30 open-source projects similar to m0bilesecurity/rms-runtime-mobile-security, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best RMS Runtime Mobile Security alternative.
Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing. The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage syst
Mobile Security Framework is an automated security testing platform designed for the analysis of Android, iOS, and Windows mobile application binaries. It functions as a comprehensive suite for identifying security vulnerabilities, privacy risks, and malicious code within mobile software packages. The framework distinguishes itself by combining static and dynamic analysis techniques to evaluate application behavior. It performs static inspection of source code and binaries to detect insecure patterns, while simultaneously utilizing dynamic instrumentation and containerized sandboxing to monit
Drozer is a security testing framework and runtime analyzer for Android applications and devices. It functions as an exploit management framework and a security toolset used to identify vulnerabilities, misconfigurations, and leaks within the Android operating system and its installed applications. The framework enables the simulation of application behavior and the interaction with communication endpoints to detect security flaws. It manages the execution, analysis, and sharing of public exploits for mobile security research. The system provides capabilities for application auditing, vulner
Byte Buddy is a runtime code generation and bytecode manipulation library for Java. It provides a fluent API for creating and modifying Java classes during execution, enabling developers to define class structures, methods, and fields programmatically without requiring a compiler or direct bytecode assembly. The library supports agent-based class transformation, allowing loaded classes to be modified during JVM startup or runtime through a Java agent that intercepts class loading. It offers bytecode-level method interception for fine-grained control over method behavior, annotation-based code
apk-mitm is a command-line utility designed to modify Android APK files to enable HTTPS traffic inspection via a proxy. It functions as a network security patcher and certificate pinning bypass tool, automating the process of altering application packages to allow man-in-the-middle traffic analysis. The tool modifies compiled Android packages by unpacking them, altering internal files, and re-encoding the binary. It specifically focuses on disabling certificate pinning and injecting network security configurations into the application manifest, which permits the use of proxy certificates on b
github-script is a GitHub Actions JavaScript runner that executes asynchronous scripts to interact with the GitHub API. It serves as a JavaScript workflow scripting runtime and API client, providing a pre-configured authenticated client for automating tasks within GitHub Actions pipelines. The project enables the implementation of custom workflow logic that exceeds standard YAML syntax, including the ability to perform REST API calls and execute GraphQL queries for complex data extraction. It supports the management of multiple authenticated clients to facilitate cross-organization repository
Hooker is a toolkit for the dynamic instrumentation, memory analysis, and deobfuscation of Android applications. It functions as a reverse engineering framework that uses Frida to inject scripts into running processes, monitor native calls, and extract executable DEX files. The project provides specialized utilities for bypassing security controls, including tools to disable SSL certificate validation and BoringSSL pinning to enable HTTPS traffic interception. It includes capabilities for detecting application packing, extracting cryptographic keys by hooking encryption algorithms, and circum
JustTrustMe is an Android security auditing tool and mobile application penetration testing utility. Its primary purpose is to bypass hardcoded certificate requirements and disable SSL pinning in mobile applications to allow the inspection of encrypted API requests and responses. The project functions as a dynamic method hooking module that integrates with the Xposed framework. It uses system-level instrumentation to intercept Java runtime function calls and override security checks within third-party Android applications. The tool covers a range of capabilities including the disabling of SS
Frida is a dynamic binary instrumentation toolkit that provides a framework for deep process introspection and live application state manipulation. It enables the injection of custom scripts into running processes to trace function calls, modify memory, and analyze application behavior in real-time across diverse operating systems and processor architectures. The project distinguishes itself by embedding a high-performance JavaScript engine directly within the target process, allowing for the execution of user-defined logic for real-time inspection. It utilizes instruction-level hooking to re
Arthas is a Java diagnostic tool and runtime debugger designed for real-time troubleshooting of applications. It functions as a remote diagnostics agent that allows users to inspect the runtime state of a Java process, including its heap objects and classloader hierarchies, without requiring a process restart. The project distinguishes itself through advanced bytecode manipulation capabilities, enabling live class hotswapping and the modification of bytecode in running processes. It supports in-memory source compilation and runtime bytecode decompilation to verify and update logic instantly w
This project is a comprehensive Android reverse engineering suite that functions as a decompiler, bytecode deobfuscator, and malware analysis tool. It is designed to convert APK, DEX, and OAT binaries into human-readable source code using a native implementation that does not require a Java Virtual Machine. The platform is distinguished by its integration with Frida for dynamic analysis, allowing users to hook methods, inject custom JavaScript, and dump device memory in real time. It also features specialized security engines, including a taint propagation engine and a stack-state machine, to
Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and
This project is an OS-level process sandbox and cross-platform security wrapper for Linux and macOS. It is designed to isolate arbitrary processes from the host machine by restricting filesystem and network access without the use of full containerization. The system functions as a system-call interceptor and access controller, blocking unauthorized operating system calls based on predefined security policies. It employs allowlists and denylists to manage resource requests and monitors for security violations in real time. Capability areas include filesystem access management using glob-patte
Delve is a command-line debugger designed for programs written in the Go programming language. It provides an interactive interface for runtime analysis, allowing developers to control program execution, inspect memory and variable states, and navigate call stacks to identify logic errors. The tool distinguishes itself through deep integration with the Go runtime, specifically by providing goroutine-aware stack unwinding and the ability to manage concurrent execution threads. It utilizes a client-server protocol to decouple the debugger engine from the user interface, enabling both local and
Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.
Automation of some MAPT activities and interaction with the mobile Android device.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.
📱 Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices.
Theos is a cross-platform mobile development toolchain and build system designed for compiling and packaging software for mobile operating systems. It functions as a system tweak kit and runtime hooking framework, allowing developers to create modifications that alter the internal behavior of mobile OS environments. The project distinguishes itself by providing specialized preprocessor syntax that generates low-level API calls, removing the boilerplate code typically required for function and method hooking. It enables dynamic runtime method swizzling and class extensions, allowing developers
Simplify is an Android virtual machine sandbox, bytecode execution tracer, and static analysis framework. It serves as a Dalvik bytecode deobfuscator designed to recover readable code from binaries by simulating program behavior without a physical device. The project distinguishes itself by using execution graph analysis to resolve reflection calls and simplify obfuscated code through constant propagation and dead code removal. It employs multi-path execution simulation to track all possible conditional branch outcomes and maps instruction flow to identify constant values. The system covers
This project is a collection of practical scripts and reference guides that demonstrate advanced Python language features and idioms. It provides code implementations for mastering concepts such as concurrency, metaprogramming, and data structure design. The repository includes examples of the Python object model, covering custom attribute access, descriptor protocols, and special method overrides. It also features implementations of design patterns that utilize first-class functions and decorators to reduce object-oriented boilerplate. The codebase covers a broad range of capabilities, incl
Unicorn is a multi-architecture CPU emulation framework and library that utilizes just-in-time compilation to execute instructions across various processor architectures, including ARM, x86, and RISC-V. It functions as both a JIT compilation engine and an instrumentation tool, allowing for the execution of machine code without the need for physical hardware. The framework is distinguished by its hook-based execution instrumentation, which enables the interception of specific instructions and memory accesses to trigger custom callback functions. It provides a language-agnostic binding layer an
BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
Booster is an Android app build optimizer and bytecode manipulator designed to reduce binary size, fix system-level crashes, and improve application performance. It functions as an extensible build process plugin that modifies compiled class files and build artifacts to inject stability fixes and optimizations without altering the original source code. The project differentiates itself through low-level bytecode manipulation to patch OS-level bugs and manage thread pools during the compilation phase. It also provides a performance profiling toolkit to identify main-thread blocking operations
Reverse engineering and pentesting for Android applications
JSPatch is a JavaScript native bridge and method swizzler that allows for the dynamic injection of logic into a hosted native environment. It functions as a cross-language data mapper and execution engine, enabling the replacement of native function pointers with JavaScript wrappers to modify application behavior at runtime. The project provides the ability to perform runtime application patching by overriding native class methods and object properties. This allows for the modification of application logic and the application of hotfixes using JavaScript code loaded from local files or remote
Kali NetHunter is a mobile penetration testing platform designed to run security assessment and network auditing tools directly on Android hardware. It provides a specialized environment for performing vulnerability research, wireless network analysis, and security testing on both local and remote systems. The platform functions by deploying a full Linux distribution alongside the host mobile operating system, utilizing filesystem isolation and overlay integration to maintain access to system resources. It enables direct interaction with mobile hardware by bypassing standard application restr
BetterDisplay is a comprehensive display management utility and virtual display engine designed to provide granular control over monitor configurations. It functions as a low-level hardware controller that interacts directly with graphics drivers and system APIs to override manufacturer limitations, enabling users to manage resolution, scaling, brightness, and color profiles across complex multi-monitor setups. The project distinguishes itself through its ability to generate synthetic virtual displays and inject custom framebuffers into the graphics pipeline, allowing for arbitrary resolution