Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Testing Tools

About the MASTG Tools

The OWASP MASTG includes many tools to assist you in executing test cases, allowing you to perform static analysis, dynamic analysis, network interception, etc. These tools are intended to help you perform your own assessments, rather than provide a conclusive result on the security status of an app. It's important to review the output of these tools carefully, as it can contain both false positives and false negatives.

The goal of the MASTG is to be as accessible as possible. For this reason, we prioritize including tools that meet the following criteria:

  • Open-source
  • Free to use
  • Capable of analyzing recent Android/iOS applications
  • Regularly updated
  • Strong community support

In instances where no suitable open-source alternative exists, we may include closed-source tools. However, any closed-source tools included must be free to use, as we aim to avoid featuring paid tools whenever possible. This also extends to freeware or community editions of commercial tools.

Our goal is to be vendor-neutral and to serve as a trusted learning resource, which is why we've avoid the inclusion of "automated mobile application security scanners" due to the competitive challenges they pose. Instead, we focus on tools that provide full code access and comprehensive testing, as they are better suited for educational purposes. Tools that lack this transparency, even if they offer a free version, typically do not meet the OWASP MAS project's inclusion criteria.

Important Disclaimer

These tools have been tested to work when added, but compatibility may vary depending on your OS version, the device you're testing, or whether you're using a rooted or jailbroken device. Tool functionality may also be affected by specific versions of the rooting/jailbreaking method or the tool itself. OWASP MASTG does not guarantee the functionality of the tools. If you encounter problems, try to search for solutions online or contact the tool owner (e.g. via GitHub Issues).

ID Name Platform
MASTG-TOOL-0058 MachoOView platform:ios
MASTG-TOOL-0121 objdump - iOS platform:ios
MASTG-TOOL-0049 Frida-cycript platform:ios
MASTG-TOOL-0064 Sileo platform:ios
MASTG-TOOL-0114 codesign platform:ios
MASTG-TOOL-0055 iProxy platform:ios
MASTG-TOOL-0053 iOSbackup platform:ios
MASTG-TOOL-0065 simctl platform:ios
MASTG-TOOL-0046 Cycript platform:ios
MASTG-TOOL-0069 Usbmuxd platform:ios
MASTG-TOOL-0070 Xcode platform:ios
MASTG-TOOL-0063 security platform:ios
MASTG-TOOL-0045 class-dump-dyld platform:ios
MASTG-TOOL-0057 lldb platform:ios
MASTG-TOOL-0050 Frida-ios-dump platform:ios
MASTG-TOOL-0061 Grapefruit platform:ios
MASTG-TOOL-0071 Xcode Command Line Tools platform:ios
MASTG-TOOL-0072 xcrun platform:ios
MASTG-TOOL-0105 ipsw platform:ios
MASTG-TOOL-0062 Plutil platform:ios
MASTG-TOOL-0067 swift-demangle platform:ios
MASTG-TOOL-0066 SSL Kill Switch 3 platform:ios
MASTG-TOOL-0111 ldid platform:ios
MASTG-TOOL-0074 objection for iOS platform:ios
MASTG-TOOL-0044 class-dump-z platform:ios
MASTG-TOOL-0059 optool platform:ios
MASTG-TOOL-0039 Frida for iOS platform:ios
MASTG-TOOL-0054 ios-deploy platform:ios
MASTG-TOOL-0060 otool platform:ios
MASTG-TOOL-0047 Cydia platform:ios
MASTG-TOOL-0048 dsdump platform:ios
MASTG-TOOL-0122 c++filt platform:ios
MASTG-TOOL-0042 BinaryCookieReader platform:ios
MASTG-TOOL-0040 MobSF for iOS platform:ios
MASTG-TOOL-0041 nm - iOS platform:ios
MASTG-TOOL-0056 Keychain-Dumper platform:ios
MASTG-TOOL-0068 SwiftShield platform:ios
MASTG-TOOL-0051 gdb platform:ios
MASTG-TOOL-0073 radare2 for iOS platform:ios
MASTG-TOOL-0102 ios-app-signer platform:ios
MASTG-TOOL-0043 class-dump platform:ios
MASTG-TOOL-0108 Corellium platform:generic
MASTG-TOOL-0033 Ghidra platform:generic
MASTG-TOOL-0106 Fridump platform:generic
MASTG-TOOL-0098 iaito platform:generic
MASTG-TOOL-0036 r2frida platform:generic
MASTG-TOOL-0037 RMS Runtime Mobile Security platform:generic
MASTG-TOOL-0032 Frida CodeShare platform:generic
MASTG-TOOL-0038 objection platform:generic
MASTG-TOOL-0104 hermes-dec platform:generic
MASTG-TOOL-0100 reFlutter platform:generic
MASTG-TOOL-0035 MobSF platform:generic
MASTG-TOOL-0101 disable-flutter-tls-verification platform:generic
MASTG-TOOL-0034 LIEF platform:generic
MASTG-TOOL-0110 semgrep platform:generic
MASTG-TOOL-0031 Frida platform:generic
MASTG-TOOL-0076 bettercap platform:network
MASTG-TOOL-0115 HTTP Toolkit platform:network
MASTG-TOOL-0097 mitmproxy platform:network
MASTG-TOOL-0077 Burp Suite platform:network
MASTG-TOOL-0075 Android tcpdump platform:network
MASTG-TOOL-0078 MITM Relay platform:network
MASTG-TOOL-0109 Nope-Proxy platform:network
MASTG-TOOL-0080 tcpdump platform:network
MASTG-TOOL-0079 OWASP ZAP platform:network
MASTG-TOOL-0081 Wireshark platform:network
MASTG-TOOL-0004 adb platform:android
MASTG-TOOL-0021 Magisk platform:android
MASTG-TOOL-0006 Android SDK platform:android
MASTG-TOOL-0026 Termux platform:android
MASTG-TOOL-0010 APKLab platform:android
MASTG-TOOL-0005 Android NDK platform:android
MASTG-TOOL-0016 gplaycli platform:android
MASTG-TOOL-0123 apksigner platform:android
MASTG-TOOL-0107 JNITrace platform:android
MASTG-TOOL-0027 Xposed platform:android
MASTG-TOOL-0019 jdb platform:android
MASTG-TOOL-0003 nm - Android platform:android
MASTG-TOOL-0020 JustTrustMe platform:android
MASTG-TOOL-0009 APKiD platform:android
MASTG-TOOL-0025 SSLUnpinning platform:android
MASTG-TOOL-0002 MobSF for Android platform:android
MASTG-TOOL-0001 Frida for Android platform:android
MASTG-TOOL-0014 Bytecode Viewer platform:android
MASTG-TOOL-0099 FlowDroid platform:android
MASTG-TOOL-0013 Busybox platform:android
MASTG-TOOL-0012 apkx platform:android
MASTG-TOOL-0011 Apktool platform:android
MASTG-TOOL-0028 radare2 for Android platform:android
MASTG-TOOL-0022 Proguard platform:android
MASTG-TOOL-0017 House platform:android
MASTG-TOOL-0024 Scrcpy platform:android
MASTG-TOOL-0112 pidcat platform:android
MASTG-TOOL-0023 RootCloak Plus platform:android
MASTG-TOOL-0030 Angr platform:android
MASTG-TOOL-0103 uber-apk-signer platform:android
MASTG-TOOL-0018 jadx platform:android
MASTG-TOOL-0008 Android-SSL-TrustKiller platform:android
MASTG-TOOL-0116 Blutter platform:android
MASTG-TOOL-0120 proxyDroid platform:android
MASTG-TOOL-0015 drozer platform:android
MASTG-TOOL-0007 Android Studio platform:android
MASTG-TOOL-0029 objection for Android platform:android


© OWASP Foundation 2024. This work is licensed under CC-BY-4.0. For any reuse or distribution, you must make clear to others the license terms of this work.
OWASP ® is a registered trademark of the OWASP Foundation, Inc. This website uses cookies to analyze our traffic and only share that information with our analytics partners. Learn more.
Made with Material for MkDocs | Website and covers designed by Carlos Holguera.