Security Tools For Android Pentesting

A curated list of the best Android bug bounty security tools for learning and inspiration.

APKTool

Decompile/modify APK (smali-level)

Watch Video

Jadx

Convert DEX to readable Java code

Watch Video

MobSF

Automated static + dynamic scanner

Watch Video

Androguard

Python tool for APK/DEX/smali analysis

Watch Video

Bytecode Viewer

Reverse engineering with multiple decompilers

Watch Video

ClassyShark

Explore APK classes/methods/manifest

Watch Video

QARK

Detects security issues in APKs

Watch Video

Enjarify

DEX to Java JAR conversion

Watch Video

APKLeaks

Extract secrets, tokens, and URLs

Watch Video

Frida

Hook/modify functions at runtime

Watch Video

Objection

Runtime exploitation via Frida (no root required)

Watch Video

Xposed / LSPosed

Framework for modifying app behavior

Watch Video

Burp Suite

Intercept/modify network traffic

Watch Video

Drozer

Android app attack framework

Watch Video

Magisk

Systemless root; works with LSPosed modules

Watch Video

ADB

Debugging bridge for Android device

Watch Video

Logcat

Default Android logging system (adb logcat)

Pidcat

Filtered Logcat output by package

Watch Video

MatLog

GUI log reader (useful for non-rooted devices)

Watch Video

XLog / Timber

In-app logging libraries used in apps

Logd

Android logging daemon behind logcat

Syslog

For rooted devices to log everything (system + kernel)

PreviousBypassing Security Protections in APKs via Objection and Frida NextPIDCAT for Android Bug Bounty Logging

Penquin

Security Tools For Android Pentesting

APKTool

Jadx

MobSF

Androguard

Bytecode Viewer

ClassyShark

QARK

Enjarify

APKLeaks

Frida

Objection

Xposed / LSPosed

Burp Suite

Drozer

Magisk

ADB

Logcat

Pidcat

MatLog

XLog / Timber

Logd

Syslog