Android Penetration Testing Cheat Sheet
This is more of a checklist for myself. May contain useful tips and tricks. Still need to add a lot of things.
Everything was tested on Kali Linux v2023.1 (64-bit) and Samsung A5 (2017) with Android OS v8.0 (Oreo) and Magisk root v25.2.
Check Magisk if you wish to root your Android device. I have no liability over your actions.
For help with any of the tools type <tool_name> [-h | -hh | --help] or man <tool_name>.
If you didn’t already, read OWAS MASTG (GitHub) and OWASP MASVS (GitHub). You can download OWASP MASTG checklist from here.
I also recommend reading HackTricks - Android Applications Pentesting.
In most cases, to be eligible for a bug bounty reward, you need to exploit a vulnerability with non-root priviledges, possibly building your own “malicious” PoC app.
Find out more about my “malicious” PoC app from my other project.
Websites that you should use while writing the report:
- cwe.mitre.org/data
- owasp.org/projects
- owasp.org/www-project-mobile-top-10
- cheatsheetseries.owasp.org
- first.org/cvss/calculator/4.0
- nvd.nist.gov/vuln-metrics/cvss/v3-calculator
- nvd.nist.gov/ncp/repository
- attack.mitre.org
My other cheat sheets:
Future plans:
- modify
networkSecurityConfigto add custom root CA certificates, - test widgets, push notifications, and Firebase,
- SMALI code injection,
- Flutter attacks,
- create more Frida scripts.
Table of Contents
- WiFi ADB - Debug Over Air
- Magisk Frida
- Magisk SQLite 3
- BusyBox
- Kali Linux Tools
- Java
- Apktool
- Mobile Security Framework (MobSF)
- Drozer
- Install Web Proxy Certificates
1. Basics
- Android Debug Bridge (ADB)
- Install/Uninstall an APK
- Download/Upload Files and Directories
- Bypassing Permission Denied
3. Search for Files and Directories
5. SpotBugs
6. Deep Links
7. WebViews
8. Frida
9. Objection
10. Drozer
12. Taskjacking
13. Tapjacking
14. Decompile an APK
15. Repackage an APK
16. Miscellaneous
17. Tips and Security Best Practices
19. Vulnerable Apps
!