Skip to content
/ mobile-pentest-assistant Public

Mobile Pentest Assistant is a toolkit designed to streamline and automate your mobile security (mobsec) workflow.

License

GPL-3.0 license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shoaloak/mobile-pentest-assistant

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
mpa
mpa
 
 
.gitignore
.gitignore
 
 
COPYING.LESSER.txt
COPYING.LESSER.txt
 
 
COPYING.txt
COPYING.txt
 
 
README.md
README.md
 
 

Repository files navigation

Mobile Pentest Assistant

 _______  _____  _______
 |  |  | |_____] |_____|
 |  |  | |       |     |
 Automate your mobsec flow

Mobile Pentest Assistant (MPA) is a toolkit designed to streamline and automate your mobile security (mobsec) workflow. It simplifies and accelerates common pentesting operations for mobile devices.

Requirements

  • iOS: libimobiledevice, QuickTime Player

    • macOS - brew install libimobiledevice
    • Debian / Ubuntu / Kali - apt install libimobiledevice

  • Android: Android Debug Bridge (ADB), scrcpy

    • macOS - brew install android-platform-tools scrcpy
    • Debian / Ubuntu / Kali - apt install android-tools-adb scrcpy

  • Python: Frida

    • Install all - pip install -r requirements.txt
    • Separate packages - pip install frida

Notes

Quicktime is currently MacOS only for screen sharing, Linux will need a different solution. Linux will need some work in general, as everything was written on an ARM Mac so far.

I made a wrapper around adb because Python native solutions are incomplete: pure-python-adb, e.g., has no reverse. adb_shell is wonky/has experimental USB support.

Libimobiledevice does provide a python3 interface, but I saw no brew package for this. So I decided to go the same route as Android for now, wrapping around the programs, but this could be potentially improved in the future.

Roadmap

  • detect devices
  • screen mirroring
  • shell/command
    • Android
    • iOS
  • HTTP(s) redirect
    • Android
    • iOS
      • Install generated MPA SSH certificate on idevice. As SSH is used for shell, mitm, etc.
      • Storage (sqlite?) JSON was a temporary hack, we can do better.
  • certificate install/enablement
    • Android
    • iOS
  • menu to select action
  • command line interface
  • first time run show license info
  • Frida
    • detection
    • installation/update
  • custom scripting/modules
  • ???
  • Profit!

License

Mobile Pentest Assistant is licensed under the GNU Lesser General Public License v3.0 (LGPL-3.0), also included in the repository in the COPYING.LESSER.txt file. Note that since the LGPL-3.0 is a set of additional permissions on top of the GNU Public License v3.0 (GPL-3.0), it is also included in the repository in the COPYING.txt file.

About

Mobile Pentest Assistant is a toolkit designed to streamline and automate your mobile security (mobsec) workflow.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages