DragonJAR Android Pentesting Skill

Skill by ara.so — Security Skills collection.

This skill provides comprehensive Android APK security analysis capabilities for AI agents, combining static analysis, dynamic instrumentation with Frida, RASP detection, authorized bypass validation, source-to-sink tracing, MASVS scoring, and professional reporting in a unified workflow.

What This Skill Does

Transforms an AI agent into an expert Android security auditor capable of:

• APK Analysis: Decode APKs with APKTool, decompile with JADX, detect frameworks with APKiD
• Static Security Analysis: 50+ manifest checks, 70+ Semgrep MASTG rules, secret detection, obfuscation analysis
• Dynamic Instrumentation: 37 Frida scripts for SSL pinning bypass, root detection bypass, crypto interception
• Runtime Defense Analysis (RDA): Detect 18 protection categories (RootBeer, SafetyNet, Frida detection, RASP, etc.)
• RASP Bypass: Authorized bypass runner with reusable profiles, DRY workflow
• Data Flow Tracing: Source-to-sink methodology with confidence levels
• MASVS Compliance: Automated scoring against OWASP MASVS controls with CVSS 4.0
• APK Modification: Smali patching, repackaging, signing, validation