Android Malware Analysis Tools
Static Analysis
ClassyShark – Standalone android apps binary inspection tool.
StaCoAn – Mobile application static code analysis tool.
SmaliSCA – Smali static code analysis.
maldrolyzer – Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers, etc.).
Argus-SAF – Android application static analysis framework.
DroidRA – Taming reflection to support whole-program analysis of android apps.
Androwarn – Static code analyzer for malicious Android applications.
PScout – Android permission mapping tool.
APK-MiTM – CLI application that automatically prepares Android APK files for HTTPS inspection.
Super Android Analyzer – Secure, Unified, Powerful, and Extensible Rust Android Analyze.
Dynamic Analysis
AppMon – Automated framework for monitoring and tampering system API calls based on Frida.
DroidBox – Dynamic analysis of Android apps.
ConDroid – Execute specific code locations with no app manual interaction.
Wireshark – Network analysis tool.
tcpdump – Network analysis tool.
MiTMProxy – An interactive SSL/TLS-capable intercepting HTTP proxy (great for HTTPS inspection).
Burp Suite – The free web proxy for any browser, system, or platform.
INetSim – Internet Services Simulation Suite.
Reverse Engineering
smali/baksmali – DEX disassembler.
AndroGuard – Python-based tool for Android application reverse engineering.
Apktool – Tool for disassembling, rebuilding, and reversing in an automated matter.
Dex2Jar – DEX to JAR conversion tool.
JD-GUI – Graphical utility that displays Java sources from CLASS files.
JadX – Dex to Java decompiler (command line and GUI).
Krakatau – Python-based decompiler and disassembler.
Procyon – Command-line Java-based decompilation tool.
CFR – Command-line Java-based decompiler and disassembler.
ndk-gdb – GDB Android debugging.
Frida – Dynamic instrumentation framework.
Dwarf – Full-featured multi-arch/os debugger built on top of PyQt5 and Frida.
JEB Decompiler – Android decompiler.
IDA Free/Pro – Disassembler and debugger.
radare2 – Free and open source disassembler and debugger.
Cutter – GUI for radare2.
Binary Ninja – A New Type of Reversing Platform.
Unpacking & Deobfuscation
Quark Engine – Obfuscation-Neglect Android malware scoring system.
DeGuard – Online Android deobfuscation tool.
Simplify – Generic Android deobfuscator.
Forensics
Andriller – Utility with a collection of forensic tools for smartphones.
Mem – Android process memory dumper.
dd – Hard drive and SD card forensics acquisition tool.
Autopsy – Hard drive and SD card forensics analysis tool.
LiME – Memory acquisition tool.
dwarfdump – Linux profile creation for Volatility.
Volatility – Memory forensics analysis framework.
Other
MobSF (Mobile Security Framework) – Malware analysis and security assessment framework capable of performing static and dynamic analysis.
MARA_Framework – Tool that puts together commonly used mobile application reverse engineering and analysis tools.
Cuckoo Sandbox – Free and open-source automated malware analysis sandbox.
Cuckoo-Droid – Cuckoo Sandbox extension for automated Android malware analysis.
Android Tamer – VM/Live OS for Android security research and analysis.
Vezir-Project – VM/Live OS for mobile security research and analysis.