Summary
This is a mobile app security testing workflow that walks you through both static and dynamic analysis for Android and iOS. You get practical Frida scripts for bypassing SSL pinning and root detection, ADB commands for exploiting exported components and deep links, and guidance on setting up your lab environment with tools like Objection, Magisk, and jailbreak utilities. The static analysis section covers decompiling APKs with jadx and apktool, dumping iOS classes, and hunting for hardcoded secrets in both platforms. What stands out is the exported components section, which shows exactly how to abuse Activities, Services, Broadcasts, and Content Providers via ADB. It's comprehensive enough for both bug bounty work and formal pentests, though you'll still need to adapt the Frida scripts to app specific obfuscation.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill mobile-pentest --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
