Android Penetration Testing Cheat Sheet This is more of a checklist for myself. May contain useful tips and tricks. Still need to add a lot of things. Everything was tested on Kali Linux v2023.1 (64-bit) and Samsung A5 (2017) with Android OS v8.0 (Oreo) and Magisk root v25.2. Check Magisk 2 if you wish to root your Android device. I have no liability over your actions. For help with any of the tools type <tool_name> [-h | -hh | --help] or man <tool_name>. If you didn’t already, read OWAS MASTG 3 (GitHub 1) and OWASP MASVS 2 (GitHub 1). You can download OWASP MASTG checklist from here 2. I also recommend reading HackTricks - Android Applications Pentesting 4. In most cases, to be eligible for a bug bounty reward, you need to exploit a vulnerability with non-root priviledges, possibly building your own “malicious” PoC app. Find out more about my “malicious” PoC app from my other project 1. Websites that you should use while writing the report: cwe.mitre.org/data 2 owasp.org/projects 1 owasp.org/www-project-mobile-top-10 1 cheatsheetseries.owasp.org 2 first.org/cvss/calculator/4.0 2 nvd.nist.gov/vuln-metrics/cvss/v3-calculator 1 nvd.nist.gov/ncp/repository 1 attack.mitre.org 3 My other cheat sheets: iOS Testing Cheat Sheet 1 Penetration Testing Cheat Sheet 3 WiFi Penetration Testing Cheat Sheet 4 Future plans: modify networkSecurityConfig to add custom root CA certificates, test widgets, push notifications, and Firebase, SMALI code injection, Flutter attacks, create more Frida scripts. Table of Contents Install Tools WiFi ADB - Debug Over Air 4 Magisk Frida 3 Magisk SQLite 3 BusyBox 1 Kali Linux Tools 1 Java Apktool Mobile Security Framework (MobSF) Drozer Install Web Proxy Certificates Basics Android Debug Bridge (ADB) 2 Install/Uninstall an APK Download/Upload Files and Directories Bypassing Permission Denied Inspect an APK Pull an APK (base.apk) 1 AndroidManifest.xml strings.xml Search for Files and Directories SharedPreferences Inspect Files Single File 1 Multiple Files File Scraper SQLite 3 Nuclei 1 Backups SpotBugs 1 Deep Links Android App Link Verification Tester 1 Deep Link Hijacking 1 WebViews Frida 1 Frida Scripts Objection Bypasses 2 Drozer Intents Content Providers 1 Broadcast Receivers Intent Injections Taskjacking Tapjacking 1 Decompile an APK Repackage an APK 1 Decode Repackage Code Sign Miscellaneous Monitor the System Log Monitor File Changes Tips and Security Best Practices 3 Useful Websites and Tools 3 Vulnerable Apps 4

Support Crack-Vault and help us keep providing free tools. Every donation counts! (BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn

Android Penetration Testing Cheat Sheet

circuitx

Android Penetration Testing Cheat Sheet

This is more of a checklist for myself. May contain useful tips and tricks. Still need to add a lot of things.

Everything was tested on Kali Linux v2023.1 (64-bit) and Samsung A5 (2017) with Android OS v8.0 (Oreo) and Magisk root v25.2.

Check Magisk 2 if you wish to root your Android device. I have no liability over your actions.

For help with any of the tools type <tool_name> [-h | -hh | --help] or man <tool_name>.

If you didn’t already, read OWAS MASTG 3 (GitHub 1) and OWASP MASVS 2 (GitHub 1). You can download OWASP MASTG checklist from here 2.

I also recommend reading HackTricks - Android Applications Pentesting 4.

In most cases, to be eligible for a bug bounty reward, you need to exploit a vulnerability with non-root priviledges, possibly building your own “malicious” PoC app.

Find out more about my “malicious” PoC app from my other project 1.

Websites that you should use while writing the report:

cwe.mitre.org/data 2
owasp.org/projects 1
owasp.org/www-project-mobile-top-10 1
cheatsheetseries.owasp.org 2
first.org/cvss/calculator/4.0 2
nvd.nist.gov/vuln-metrics/cvss/v3-calculator 1
nvd.nist.gov/ncp/repository 1
attack.mitre.org 3

My other cheat sheets:

iOS Testing Cheat Sheet 1
Penetration Testing Cheat Sheet 3
WiFi Penetration Testing Cheat Sheet 4

Future plans:

modify networkSecurityConfig to add custom root CA certificates,
test widgets, push notifications, and Firebase,
SMALI code injection,
Flutter attacks,
create more Frida scripts.

Table of Contents

Install Tools

WiFi ADB - Debug Over Air 4
Magisk Frida 3
Magisk SQLite 3
BusyBox 1
Kali Linux Tools 1
Java
Apktool
Mobile Security Framework (MobSF)
Drozer
Install Web Proxy Certificates

Basics
Android Debug Bridge (ADB) 2
Install/Uninstall an APK
Download/Upload Files and Directories
Bypassing Permission Denied

Inspect an APK
Pull an APK (base.apk) 1
AndroidManifest.xml
strings.xml

Search for Files and Directories
SharedPreferences

Inspect Files
Single File 1
Multiple Files
File Scraper
SQLite 3
Nuclei 1
Backups

SpotBugs 1

Deep Links
Android App Link Verification Tester 1
Deep Link Hijacking 1

WebViews

Frida 1
Frida Scripts

Objection
Bypasses 2

Drozer
Intents
Content Providers 1
Broadcast Receivers

Intent Injections

Taskjacking

Tapjacking 1

Decompile an APK

Repackage an APK 1
Decode
Repackage
Code Sign

Miscellaneous
Monitor the System Log
Monitor File Changes

Tips and Security Best Practices 3

Useful Websites and Tools 3

Vulnerable Apps 4

📱

Download Now—Top Software, No Cost!