Android Security Pentesting Tools for Hackers & Security Professionals

Android Security App Vulnerability Scanner


  1. QARK – QARK by LinkedIn is for app developers to scan app for security issues.
  2. JAADAS – Joint Intarprocedural and Interprocedure program analysis tools  made for find vulnerability in Android app and it is built on Soot and Scala
  3. AndroBugs
  4. Nogotofail
  5. Devknox – Autocorrection Android Security issues as if it was spell check from your IDE.

Reverse Engineering

  1. Smali/Baksmali – apk decompilation
  2. emacs syntax coloring for smali files
  3. vim syntax coloring for smali files
  4. AndBug
  5. Androguard – powerful, integrates well with other tools
  6. Apktool – really useful for compilation/decompilation (uses smali)
  7. Android Framework for Exploitation
  8. Bypass signature and permission checks for IPCs
  9. Android OpenDebug – make any application on device debuggable (using cydia substrate).
  10. Dare – .dex to .class converter
  11. Dex2Jar – dex to jar converter
  12. Enjarify – dex to jar converter from Google
  13. Dedexer
  14. Fino
  15. Frida – inject javascript to explore applications and a GUI tool for it
  16. Indroid – thread injection kit
  17. IntentSniffer
  18. Introspy
  19. Jad – Java decompiler
  20. JD-GUI – Java decompile

Online Analyzers

  1. AndroTotal
  2. Tracedroid
  3. Visual Threat
  4. Mobile Malware Sandbox
  5. Appknox – is not free
  6. IBM Security AppScan Mobile Analyzer – is not free
  7. NVISO ApkScan 
  8. AVC UnDroid 
  9. Virustotal-max 128MB
  10. Fraunhofer App-ray – is not free
  11. AppCritique – For Uploading your Android APKs and receive comprehensive free security assessments.
  12. NowSecure Lab Automated – Enterprise tool for mobile app security testing both Android and iOS mobile apps. It has Lab Automated features dynamic and static analysis on real devices in the cloud to return results in minutes. But it isn’t free

Fuzz Testing


Please enter your comment!
Please enter your name here