Testing Tools
About the tools listed below
The OWASP MASTG includes many tools to assist you in executing test cases, allowing you to perform static analysis, dynamic analysis, network interception, etc. These tools are intended to help you perform your own assessments, rather than provide a conclusive result on the security status of an app. It's important to review the output of these tools carefully, as it can contain both false positives and false negatives.
These tools have been tested to work when added, but compatibility may vary depending on your OS version, the device you're testing, or whether you're using a rooted or jailbroken device. Tool functionality may also be affected by specific versions of the rooting/jailbreaking method or the tool itself. OWASP MASTG does not guarantee the functionality of the tools. If you encounter problems, try to search for solutions online or contact the tool owner (e.g. via GitHub Issues).
Before proposing a new tool via GitHub Issues/Pull Requests, please check our contribution guidelines.
| ID | Name | Platform |
|---|---|---|
| MASTG-TOOL-0043 | class-dump | |
| MASTG-TOOL-0040 | MobSF for iOS | |
| MASTG-TOOL-0064 | Sileo | |
| MASTG-TOOL-0056 | Keychain-Dumper | |
| MASTG-TOOL-0126 | libimobiledevice suite | |
| MASTG-TOOL-0047 | Cydia | |
| MASTG-TOOL-0069 | Usbmuxd | |
| MASTG-TOOL-0042 | BinaryCookieReader | |
| MASTG-TOOL-0048 | dsdump | |
| MASTG-TOOL-0070 | Xcode | |
| MASTG-TOOL-0114 | codesign | |
| MASTG-TOOL-0072 | xcrun | |
| MASTG-TOOL-0057 | lldb | |
| MASTG-TOOL-0127 | AppSync Unified | |
| MASTG-TOOL-0105 | ipsw | |
| MASTG-TOOL-0060 | otool | |
| MASTG-TOOL-0045 | class-dump-dyld | |
| MASTG-TOOL-0122 | c++filt | |
| MASTG-TOOL-0128 | Filza | |
| MASTG-TOOL-0053 | iOSbackup | |
| MASTG-TOOL-0074 | objection for iOS | |
| MASTG-TOOL-0073 | radare2 for iOS | |
| MASTG-TOOL-0055 | iproxy | |
| MASTG-TOOL-0121 | objdump - iOS | |
| MASTG-TOOL-0039 | Frida for iOS | |
| MASTG-TOOL-0061 | Grapefruit | |
| MASTG-TOOL-0062 | Plutil | |
| MASTG-TOOL-0065 | simctl | |
| MASTG-TOOL-0051 | gdb | |
| MASTG-TOOL-0044 | class-dump-z | |
| MASTG-TOOL-0118 | Sideloadly | |
| MASTG-TOOL-0066 | SSL Kill Switch 3 | |
| MASTG-TOOL-0111 | ldid | |
| MASTG-TOOL-0041 | nm - iOS | |
| MASTG-TOOL-0071 | Xcode Command Line Tools | |
| MASTG-TOOL-0046 | Cycript | |
| MASTG-TOOL-0063 | security | |
| MASTG-TOOL-0068 | SwiftShield | |
| MASTG-TOOL-0059 | optool | |
| MASTG-TOOL-0067 | swift-demangle | |
| MASTG-TOOL-0058 | MachoOView | |
| MASTG-TOOL-0117 | fastlane | |
| MASTG-TOOL-0102 | ios-app-signer | |
| MASTG-TOOL-0050 | Frida-ios-dump | |
| MASTG-TOOL-0054 | ios-deploy | |
| MASTG-TOOL-0049 | Frida-cycript | |
| MASTG-TOOL-0008 | Android-SSL-TrustKiller | |
| MASTG-TOOL-0103 | uber-apk-signer | |
| MASTG-TOOL-0028 | radare2 for Android | |
| MASTG-TOOL-0004 | adb | |
| MASTG-TOOL-0018 | jadx | |
| MASTG-TOOL-0029 | objection for Android | |
| MASTG-TOOL-0017 | House | |
| MASTG-TOOL-0107 | JNITrace | |
| MASTG-TOOL-0116 | Blutter | |
| MASTG-TOOL-0023 | RootCloak Plus | |
| MASTG-TOOL-0026 | Termux | |
| MASTG-TOOL-0012 | apkx | |
| MASTG-TOOL-0022 | Proguard | |
| MASTG-TOOL-0120 | ProxyDroid | |
| MASTG-TOOL-0003 | nm - Android | |
| MASTG-TOOL-0024 | Scrcpy | |
| MASTG-TOOL-0005 | Android NDK | |
| MASTG-TOOL-0011 | Apktool | |
| MASTG-TOOL-0001 | Frida for Android | |
| MASTG-TOOL-0010 | APKLab | |
| MASTG-TOOL-0099 | FlowDroid | |
| MASTG-TOOL-0027 | Xposed | |
| MASTG-TOOL-0124 | aapt2 | |
| MASTG-TOOL-0025 | SSLUnpinning | |
| MASTG-TOOL-0009 | APKiD | |
| MASTG-TOOL-0021 | Magisk | |
| MASTG-TOOL-0019 | jdb | |
| MASTG-TOOL-0125 | Apkleaks | |
| MASTG-TOOL-0002 | MobSF for Android | |
| MASTG-TOOL-0014 | Bytecode Viewer | |
| MASTG-TOOL-0123 | apksigner | |
| MASTG-TOOL-0112 | pidcat | |
| MASTG-TOOL-0006 | Android SDK | |
| MASTG-TOOL-0007 | Android Studio | |
| MASTG-TOOL-0130 | blint | |
| MASTG-TOOL-0016 | gplaycli | |
| MASTG-TOOL-0020 | JustTrustMe | |
| MASTG-TOOL-0013 | Busybox | |
| MASTG-TOOL-0030 | Angr | |
| MASTG-TOOL-0015 | drozer | |
| MASTG-TOOL-0098 | iaito | |
| MASTG-TOOL-0104 | hermes-dec | |
| MASTG-TOOL-0133 | Visual Studio Code (vscode) | |
| MASTG-TOOL-0034 | LIEF | |
| MASTG-TOOL-0101 | disable-flutter-tls-verification | |
| MASTG-TOOL-0031 | Frida | |
| MASTG-TOOL-0134 | cdxgen | |
| MASTG-TOOL-0132 | dependency-track | |
| MASTG-TOOL-0033 | Ghidra | |
| MASTG-TOOL-0036 | r2frida | |
| MASTG-TOOL-0038 | objection | |
| MASTG-TOOL-0100 | reFlutter | |
| MASTG-TOOL-0110 | semgrep | |
| MASTG-TOOL-0032 | Frida CodeShare | |
| MASTG-TOOL-0035 | MobSF | |
| MASTG-TOOL-0037 | RMS Runtime Mobile Security | |
| MASTG-TOOL-0129 | rabin2 | |
| MASTG-TOOL-0106 | Fridump | |
| MASTG-TOOL-0131 | dependency-check | |
| MASTG-TOOL-0108 | Corellium | |
| MASTG-TOOL-0097 | mitmproxy | |
| MASTG-TOOL-0079 | ZAP | |
| MASTG-TOOL-0080 | tcpdump | |
| MASTG-TOOL-0081 | Wireshark | |
| MASTG-TOOL-0078 | MITM Relay | |
| MASTG-TOOL-0109 | Nope-Proxy | |
| MASTG-TOOL-0075 | Android tcpdump | |
| MASTG-TOOL-0115 | HTTP Toolkit | |
| MASTG-TOOL-0077 | Burp Suite | |
| MASTG-TOOL-0076 | bettercap |