Android Mobile Pentest

Appie v3 – Android Pentesting Portable Integrated Environment

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual Machine(VM) or dualboot.
It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android Security Analysis Tool and is a one stop answer for all the tools needed in Android Application Security Assessment, Android Forensics, Android Malware Analysis.

 

Which tools are included in Appie ?

  • Android Debug Bridge
  • Apktool
  • AndroBugs Framework
  • AndroGuard
  • Androwarn
  • Atom
  • ByteCodeViewer
  • Burp Suite
  • Drozer
  • dex2jar
  • Eclipse IDE with Android Developer Tools
  • Introspy-Analyzer
  • Java Debugger
  • jadx
  • Jd-Gui
  • Pidcat
  • SQLite Database Browser
  • SQLmap
  • Volatility Framework
  • It also has Java Runtime Environment(JRE) and python installed, so you can run Appie on even a freshly installed windows installation.
  • It also has Mozilla Firefox with some security addons.
  • Nearly all UNIX commands like ls, cat, chmod, cp, find, git, unzip, mkdir, ssh, openssl, keytool, jarsigner and many others.
  • It has also has vulnerable android applications like Owasp GoatDroid Project Configured and InsecureBank-v2 to test your skills on them.

Usage:

  • Apktool can be used by the keyword apktool.
  • AndroBugs Framework can be used by the keyword androbugs
  • Androwarn Usage

    Type androwarn in the console to open androwarn directory and then see usage for it’s usage.

  • Androguard Usage

    There are several files in androguard project. You can look about their individual usage on their website. For example, if you wanted to use androgui then just type androgui on the terminal.

  • To open atom, type atom in the terminal and it will open Atom text editor in other half of the terminal. It has been customized like this to have a better experience while testing. No hassle of Tabs/Windows.
  • Type bytecodeviewer to open ByteCodeViewer.
  • Burpsuite

    Type burpuite in the Appie console to open up BurpSuite.

  • Drozer Usage
    • Type in drozer console connect and drozer application will load up in the right half.
  • eclipse can be used to launch Eclipse IDE for Android Application Development.
  • use firefox to open up Mozilla Firefox.
  • Jd-GUI Usage
    • Type jdgui in the console and a new tab will open with JD-GUI in it .
  • Type jadx to use jadx.
  • Pidcat Usage

    In order view logcat entries for org.owasp.goatdroid.fourgoats, type pidcat org.owasp.goatdroid.fourgoats in Appie and you would see something similar.

    • Use sqlitebrowser to open SQLite Database Browser.
  • Type sqlmap to use SQLmap.
  • Volatility Usage

    Type volatility in the console to use this.

  • Wireshark Usage

    Type wireshark in Appie console to open wireshark within Appie.

Demo Video
Below is short demonstration video of Appie.

 

I started blogging around 2011 at #Ubuntupirates, #ProjectX and #pir8geek, I’m currently working as Network/Linux SysAdmin.

I’m a Linux,opensource advocate and interested in network security and InfoSec.

Leave a Reply