python size lastcommit

MPT (Mobile Pentest Toolkit)

The MPT (Mobile Pentest Toolkit) is a must-have solution for your android penetration testing workflows. This tool allow you to automate security tasks and focus on security assessment without to know, where the tools are located and with parameters are required.

MPT Showcase

:page_facing_up: Table of Contents

Features
Available Tools
Showcases
Installation
Update
Uninstallation
Configuration
Start New Project
Usage
Contributing
License

:exclamation:Features

Automation of your security checks
Perform project based security assessments
MPT provides a full set of required tools on any linux distribution
- local installation of required tools, you can easy extend missing tools
- installation of required APKs on your devices
ADB is included
Switch WI-FI proxy on your device (e.g. Burp Proxy)
Show colored logcat output with special highlighting
Install and run frida server on your device
Dump application memory
Analyse source code using several decompilers
Backup and dump you application data from device. Even if backup is disabled.
Disable SSL pinning
Disable root detection
Start security tools from one place

:toolbox: Available Tools

The following list contains all available tools:

MobSF Mobile Security Framework (MobSF)
RMS Runtime Mobile Security (RMS)
objection Runtime Mobile Exploration Toolkit
spotbugs Static code analysis for vulnerabilities and bugs
jadx Dex to Java decompiler
jd-gui Java Decompiler, dex2jar required
luyten Java Decompiler Gui for Procyon
sqlitestudio Multi-platform SQLite database manager
pidcat excellent logcat color script
pidcat-ex PID Cat (extended version)
adus Bash script to dump, build and sign apk
fridump Memory dumping tool uring frida
adb Android Debug Bridge (adb)
aapt Android Asset Packaging Tool
abe Android backup extractor, android:allowBackup="true" required
signapk sign an apk with the Android test certificate
apktool A tool for reverse engineering Android apk files
dex2jar Convert the Dalvik Executable (.dex) file to jar
janus scans an APK and an Android device for CVE-2017–13156
linux-router Set Linux as router in one command. Able to provide Internet, or create WiFi hotspot
scrcpy Application mirrors Android devices (video and audio) connected via USB

The mobile pentest toolkit (MPT) was presented on conference OWASP Bucharest AppSec 2018.

Tales of Practical Android Penetration Testing (Mobile Pentest Toolkit)

:pager: Showcases

Showcase: Setup project

The option --setup [package-name] creates a new pentest folder for the specific package.

MPT Setup Animated

Showcase: List installed packages

With the option --list-packages a full list of all installed applications are shown. The list also contains the full path to the .apk and the data directory.

MPT List Packages Animated

Showcase: Setup .apk for non-rooted device

With the option --setup-no-root the configured application gets configured for non-rooted devices. Some backup and debug options will be set and also a frida-gadget will be injected to explore the application without root context.

MPT Setup for non-rooted device Animated

Showcase: Pidcat - Colored logcat for specific application

With the option --pidcat a colored logcat will be show for the specific application.

MPT Pidcat Animated

Showcase: Decompile - Start decompiler

With the option --decompile the default decompiler get started with the configured application.

MPT Decompile

Showcase: Install Tools - Installs all necessary tools

With the option --install-tools all necessary tools will be installed.

MPT Install Tools

Showcase: Patch Gadget - Patch Frida Gadget into application

With the option --patch-gadget a frida gadget will be patched into the configured application.

MPT Patch Gadget

Showcase: Screenshot - Takes Screenshot and safes it into pentest folder

With the option --screenshot a screenshot is taken of the curren screen of the connected device.

MPT Screenshot

Showcase: Screen Copy - Mirrors Display of used Device

With the option --screen-copy the tool scrcpy will be started to mirror the screen of the connected device.

MPT Screen Copy

Showcase: Configure Burp - Setup Burp's certificate and set network config xml File

With the option --configure-burp the certificate of burpsuite will be copied to the device and the application will be configured to accept it.

MPT Configure Burp

:pager: Installation

Installation using PIPX (preferred installation method)

pipx install mptsec

# alternative way install from a public repository
pipx install git+https://github.com/ByteSnipers/mobile-pentest-toolkit --include-deps

1. if required install pipx

# Python (pip)
python3 -m pip install --user pipx

# Debian/Ubuntu/Kali
sudo apt update
sudo apt install python-pipx

# Fedora/Red Hat
sudo dnf install pipx

# Arch Linux/Black Arch
sudo pacman -S python-pipx

# openSUSE
sudo zypper install python-pipx

2. ensure pipx path is set correctly

The pipx ensurepath command is used to ensure that the directory containing pipx's installed binaries is included in your system's PATH environment variable.

pipx ensurepath

Installation using PIP

pip install mptsec

If pip install mptsec fails, you can isolate the installation using a virtual environment (venv) to avoid system-level conflicts.

python3 -m venv venv
source venv/bin/activate
pip install mptsec

:pager: Update

Update using PIPX

pipx install git+https://github.com/ByteSnipers/mobile-pentest-toolkit --include-deps --force

Update using MPT

mpt --update

:pager: Uninstallation

Uninstall using PIPX

pipx uninstall mptsec

Uninstall using PIP

pip uninstall mptsec

:wrench: Configuration

Configuration file "settings.json"

The default directory of the config file is in ~/.mpt/settings.json. Everytime the tool is launched, it will check if the config file exists. If not, it will create the default one and ask's for the installation folder for the tools.

The settings.json needs the following options:

Option	Value
access-point	IP-Address which is used to create an hotspot which is connected to the internet and which is usable for burp proxy.
app	Path to the `.apk` file to test.
application-label	Human readable label of the application.
install-dir	Path to install necessary tools into it.
package-name	The package name of the mobile app, like `com.example.app`.
pentest-dir	The path to the directory where the tests will be executed.
proxy	-----
proxy.host	IP-Address or hostname of the proxy (e.g. BurpSuite).
proxy.port	Port of the proxy.

Alias pentest-dir

You can set this alias to quickly and easily navigate to your project directory based on the configuration in the settings.json file. Here’s how you can do it:

Adding the Alias to `.bashrc` or `.zshrc`

Run the following command to add the alias to your .bashrc file:

echo '\n# mpt alias\nalias pentest-dir="cd $(cat /home/$USER/.mpt/settings.json | grep pentest-dir | awk -F'\''\\"'\'' '\''{print $4}'\'') && ls -l"' >> ~/.bashrc

You can also add a new alias manually to your .bashrc file:

alias pentest-dir="cd $(cat /home/$USER/.mpt/settings.json | grep pentest-dir | awk -F'\"' '{print $4}') && ls -l"

Activating the Alias:

After adding the alias, reload your .bashrc file to make it immediately available or open a new terminal window

source ~/.bashrc

Install zsh plugin (autocomplete support) - Outdated

:warning: You need to install Oh My ZSH

:warning: The command line options has not been updated for a while and does not match with the latest version. PRs are welcome

cp -r mpt/mpt-zsh-plugin/ ~/.oh-my-zsh/plugins/mpt

Enable MPT plugin in .zshrc by adding the fooling line plugins=(mpt)

:new: Start New Project

Setup pentest environment and install required tools

mpt --install-tools

Setup a new pentest project

mpt --setup <apk-file>

:clipboard: Usage

mpt.py <command> [options]

options:
  -h, --help            show this help message and exit
  --update              Update MPT to the latest version

Pentest:
  Configure and manage current pentest

  --setup [APK]         Setup pentest environment
  --config              Show current pentest config

Frida:
  Run frida server and execute frida scripts

  -f, --frida           Run frida server on the device
  -fs, --frida-select-version
                        Run frida server on the device (select frida version)

  -s [package-name], --ssl-pinning [package-name]
                        Disable SSL Pinning (<package name> optional)
  -r [package-name], --root-detection [package-name]
                        Disable Root Detection (<package name> optional)

Application:
  Perform app related tasks

  -l [all], --list-packages [all]
                        Show all installed packages (use option 'all' to display system apps)
  -p [package-name], --pidcat [package-name]
                        Show colored logcat for a specific application (<package name> optional)
  -st, --screenshot     Take a screenshot from device screen
  -sc, --screen-copy    Mirrors Android device screen connected via USB to host (scrcpy)
  -D, --fridump         Dump application memory
  -b [package-name], --backup [package-name]
                        Backup an android application (<package name> optional)
  -d [decompiler], --decompile [decompiler]
                        Start java decompiler for source code analysis (<decompiler> optional): jadx(default), jd-gui, luyten
  -dp, --dump [package-name]
                        Dump an android application (<package name> optional)
  -dg, --debug-enable [package-name]
                        Enable debug- and backup-flag in android application (<package name> optional)
  -pg, --patch-gadget [package-name]
                        Patch frida gadget into android application without root (<package name> optional)
  -psa, --pack-sign-apk [package-name]
                        Pack modified dump, zipalin it and sign it (<package name> optional)
  -1, --setup-no-root [package-name]
                        Setup .apk for non root device (-dp, -dg, -pg, -psa) (<package name> optional)

Tools:
  Install and run pentest tools on your host

  -tl, --tool-list      Show all supported tools
  -t tool [tool ...], --tool tool [tool ...]
                        Run selected tool with <arguments> (use option 'list' to display all tools)
  -i, --install-tools   Install pentesting tools on local system in a separate environment
  -a, --adb-run         Start adb server with root to avoid a lot of issues using adb

Proxy and WiFi:
  Manage proxy on device and WiFi settings locally

  -ps, --proxy-status   Check WiFi proxy status
  -pe [host:port], --proxy-enable [host:port]
                        Set proxy for WiFi connection on your device (optional <host:port>), if not set loads proxy settings from configuration file
  -pd, --proxy-disable  Disable WiFi proxy
  -ap, --access-point   Create an Hotspot which connected to internet and can be used for Burp proxy
  -bc, --configure-burp [package-name]
                        Embed burp proxy cert to network config for automatic trust (<package name> optional)

:memo: Contributing

You want to contribute? Awesome! Every Single help is appreciated!

Before you start, please check the following points:

Found a bug? - Make sure there is no similar issue reported before creating a new one. Instead add further informations if you have some.
Want to fix an issue/bug? - Make sure nobody is already working on it or ask to help.
New feature idea? - Open an issue first to discuss what you like to change. After that, create a fork of the repository and create a dedicated branch for your feature.

mobile-pentest-toolkit mobile-pentest-toolkit copied to clipboard

Metadata