Vagrant build for testing Android and iOS applications. Designed to run in headless mode, all configured tools use the cli.
These instructions can be used to install and launch the box.
Install latest Vagrant from https://www.vagrantup.com/downloads.html
Install virtualbox and extension pack from https://www.virtualbox.org/
Clone Github repository
git clone https://github.com/henryhoggard/mobile-security-vagrant
Start the VM using the following
cd mobile-security-vagrant
vagrant up
SSH to the VM using the following
vagrant ssh
Tools can be found in the following location
/home/vagrant
To share data between host and VM write files to the following location in the VM:
/home/vagrant/shared
The files will be stored within the mobile-security-vagrant folder
- drozer - Android Dynamic Security Testing Framework
- frida - Cross platform hooking framework
- apktool - Decompiling/Patching Android apps
- jadx - Decompiling Android apps
- dex2jar - Decompiling Android apps
- needle - All in one iOS Security Assessment Framework
- jtool - ELF/Mach-O Binary analysis and disassembler
- gdb - Debugger
- adb - Android Debug Bridge
- qark - Android source code review
- androbugs - Android source code review
- radare2 - Debugger
- owasp-mstg - OWASP Mobile Testing Guide
- owasp-masvs - OWASP Mobile Application Security Verification Standard
Changes are welcome, please create a PR explaining the purpose of the change in detail, avoid submitting commercial tools.
This Vagrant configuration is licensed under the MIT License - see the LICENSE file for details