-mastg
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
☆11,773Updated last week
Related projects ⓘ
Alternatives and complementary repositories for owasp-mastg
- The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.☆2,060Updated 2 months ago
- The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application pen…☆4,596Updated 9 months ago
- Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and …☆17,486Updated this week
- 📱 objection - runtime mobile exploration☆7,563Updated 2 months ago
- The Leading Security Assessment Framework for Android.☆3,944Updated 2 weeks ago
- Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime☆2,633Updated last month
- An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respect…☆3,045Updated 8 months ago
- A collection of android security related resources☆8,211Updated 2 months ago
- Tool to look for several security related Android application vulnerabilities☆3,200Updated 10 months ago
- A completely free, open source and online course about Reverse Engineering iOS Applications.☆2,662Updated 7 months ago
- Next generation web scanner☆5,557Updated 4 months ago
- In-depth attack surface mapping and asset discovery☆12,095Updated this week
- Web application fuzzer☆5,968Updated 3 months ago
- A toolkit for testing, tweaking and cracking JSON Web Tokens☆5,452Updated 3 months ago
- CTF framework and exploit development library☆12,127Updated 2 weeks ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,684Updated 3 years ago
- A Tool for Domain Flyovers☆5,644Updated 2 years ago
- Fast web fuzzer written in Go☆12,711Updated 4 months ago
- The ZAP by Checkmarx Core project☆12,751Updated this week
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆7,804Updated 7 months ago
- Android App Reverse Engineering Workshop☆1,425Updated 7 months ago
- A list of interesting payloads, tips and tricks for bug bounty hunters.☆5,945Updated last year
- The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.☆16,791Updated this week
- Scanning APK file for URIs, endpoints & secrets.☆4,960Updated last month
- Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.☆8,249Updated last year
- Automated All-in-One OS Command Injection Exploitation Tool.☆4,613Updated this week
- A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on…☆5,347Updated 7 months ago
- Reverse engineering and pentesting for Android applications☆5,285Updated 2 weeks ago
- The iOS Security Testing Framework☆1,334Updated 4 years ago
- A repository with 3 tools for pwn'ing websites with .git repositories available☆3,863Updated last year