conducting-mobile-app-penetration-test

Featured

Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security Testing Guide (MASTG) to identify vulnerabilities in data storage, network communication, authentication, cryptography, and platform-specific security controls. The tester performs static analysis of application binaries, dynamic analysis at runtime, and API security testing to evaluate the complete mobile attack surface. Activates for requests involving mobile app pentest, iOS security assessment, Android security testing, or OWASP MASTG assessment.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Conducting Mobile App Penetration Test ## When to Use - Testing mobile applications before release to identify security vulnerabilities and data protection issues - Conducting compliance assessments against OWASP MASVS (Mobile Application Security Verification Standard) levels L1 and L2 - Evaluating the security of mobile banking, healthcare, or government applications handling sensitive data - Testing mobile apps that interact with backend APIs to assess the end-to-end security of the mobile ecosystem - Assessing mobile application resistance to reverse engineering, tampering, and runtime manipulation **Do not use** against mobile applications without written authorization from the application owner, for distributing modified or repackaged applications, or for testing apps on the public app stores without a separate test build. ## Prerequisites - Target application IPA (iOS) and APK (Android) files or access to download from a private distribution channel - Rooted Android device or emulator (Genymotion, Android Studio AVD) with Frida, Objection, and Magisk installed - Jailbroken iOS device or Corellium virtual device with Frida, Objection, and SSL Kill Switch installed - Static analysis tools: jadx (Android decompilation), Hopper/Ghidra (iOS binary analysis), MobSF (automated scanning) - Burp Suite Professional configured as proxy for intercepting mobile app traffic with CA certificate installed on the test device > **Legal Notice:** This skill is for authorized sec...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Solid

mobile-security-testing-skill

Android and iOS application security testing

1,034 Updated today
a5c-ai
AI & Automation Featured

performing-ios-app-security-assessment

Performs comprehensive iOS application security assessments using Frida for dynamic instrumentation, Objection for runtime exploration, SSL pinning bypass for traffic interception, keychain extraction for credential analysis, and IPA static analysis for binary-level review. Use when conducting authorized iOS penetration tests, evaluating mobile app security posture against OWASP MASTG, or assessing iOS app data protection and transport security controls. Activates for requests involving iOS app pentesting, Frida-based iOS instrumentation, mobile app SSL pinning bypass, or IPA reverse engineering.

12,642 Updated today
mukul975
AI & Automation Featured

exploiting-insecure-data-storage-in-mobile

Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including unencrypted databases, world-readable files, insecure SharedPreferences, plaintext credential storage, and improper keychain/keystore usage. Use when performing mobile penetration testing focused on OWASP M9 (Insecure Data Storage) or assessing compliance with MASVS-STORAGE requirements. Activates for requests involving mobile data storage security, local storage exploitation, SharedPreferences analysis, or mobile data leakage assessment.

12,642 Updated today
mukul975
Testing & QA Solid

testing-mobile-apps

Execute mobile app testing on iOS and Android devices/simulators. Use when performing specialized testing. Trigger with phrases like "test mobile app", "run iOS tests", or "validate Android functionality".

2,266 Updated today
jeremylongshore
AI & Automation Featured

performing-web-application-penetration-test

Performs systematic security testing of web applications following the OWASP Web Security Testing Guide (WSTG) methodology to identify vulnerabilities in authentication, authorization, input validation, session management, and business logic. The tester uses Burp Suite as the primary interception proxy alongside manual testing techniques to find flaws that automated scanners miss. Activates for requests involving web app pentest, OWASP testing, application security assessment, or web vulnerability testing.

12,642 Updated today
mukul975