Skip to content

The motive to build this repo is to help beginner to start learn Android Pentesting by providing a roadmap.

Notifications You must be signed in to change notification settings

dn0m1n8tor/AndroidPentest101

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 

Repository files navigation

Android Pentest 101 awesome

A curated list of Android Security materials and resources For Pentesters and Bug Hunters. This Repository will guide you on How to start with Android pentesting from scratch, enjoy it!!


Basics

  1. Android Application Framework: Beginner’s Guide :
    https://www.hackingarticles.in/android-application-framework-beginners-guide/

  2. How Android OS Starts You Application :
    https://proandroiddev.com/android-internals-101-how-android-os-starts-you-application-e1c98a014c05

  3. The internals of Android APK build process :
    https://medium.com/androiddevnotes/the-internals-of-android-apk-build-process-article-5b68c385fb20

  4. Android Architecture :
    https://payatu.com/blog/amit/Need-to-know-Android

  5. Java for Android :
    https://www.youtube.com/watch?v=fis26HvvDII

  6. Environment setup for Android Pentesting:

    1. Use Mobexler for tools :
      https://mobexler.com/setup.htm
    2. Emulator and Burpsuite Setup:
  7. Understand Owasp Top 10:

  8. Understand the working of tools:

  9. APK Reversing

  10. Exploiting Insecure Firebase Database! :
    https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/

  11. Dumping Android application memory with fridump :
    https://securitygrind.com/dumping-android-application-memory-with-fridump/

  12. Android App Security & Testing :
    https://infosecwriteups.com/android-app-security-testing-156a052ce7e8

Intermediate

  1. Understand SSL Pinning Implementation and it's bypass :
    https://redhuntlabs.com/ultimate-guide-to-android-ssl-pinning-bypass

  2. Understand Root Detection Implementation and it's bypass :

  3. Intent Redirection, Intent spoofing and intent interception

  4. WebView Attacks :
    https://www.hackingarticles.in/android-penetration-testing-webview-attacks/

  5. Drozer :
    https://www.hackingarticles.in/android-penetration-testing-drozer/

  6. Android App Reverse Engineering 101 :
    https://www.ragingrock.com/AndroidAppRE/

  7. Frida :

  8. Exploiting Android Fingerprint Authentication :
    https://medium.com/@ashishf6/exploiting-android-fingerprint-authentication-25dd9263bd74

  9. Bypass of Biometrics & Password Security Functionality For android :
    https://infosecwriteups.com/bypass-of-biometrics-password-security-functionality-for-android-8e0174ac7cac

  10. Android Hooking and SSLPinning using Objection Framework :
    https://www.hackingarticles.in/android-hooking-and-sslpinning-using-objection-framework/

  11. Android Security Tools :
    https://reconshell.com/android-security-resources/

Mind Map

Advance

Go deeper in what you have learned till now ... There are lot's of material avaialble on internet to learn from. I will mention some of them which will help you to move further.

Contributions

Your contributions are always welcome!

If you want to contribute to this list (please do), send me a pull request or contact me @AnubhavSingh_

Support

  • Love it? Buy me a Tea when you meet me outside (preferred) 🥤 or via
    Buy Me A Chai

About

The motive to build this repo is to help beginner to start learn Android Pentesting by providing a roadmap.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published