pentest-mobile-app
Pentest Mobile App
Purpose
Mobile apps are completely absent from Shannon (web-only) and all existing skills. Mobile apps often share backend APIs but introduce unique attack surfaces: local storage, pinning, intent handling, binary protections.
Prerequisites
Authorization Requirements
- Written authorization with mobile app testing scope
- APK/IPA files or access to app store downloads
- Test devices or emulators (rooted Android, jailbroken iOS preferred)
- Backend API documentation if available
Environment Setup
- Frida for runtime instrumentation
- Objection for quick mobile security testing
- MobSF for automated static/dynamic analysis
- jadx for Android decompilation, Hopper for iOS
- Burp Suite configured as mobile proxy
More from jd-opensource/joysafeter
pentest-osint-recon
Open Source Intelligence gathering and attack surface management for external reconnaissance.
89pentest-api-deep
Deep OWASP API Security Top 10 testing for REST, GraphQL, gRPC, and WebSocket APIs — BFLA, mass assignment, rate limiting, and unsafe consumption.
58pentest-exploit-validation
Proof-driven exploitation with 4-level evidence system, bypass exhaustion protocol, mandatory evidence checklists, and strict EXPLOITED/POTENTIAL/FALSE_POSITIVE classification.
54pentest-ai-llm-security
AI/LLM application security testing — prompt injection, jailbreaking, data exfiltration, and insecure output handling per OWASP LLM Top 10.
54pentest-secrets-exposure
Discover hardcoded credentials, leaked API keys, exposed configuration files, sensitive data in artifacts, and information disclosure via error handling.
52pentest-ctf-binary
Binary exploitation (Pwn) and reverse engineering tools for CTF challenges and software analysis.
50