sh4hin/MobileApp-Pentest-Cheatsheet external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

sh4hin/MobileApp-Pentest-Cheatsheet

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sh4hin/MobileApp-Pentest-Cheatsheet)

Close

sh4hin / MobileApp-Pentest-CheatsheetView on GitHubMore

• External links
• Readme badge

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

☆292Feb 2, 2018Updated 8 years ago

Alternatives and similar repositories for MobileApp-Pentest-Cheatsheet

Users that are interested in MobileApp-Pentest-Cheatsheet are comparing it to the libraries listed below

• sh4hin / Androl4b

  View on GitHub
  A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
  ☆1,156May 31, 2023Updated 2 years ago
• tanprathan / MobileApp-Pentest-Cheatsheet

  View on GitHub
  The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application pen…
  ☆5,159Feb 8, 2024Updated 2 years ago
• ReversecLabs / needle

  View on GitHub
  The iOS Security Testing Framework
  ☆1,381Oct 25, 2020Updated 5 years ago
• 1ultimat3 / BadIntent

  View on GitHub
  Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
  ☆323Aug 20, 2017Updated 8 years ago
• pathetiq / BurpSmartBuster

  View on GitHub
  A Burp Suite content discovery plugin that add the smart into the Buster!
  ☆378Oct 12, 2020Updated 5 years ago
• logicalhacking / DVHMA

  View on GitHub
  Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
  ☆269Aug 22, 2018Updated 7 years ago
• Fuzzapi / fuzzapi

  View on GitHub
  Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
  ☆667Feb 25, 2021Updated 5 years ago
• hahwul / droid-hunter

  View on GitHub
  (deprecated) Android application vulnerability analysis and Android pentest tool
  ☆295Nov 6, 2018Updated 7 years ago
• moloch-- / CSP-Bypass

  View on GitHub
  A Burp Plugin for Detecting Weaknesses in Content Security Policies
  ☆166May 19, 2023Updated 2 years ago
• anshumanbh / brutesubs

  View on GitHub
  An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker …
  ☆260Aug 22, 2021Updated 4 years ago
• AndroBugs / AndroBugs_Framework

  View on GitHub
  AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilitie…
  ☆1,221Apr 24, 2019Updated 6 years ago
• tomdev / teh_s3_bucketeers

  View on GitHub
  ☆276Oct 19, 2021Updated 4 years ago
• strozfriedberg / xxe-recursive-download

  View on GitHub
  ☆231Nov 18, 2015Updated 10 years ago
• nettitude / xss_payloads

  View on GitHub
  Exploitation for XSS
  ☆730Aug 5, 2021Updated 4 years ago
• muellerberndt / android_app_security_checklist

  View on GitHub
  Android App Security Checklist
  ☆890Aug 27, 2022Updated 3 years ago
• dpnishant / appmon

  View on GitHub
  Documentation:
  ☆1,610May 1, 2023Updated 2 years ago
• nccgroup / wssip

  View on GitHub
  Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
  ☆451Dec 8, 2022Updated 3 years ago
• payatu / diva-android

  View on GitHub
  DIVA Android - Damn Insecure and vulnerable App for Android
  ☆1,089May 19, 2023Updated 2 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,482Oct 12, 2024Updated last year
• enjoiz / XXEinjector

  View on GitHub
  Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  ☆1,716Dec 1, 2024Updated last year
• federicodotta / HandyCollaborator

  View on GitHub
  Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!
  ☆104Jun 1, 2018Updated 7 years ago
• jhaddix / domain

  View on GitHub
  Setup script for Regon-ng
  ☆938Nov 17, 2020Updated 5 years ago
• nccgroup / LazyDroid

  View on GitHub
  bash script to facilitate some aspects of an Android application assessment
  ☆159Sep 9, 2021Updated 4 years ago
• yandex / burp-molly-pack

  View on GitHub
  Security checks pack for Burp Suite
  ☆140Feb 8, 2018Updated 8 years ago
• federicodotta / Brida

  View on GitHub
  The new bridge between Burp Suite and Frida!
  ☆1,852Oct 30, 2025Updated 4 months ago
• maK- / parameth

  View on GitHub
  This tool can be used to brute discover GET and POST parameters
  ☆1,393Aug 24, 2019Updated 6 years ago
• tcstool / Fireaway

  View on GitHub
  Next Generation Firewall Audit and Bypass Tool
  ☆266Apr 24, 2017Updated 8 years ago
• michalkoczwara / AutoLocalPrivilegeEscalation

  View on GitHub
  An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically
  ☆24Apr 30, 2016Updated 9 years ago
• B3nac / Android-Reports-and-Resources

  View on GitHub
  A big list of Android Hackerone disclosed reports and other resources.
  ☆1,672Sep 10, 2025Updated 5 months ago
• masatokinugawa / filterbypass

  View on GitHub
  Browser's XSS Filter Bypass Cheat Sheet
  ☆1,150May 6, 2017Updated 8 years ago
• glennzw / shodan-hq-nse

  View on GitHub
  Shodan HQ nmap plugin - passively scan targets
  ☆157Mar 14, 2016Updated 9 years ago
• Aptive / penetration-testing-tools

  View on GitHub
  Penetration Testing tools - one repo to clone them all... containing latest pen testing tools
  ☆541Nov 25, 2019Updated 6 years ago
• bugbountyforum / XSS-Radar

  View on GitHub
  ☆332Jan 8, 2018Updated 8 years ago
• GDSSecurity / Jetleak-Testing-Script

  View on GitHub
  Script to test if a server is vulnerable to the JetLeak vulnerability
  ☆144Jul 1, 2016Updated 9 years ago
• 1N3 / IntruderPayloads

  View on GitHub
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,903Sep 27, 2021Updated 4 years ago
• antojoseph / diff-droid

  View on GitHub
  Various Scripts for Mobile Pen-testing with Frida
  ☆75Jun 14, 2016Updated 9 years ago
• cyberheartmi9 / CVE-2017-12617

  View on GitHub
  Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
  ☆395Oct 11, 2017Updated 8 years ago
• securitytest3r / frida-ios-app-patching

  View on GitHub
  ☆31Feb 10, 2020Updated 6 years ago
• nbshelton / bitdump

  View on GitHub
  A tool to extract database data from a blind SQL injection vulnerability.
  ☆32Jan 4, 2016Updated 10 years ago