Android Malware Analysis Tools
Static Analysis

ClassyShark – Standalone android apps binary inspection tool.

StaCoAn – Mobile application static code analysis tool.

SmaliSCA – Smali static code analysis.

maldrolyzer – Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers, etc.).

Argus-SAF – Android application static analysis framework.

DroidRATaming reflection to support whole-program analysis of android apps.

Androwarn – Static code analyzer for malicious Android applications.

PScout Android permission mapping tool.

APK-MiTMCLI application that automatically prepares Android APK files for HTTPS inspection.

Super Android Analyzer – Secure, Unified, Powerful, and Extensible Rust Android Analyze.

Dynamic Analysis

AppMon – Automated framework for monitoring and tampering system API calls based on Frida.

DroidBoxDynamic analysis of Android apps.

ConDroid – Execute specific code locations with no app manual interaction.

Wireshark – Network analysis tool.

tcpdump – Network analysis tool.

MiTMProxyAn interactive SSL/TLS-capable intercepting HTTP proxy (great for HTTPS inspection).

Burp Suite – The free web proxy for any browser, system, or platform.

INetSim – Internet Services Simulation Suite.

Reverse Engineering

smali/baksmali – DEX disassembler.

AndroGuard – Python-based tool for Android application reverse engineering.

Apktool – Tool for disassembling, rebuilding, and reversing in an automated matter.

Dex2Jar – DEX to JAR conversion tool.

JD-GUI – Graphical utility that displays Java sources from CLASS files.

JadX – Dex to Java decompiler (command line and GUI).

Krakatau – Python-based decompiler and disassembler.

Procyon – Command-line Java-based decompilation tool.

CFR – Command-line Java-based decompiler and disassembler.

ndk-gdb – GDB Android debugging.

Frida – Dynamic instrumentation framework.

DwarfFull-featured multi-arch/os debugger built on top of PyQt5 and Frida.

JEB Decompiler – Android decompiler.

IDA Free/Pro – Disassembler and debugger.

radare2 – Free and open source disassembler and debugger.

Cutter – GUI for radare2.

Binary Ninja – A New Type of Reversing Platform.

Unpacking & Deobfuscation

Quark EngineObfuscation-Neglect Android malware scoring system.

DeGuard – Online Android deobfuscation tool.

SimplifyGeneric Android deobfuscator.


Andriller – Utility with a collection of forensic tools for smartphones.

Mem – Android process memory dumper.

dd – Hard drive and SD card forensics acquisition tool.

Autopsy – Hard drive and SD card forensics analysis tool.

LiME – Memory acquisition tool.

dwarfdump – Linux profile creation for Volatility.

Volatility – Memory forensics analysis framework.


MobSF (Mobile Security Framework) – Malware analysis and security assessment framework capable of performing static and dynamic analysis.

MARA_Framework – Tool that puts together commonly used mobile application reverse engineering and analysis tools.

Cuckoo Sandbox – Free and open-source automated malware analysis sandbox.

Cuckoo-Droid – Cuckoo Sandbox extension for automated Android malware analysis.

Android Tamer – VM/Live OS for Android security research and analysis.

Vezir-Project – VM/Live OS for mobile security research and analysis.