Skip to content
/ Android-Pentesting-Mindmap Public

Your complete roadmap to Android Mobile Penetration Testing Interactive mindmap with tools, methodologies, vulnerable practice apps, and official documentation links. Everything in one place for beginners and pros alike.

android-mindmap.vercel.app/
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Shuuubhraj/Android-Pentesting-Mindmap

BranchesTags

Repository files navigation

Deployed on Vercel Built with v0

Android Pentesting Mindmap

An interactive, comprehensive mindmap for Android Mobile Application Penetration Testing.
Built for security researchers, penetration testers, and anyone looking to master mobile security.

Explore the Mindmap

https://android-mindmap.vercel.app

Your complete roadmap to Android Mobile Application Security Testing

Live Demo OWASP License

About

This mindmap serves as a one-stop resource for Android application security testing.
Whether you're a beginner starting your journey in mobile pentesting or an experienced security professional, this interactive guide covers everything — from prerequisites to advanced exploitation techniques.

Every tool mentioned includes direct links to its official repository or documentation.

Screenshots

Here are some preview screenshots of the Android Pentesting Mindmap in action:

Screenshot 1

Screenshot 2

Screenshot 3

Screenshot 4

Screenshot 5

Screenshot 6

What's Covered

1. Prerequisites

  • Linux Basics
  • Programming Fundamentals (Java recommended)
  • Virtualization Basics
  • App Development Background (optional but helpful)

2. Android Architecture

  • Application Layer
  • Application Framework
  • Libraries & ART (Android Runtime)
  • Linux Kernel

3. Inside an APK

  • AndroidManifest.xml
  • classes.dex
  • Resources (res/ folder)
  • META-INF (certificates & signatures)

4. Lab Setup

  • Attacker VMs: Kali Linux, Parrot OS
  • Emulators: Genymotion, Android Studio AVD, MEmu Play (Free Rooted), LDPlayer, NoxPlayer

5. Android Terminologies

  • Activities, Services, Content Providers
  • Broadcast Receivers, Intents (Explicit/Implicit)
  • Intent Filters, Intent Resolution

6. Tools

Static Analysis:

  • MobSF, JADX, APKTool, APKLeaks, QARK, Yaazhini, AndroBugs, ClassyShark

Dynamic Analysis:

  • Frida, Objection, Drozer, Burp Suite, HTTP Toolkit, Logcat, Pidcat

7. Pentest Methodology

  • Reconnaissance
  • Static Analysis
  • Dynamic Analysis
  • Reporting

8. OWASP Mobile Top 10 (2024 Edition)

  • M1: Improper Credential Usage
  • M2: Inadequate Supply Chain Security
  • M3: Insecure Authentication/Authorization
  • M4: Insufficient Input/Output Validation
  • M5: Insecure Communication
  • M6: Inadequate Privacy Controls
  • M7: Insufficient Binary Protections
  • M8: Security Misconfiguration
  • M9: Insecure Data Storage
  • M10: Insufficient Cryptography

9. Security Checks

  • SSL Pinning & Bypass Techniques
  • Root Detection & Bypass
  • Emulator Detection
  • Sensitive Data in Storage/Memory/Logs
  • Code Obfuscation Analysis
  • Insecure Deeplinks
  • Background Screen Caching
  • Third-party Keyboard Risks
  • Firebase Database Misconfigurations

10. Component Exploitation

  • Activity Hijacking
  • WebView Vulnerabilities (XSS, Local File Inclusion)
  • Content Provider SQL Injection
  • Broadcast Receiver Exploits
  • Intent Spoofing/Sniffing

11. Practice Applications

  • DIVA (Damn Insecure and Vulnerable App)
  • InsecureBankv2
  • Injured Android
  • OWASP UnCrackable Apps
  • InsecureShop
  • AndroGoat
  • DVHMA
  • Vuldroid
  • ovaa (Oversecured Vulnerable Android App)

12. Guides & References

  • OWASP MASTG (Mobile Application Security Testing Guide)
  • OWASP MASVS (Mobile Application Security Verification Standard)
  • HackTricks Mobile Pentesting
  • Android Security Awesome (GitHub)
  • Mobile Security Framework Docs
  • Frida Documentation

Features

  • Interactive UI – Expandable/collapsible sections for smooth navigation
  • Search Functionality – Quickly find any tool, topic, or vulnerability
  • Category Filters – Filter by Prerequisites, Tools, OWASP, Methodology, etc.
  • Dark/Light Mode – Toggle between themes
  • PDF Export – Download the full mindmap as PDF (auto-expands all sections in light mode)
  • Direct Links – Every tool links to official repo/docs
  • Fully Responsive – Perfect on desktop, tablet, and mobile
  • Tool Badges – Clear Static vs Dynamic analysis indicators

Author

Rajput Shubhraj Singh
GitHub: @Shuuubhraj

Acknowledgments

Local Development

# Clone the repository
git clone https://github.com/Shuuubhraj/Android-Pentesting-Mindmap.git

# Navigate to directory
cd Android-Pentesting-Mindmap

# Install dependencies
npm install

# Start development server
npm run dev

About

Your complete roadmap to Android Mobile Penetration Testing Interactive mindmap with tools, methodologies, vulnerable practice apps, and official documentation links. Everything in one place for beginners and pros alike.

android-mindmap.vercel.app/

Topics

android owasp cybersecurity penetration-testing android-security mobile-security appsec mindmap security-tools mobile-pentesting

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages