- APKTool – Decompile/modify APK (smali-level)
- Jadx / JD-GUI – Convert DEX to readable Java code
- MobSF – Automated static + dynamic scanner
- Androguard – Python tool for APK/DEX/smali analysis
- Bytecode Viewer – Reverse engineering with multiple decompilers
- ClassyShark – Explore APK classes/methods/manifest
- QARK – Detects security issues in APKs
- Enjarify / dex2jar – DEX to Java JAR conversion
- APKLeaks – Extract secrets, tokens, and URLs
- Frida – Hook/modify functions at runtime
- Objection – Runtime exploitation via Frida (no root required)
- Xposed / LSPosed – Framework for modifying app behavior
- Burp Suite – Intercept/modify network traffic
- Drozer – Android app attack framework
- Magisk – Systemless root; works with LSPosed modules
- ADB – Debugging bridge for Android device
- Logcat – Default Android logging system (
adb logcat) - Pidcat – Filtered Logcat output by package
- MatLog – GUI log reader (useful for non-rooted devices)
- XLog / Timber – In-app logging libraries used in apps
- Logd – Android logging daemon behind logcat
- Syslog – For rooted devices to log everything (system + kernel)
Feel free to raise issues or submit PRs to add more Android bug bounty and mobile hacking resources.