mobile-pentest-toolkit

The mobile pentest toolkit (MPT) was presented on conference OWASP Bucharest AppSec 2018.

• Tales of Practical Android Penetration Testing (Mobile Pentest Toolkit)

Install Dependencies

pip3 install -r requirements.txt

Install zsh plugin (autocomplete support)

:warning: You need to install Oh My ZSH

cp -r mpt/mpt-zsh-plugin/ ~/.oh-my-zsh/plugins/mpt

Enable MPT plugin in .zshrc by adding the fooling line plugins=(mpt)

Start New Project

1. Setup pentest environment and install required tools

mpt --install tools

2. Prepare pentest device

mpt --install apps

3. Setup a new pentest project

mpt --setup <apk-file>

Usage

mpt.py <command> [options]

--adb-run               -- start adb server
--backup                -- [package-name] backup an android application
--config                -- show current pentest config
--drozer                -- run drozer application
--frida                 -- run frida server on the device
--help                  -- show print message and exit
--inspeckage            -- open Inspeckage web interface
--install               -- install required packages [tools|apps]
--list-packages         -- show all installed packages (use option all to di
--mobile-sec-framework  -- run Mobile Security Framework (MobSF)
--pidcat                -- [package-name] show colored logcat for a specific
--root-detection        -- [package-name]disable root detection (<package na
--setup                 -- [APK] setup pentest environment
--source                -- start java decompiler for source code analysis
--ssl-pinning           -- [package-name]disable SSL pinning (<package name>

License

GNU GPL v3 ©@coreb1t