Last Updated on 8 June 2023 by admin
Table of Contents
To say that smartphones have become an integral part of our lives is an understatement. Since the unveiling of the iPhone in 2007 the rate of adoption has been noting short of phenomenal. The knock-on effect is that the security of mobile applications has never been more critical.
As the number of mobile applications continues to soar, so does the potential for security vulnerabilities that can compromise user data and privacy. This alarming trend calls for rigorous mobile application security testing, which forms the cornerstone of an effective mobile security strategy.
Mobile penetration testing creates many new challenges not commonly seen in standard web application and infrastructure tests. To aid in overcoming these, there are some great open-source mobile security testing tools available and in this post, we will outline our pen tester’s favourite open-source mobile application security testing tools for iOS and Android devices.
For penetration testers and security professionals, choosing the right testing software is paramount to ensure comprehensive vulnerability assessment and robust protection.
In this article, we will explore five open-source mobile application security testing tools that can bolster your efforts in identifying and mitigating security risks, providing you with the necessary arsenal to safeguard mobile applications in an increasingly vulnerable digital landscape.
5 Open Source Mobile Application Security Testing Tools
1. Mobile Security Framework (MobSF)
What is MobSF?
Mobile Security Framework (MobSF) is an essential tool for any mobile penetration security test on Android or iOS. It’s a static and dynamic binary analyzer capable of quickly enumerating security issues. Some of the great features of MobSF include its ability to identify leads for hardcoded API keys or passwords, enumerating common manifest bad practices and perform code analysis.
How does MobSF work?
MobSF can be downloaded locally, avoiding the need for sending any data to a server. It then takes the APK or IPA file and performs the analysis. It’s extremely fast, producing results in a matter of minutes.
Who would benefit from it?
While being an essential part of any hacker’s mobile security testing toolkit, a mobile developer could find use with this tool and assist in practising secure development.
Why is it useful for mobile security testing?
Mobile applications are often composed of hundreds of files, each possibly containing information useful to an attacker, but would take significant amounts of time to find. MobSF allows for application analysis at a pace not achievable manually in the same time frame. The combination of automated and manual analysis ensures security issues are identified and reported.
2. Android Debug Bridge (ADB)
What is ADB?
While not a penetration testing tool in itself, the Android Debug Bridge (ADB) can be used to identify issues of a mobile application as it is running and access a shell on a non-rooted device. It is a command-line tool that comes with the standard Android SDK allowing for an emulated or USB-connected Android device to be debugged in real-time.
How does ADB work?
ADB works best on Linux machines and can be run in a virtual machine. Once the android device is connected, you can run a variety of commands, the most useful of which are adb shell and adb logcat. Shell allows for commands to be run on the device, showing running processes, the file system, and memory information. Logcat shows real-time logs on the device where passwords and sensitive data are often found.
Who would benefit from it?
As part of the developer SDK for android, developers and penetration testers would get the most use from this tool. This tool can help software engineers practice secure development and spot issues before they reach production.
Why is it useful for mobile security testing?
Logs and application files can often reveal sensitive information including passwords, authentication tokens, and API keys. This is one of the most common issues in mobile testing and ADB helps penetration testers to search the file system and logs for these issues.
3. Frida
What is Frida?
Frida is an instrumentation framework for all mobile testing. More specifically, it’s described as a Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. This allows you to hook into processes, view the execution flow of a process, or even modify it.
How does Frida work?
Frida works by essentially injecting an engine into the target process, which allows JavaScript to be executed with full access to memory and just about everything to do with the process.
There are some prerequisites in order to use Frida, one being the device needs to be rooted or jailbroken in order for the Frida-Server binary to be installed. The device also needs to be connected to a host machine with Frida installed to allow interaction and execution. Once the initial setup is complete, processes can be hooked into or even started from the host machine.
Who would benefit from it?
Developers, reverse engineers, and security researchers alike would benefit from Frida. If for example new security features were implemented in a mobile application, Frida provides a means of testing the implementation.
Why is it useful for mobile security testing?
Frida has a variety of uses, from bypassing SSL pinning, bypassing root detection, and just about any type of dynamic testing. Frida also has a great CodeShare project, where scripts are publicly shared for everyone to use. The scripts range from static code audits, SSL pinning bypasses, root detection bypasses, and even fuzzing scripts.
4. APKTool
What is APKTool?
APKTool is a great tool for any part of the reverse engineering process on Android. It allows you to decompile and rebuild applications for source code analysis or to insert new files. It is often used in conjunction with Frida (mentioned above) and other tools such as Dex2Jar which turns some of the output of APKTool into readable classes.
How does APKTool work?
APKTool is a simple tool to use on Linux platforms. Once installed, simply specifying the APK file to decompile or the folder to rebuild will perform the action which can then be used further.
Who would benefit from it?
Any penetration tester on a black box Android engagement will use APKTool as part of the reverse engineering process to identify errors in source code or to inject Frida gadgets.
Why is it useful for mobile security testing?
It’s a simple yet effective tool that performs basic actions from which other tools can benefit from. Being able to read source code or dynamically inspect the application can uncover obscure vulnerabilities which otherwise would be left undiscovered.
5. Checkra1n
What is Checkra1n?
Checkra1n is the current go-to jailbreak tool for iOS. Jailbreaking allows for root access to a device, bypassing restrictions imposed by Apple in the software such as accessing files.
How does Chektra1n work?
Checkra1n provides root access to an iPhone through an inherent flaw in Apples chips. This means it won’t be going away anytime soon. To use Checkra1n the device needs to be connected to a Linux machine (no virtualisation) and when run the tool begins to exploit the flaw.
Who would benefit from it?
Any penetration tester on an iOS penetration test will need a jailbroken device to ensure a thorough test is performed.
Why is it useful for mobile security testing?
Testing on a jailbroken device allows the file system to be accessed and makes bypassing SSL pinning possible in some instances. By checking the file system, SQL databases, logs, and caches are uncovered which sometimes store sensitive information which is a misconfiguration that needs to be resolved.
If there are any tools that you think deserve to make the list then let us know?