Can this skill help with both Android and iOS apps?

Yes, it includes specialized commands and workflows for both Android (ADB, APKTool, JADX) and iOS (Frida, Objection, Keychain dumper).

How does it assist with network traffic analysis?

It provides guidance on setting up proxy tools like Burp Suite and mitmproxy to intercept and analyze encrypted mobile application traffic.

Does it provide scripts for bypassing security controls?

Absolutely. It includes patterns for bypassing SSL pinning and root/jailbreak detection using Frida and other runtime instrumentation tools.

Can it help with static analysis of mobile binaries?

Yes, it offers workflows for decompiling binaries, searching for sensitive strings, and auditing configuration files like AndroidManifest.xml and Info.plist.

Does it support automated vulnerability scanning?

While it focuses on manual and semi-automated expert workflows, it provides integration commands for tools like MobSF (Mobile Security Framework).

Mobile App Pentesting

Name: Mobile App Pentesting
Author: trilwu

bytrilwu

Seguridad y Pruebas

Conducts comprehensive security audits and penetration testing for Android and iOS mobile applications.

Acerca de

This skill transforms Claude Code into a specialized security assistant for mobile application assessments. It provides deep technical guidance for both Android and iOS platforms, covering static analysis such as decompilation and manifest audits, dynamic analysis using tools like Frida and Objection, and specialized techniques like SSL pinning bypass and root/jailbreak detection. Whether you are analyzing APK/IPA files, intercepting network traffic with Burp Suite, or investigating insecure data storage in keychains or databases, this skill offers the specific commands and implementation patterns needed to identify and exploit mobile-specific vulnerabilities effectively.

Características Principales

Traffic interception setup for Burp Suite and mitmproxy on mobile devices
Android APK decompilation, manifest auditing, and repackaging workflows
Dynamic instrumentation using Frida and Objection for runtime analysis
Automated techniques for bypassing SSL pinning and root/jailbreak detection
0 GitHub stars
iOS IPA analysis, binary decryption, and keychain auditing

Casos de Uso

Professional penetration testers automating ADB and Frida commands during security assessments
Mobile developers auditing their own apps for OWASP Mobile Top 10 vulnerabilities
Security researchers performing bug bounty hunting on Android and iOS applications

Acerca de

Características Principales

Traffic interception setup for Burp Suite and mitmproxy on mobile devices
Android APK decompilation, manifest auditing, and repackaging workflows
Dynamic instrumentation using Frida and Objection for runtime analysis
Automated techniques for bypassing SSL pinning and root/jailbreak detection
0 GitHub stars
iOS IPA analysis, binary decryption, and keychain auditing

Casos de Uso

Professional penetration testers automating ADB and Frida commands during security assessments
Mobile developers auditing their own apps for OWASP Mobile Top 10 vulnerabilities
Security researchers performing bug bounty hunting on Android and iOS applications