Testing Tools
About the tools listed below
The OWASP MASTG includes many tools to assist you in executing test cases, allowing you to perform static analysis, dynamic analysis, network interception, etc. These tools are intended to help you perform your own assessments, rather than provide a conclusive result on the security status of an app. It's important to review the output of these tools carefully, as it can contain both false positives and false negatives.
These tools have been tested to work when added, but compatibility may vary depending on your OS version, the device you're testing, or whether you're using a rooted or jailbroken device. Tool functionality may also be affected by specific versions of the rooting/jailbreaking method or the tool itself. OWASP MASTG does not guarantee the functionality of the tools. If you encounter problems, try to search for solutions online or contact the tool owner (e.g. via GitHub Issues).
Before proposing a new tool via GitHub Issues/Pull Requests, please check our contribution guidelines.
| ID | Name | Platform |
|---|---|---|
| MASTG-TOOL-0134 | cdxgen | |
| MASTG-TOOL-0038 | objection | |
| MASTG-TOOL-0031 | Frida | |
| MASTG-TOOL-0100 | reFlutter | |
| MASTG-TOOL-0104 | hermes-dec | |
| MASTG-TOOL-0034 | LIEF | |
| MASTG-TOOL-0036 | r2frida | |
| MASTG-TOOL-0129 | rabin2 | |
| MASTG-TOOL-0032 | Frida CodeShare | |
| MASTG-TOOL-0101 | disable-flutter-tls-verification | |
| MASTG-TOOL-0033 | Ghidra | |
| MASTG-TOOL-0108 | Corellium | |
| MASTG-TOOL-0110 | semgrep | |
| MASTG-TOOL-0132 | dependency-track | |
| MASTG-TOOL-0106 | Fridump | |
| MASTG-TOOL-0131 | dependency-check | |
| MASTG-TOOL-0133 | Visual Studio Code (vscode) | |
| MASTG-TOOL-0098 | iaito | |
| MASTG-TOOL-0037 | RMS Runtime Mobile Security | |
| MASTG-TOOL-0035 | MobSF | |
| MASTG-TOOL-0124 | aapt2 | |
| MASTG-TOOL-0011 | Apktool | |
| MASTG-TOOL-0029 | objection for Android | |
| MASTG-TOOL-0099 | FlowDroid | |
| MASTG-TOOL-0017 | House | |
| MASTG-TOOL-0116 | Blutter | |
| MASTG-TOOL-0028 | radare2 for Android | |
| MASTG-TOOL-0125 | Apkleaks | |
| MASTG-TOOL-0009 | APKiD | |
| MASTG-TOOL-0024 | Scrcpy | |
| MASTG-TOOL-0003 | nm - Android | |
| MASTG-TOOL-0005 | Android NDK | |
| MASTG-TOOL-0107 | JNITrace | |
| MASTG-TOOL-0014 | Bytecode Viewer | |
| MASTG-TOOL-0008 | Android-SSL-TrustKiller | |
| MASTG-TOOL-0007 | Android Studio | |
| MASTG-TOOL-0123 | apksigner | |
| MASTG-TOOL-0020 | JustTrustMe | |
| MASTG-TOOL-0018 | jadx | |
| MASTG-TOOL-0023 | RootCloak Plus | |
| MASTG-TOOL-0016 | gplaycli | |
| MASTG-TOOL-0103 | uber-apk-signer | |
| MASTG-TOOL-0010 | APKLab | |
| MASTG-TOOL-0004 | adb | |
| MASTG-TOOL-0012 | apkx | |
| MASTG-TOOL-0027 | Xposed | |
| MASTG-TOOL-0002 | MobSF for Android | |
| MASTG-TOOL-0013 | Busybox | |
| MASTG-TOOL-0120 | ProxyDroid | |
| MASTG-TOOL-0130 | blint | |
| MASTG-TOOL-0021 | Magisk | |
| MASTG-TOOL-0006 | Android SDK | |
| MASTG-TOOL-0019 | jdb | |
| MASTG-TOOL-0030 | Angr | |
| MASTG-TOOL-0112 | pidcat | |
| MASTG-TOOL-0015 | drozer | |
| MASTG-TOOL-0026 | Termux | |
| MASTG-TOOL-0022 | Proguard | |
| MASTG-TOOL-0025 | SSLUnpinning | |
| MASTG-TOOL-0001 | Frida for Android | |
| MASTG-TOOL-0109 | Nope-Proxy | |
| MASTG-TOOL-0080 | tcpdump | |
| MASTG-TOOL-0077 | Burp Suite | |
| MASTG-TOOL-0075 | Android tcpdump | |
| MASTG-TOOL-0079 | ZAP | |
| MASTG-TOOL-0078 | MITM Relay | |
| MASTG-TOOL-0081 | Wireshark | |
| MASTG-TOOL-0097 | mitmproxy | |
| MASTG-TOOL-0076 | bettercap | |
| MASTG-TOOL-0115 | HTTP Toolkit | |
| MASTG-TOOL-0051 | gdb | |
| MASTG-TOOL-0114 | codesign | |
| MASTG-TOOL-0063 | security | |
| MASTG-TOOL-0059 | optool | |
| MASTG-TOOL-0047 | Cydia | |
| MASTG-TOOL-0128 | Filza | |
| MASTG-TOOL-0067 | swift-demangle | |
| MASTG-TOOL-0072 | xcrun | |
| MASTG-TOOL-0061 | Grapefruit | |
| MASTG-TOOL-0126 | libimobiledevice suite | |
| MASTG-TOOL-0073 | radare2 for iOS | |
| MASTG-TOOL-0043 | class-dump | |
| MASTG-TOOL-0105 | ipsw | |
| MASTG-TOOL-0046 | Cycript | |
| MASTG-TOOL-0042 | BinaryCookieReader | |
| MASTG-TOOL-0074 | objection for iOS | |
| MASTG-TOOL-0057 | lldb | |
| MASTG-TOOL-0062 | Plutil | |
| MASTG-TOOL-0045 | class-dump-dyld | |
| MASTG-TOOL-0050 | Frida-ios-dump | |
| MASTG-TOOL-0118 | Sideloadly | |
| MASTG-TOOL-0040 | MobSF for iOS | |
| MASTG-TOOL-0121 | objdump - iOS | |
| MASTG-TOOL-0058 | MachoOView | |
| MASTG-TOOL-0127 | AppSync Unified | |
| MASTG-TOOL-0048 | dsdump | |
| MASTG-TOOL-0122 | c++filt | |
| MASTG-TOOL-0117 | fastlane | |
| MASTG-TOOL-0054 | ios-deploy | |
| MASTG-TOOL-0060 | otool | |
| MASTG-TOOL-0065 | simctl | |
| MASTG-TOOL-0041 | nm - iOS | |
| MASTG-TOOL-0069 | Usbmuxd | |
| MASTG-TOOL-0070 | Xcode | |
| MASTG-TOOL-0064 | Sileo | |
| MASTG-TOOL-0071 | Xcode Command Line Tools | |
| MASTG-TOOL-0068 | SwiftShield | |
| MASTG-TOOL-0102 | ios-app-signer | |
| MASTG-TOOL-0055 | iproxy | |
| MASTG-TOOL-0066 | SSL Kill Switch 3 | |
| MASTG-TOOL-0053 | iOSbackup | |
| MASTG-TOOL-0049 | Frida-cycript | |
| MASTG-TOOL-0044 | class-dump-z | |
| MASTG-TOOL-0111 | ldid | |
| MASTG-TOOL-0056 | Keychain-Dumper | |
| MASTG-TOOL-0039 | Frida for iOS |