Open-source and commercial tools for Android security analysis, device management, network interception, reverse engineering, and sandboxing.
Analysis & Detection
| Tool |
Purpose |
| Androguard |
Python framework for Android app analysis |
| APKiD |
Packer, protector, obfuscator identification |
| APKLeaks |
Extract URLs, endpoints, and secrets from APK files |
| dex2jar |
DEX to JAR conversion |
| Droidlysis |
Automated Android malware property extraction (permissions, receivers, services) |
| Drozer |
Android security assessment framework. IPC probing, provider testing. |
| MobSF |
Automated mobile security analysis |
| Quark Engine |
Android malware scoring and behavior analysis |
| SUPER |
Secure, Unified, Powerful and Extensible Rust Android Analyzer |
| VirusTotal |
Multi-engine malware scanning. 70+ AV engines. See Naming Conventions for detection name formats. |
Device
| Tool |
Purpose |
| LSPosed |
Xposed framework for modern Android |
| Magisk |
Root management with detection bypass |
| Shizuku |
Privileged API access without root via ADB shell identity |
Network
| Tool |
Purpose |
| Burp Suite |
HTTP/HTTPS proxy and traffic interception |
| mitmproxy |
Scriptable HTTPS proxy |
Reverse Engineering
| Tool |
Purpose |
| apktool |
APK disassembly and reassembly |
| Bytecode Viewer |
Multi-decompiler view (Procyon, CFR, FernFlower, jadx side-by-side) |
| Frida |
Dynamic instrumentation: hooking, tracing, modifying runtime behavior |
| frida-dexdump |
Dump DEX files from packed apps at runtime |
| Ghidra |
Native code reverse engineering (NSA, free) |
| jadx |
DEX to Java decompiler |
| medusa |
Extensible framework combining Frida scripts for Android dynamic analysis |
| Objection |
Frida-powered runtime exploration |
| reFrida |
Browser-based Frida IDE with Monaco editor, disassembler, memory search, Stalker tracing, and visual interceptor builder |
| r2frida |
Radare2 + Frida integration |
| radare2 |
Open-source reverse engineering framework |
Reference Data
Emulation & Sandboxing