mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 20:55:17 +03:00
c47eed6a64
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
48 lines
1.8 KiB
Markdown
48 lines
1.8 KiB
Markdown
# Mobile Application Penetration Test — API Reference
|
|
|
|
## Libraries & Tools
|
|
|
|
| Tool | Install | Purpose |
|
|
|------|---------|---------|
|
|
| apktool | `apt install apktool` | Android APK decompilation and recompilation |
|
|
| objection | `pip install objection` | Runtime mobile exploration via Frida |
|
|
| frida-tools | `pip install frida-tools` | Dynamic instrumentation framework |
|
|
| jadx | Binary download | Java decompiler for APK source code |
|
|
| MobSF | `docker pull opensecurity/mobile-security-framework-mobsf` | Automated mobile security scanner |
|
|
|
|
## Key objection Commands
|
|
|
|
| Command | Description |
|
|
|---------|-------------|
|
|
| `objection -g <pkg> explore` | Attach to running app |
|
|
| `android sslpinning disable` | Bypass SSL certificate pinning |
|
|
| `android root disable` | Bypass root detection |
|
|
| `android hooking list activities` | List app activities |
|
|
| `android keystore list` | Dump Android Keystore entries |
|
|
| `android clipboard monitor` | Monitor clipboard content |
|
|
|
|
## Frida Script Patterns
|
|
|
|
| Pattern | Purpose |
|
|
|---------|---------|
|
|
| `Java.use("class").method.implementation` | Hook Java method |
|
|
| `Interceptor.attach(addr, {onEnter, onLeave})` | Hook native function |
|
|
| `Java.choose("class", {onMatch, onComplete})` | Find live instances |
|
|
|
|
## OWASP Mobile Top 10 Checks
|
|
|
|
| ID | Vulnerability |
|
|
|----|--------------|
|
|
| M1 | Improper Platform Usage |
|
|
| M2 | Insecure Data Storage |
|
|
| M3 | Insecure Communication |
|
|
| M4 | Insecure Authentication |
|
|
| M5 | Insufficient Cryptography |
|
|
|
|
## External References
|
|
|
|
- [OWASP Mobile Testing Guide](https://owasp.org/www-project-mobile-security-testing-guide/)
|
|
- [Frida Documentation](https://frida.re/docs/home/)
|
|
- [objection Wiki](https://github.com/sensepost/objection/wiki)
|
|
- [apktool Documentation](https://apktool.org/docs/install)
|