Skip to content
Learning Penetration Testing of Android Applications
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Learning Penetration Testing of Android Applications

How to start with Android Application Pentesting?


The should be very easy. We configured two virtual machines with all tools you need here:

    • OWASP Android VM.ova - Android 5 VM for the Android App Pentest Workshop (SHA256 236917e4953af0b336f373e72e63946a96ade543107f32acf88df12d9e79755a)
    • OWASP Ruhrpott.ova - Ubuntu based VM for the OWASP Android App Pentest Workshop (SHA256 419e7161172b8270cc2c83f7957a4311b57a63f5229cac4d082c4fec6007dd59)


The following are hardware and software recommendations:

  • Linux / Windows / Mac Operating System
  • Oracle VirtualBox (in a recent version)
  • 25 GB of storage on your hard drive
  • >4 GB RAM


  1. After you downloaded the two VMs import them in VirtualBox via File -> Import Appliance ....
  2. Configure the the DHCP of VirtualBox to allow configure the internal network:
    1. VBoxManage dhcpserver add --netname intnet --ip --netmask --lowerip --upperip --enable
  3. Start the Android VM first and wait until it is booted, this ensures that the it will have the IP (PIN: 0000)
  4. Start the OWASP VM. It will should have the IP (pentester:owasp2017)
  5. You are now ready to start with the challenges.


This repository was used in previous Workshops and the following table is used to reference them:

What Where When Slides Link
OWASP Stammtisch Ruhrpott Essen, Germany 31.01.17 Slides Wiki
OWASP Stammtisch Ruhrpott Essen, Germany 04.03.17 Slides Wiki
SHA2017 Zeewolde, Netherlands 05.08.17 Slides Link

It would be nice if you give us a small notice, when you are doing a workshop with our project so we can reference it here.


You can contribute via a pull request or an issue with a bug or a feature request. Please keep in mind that we are developing this project in our free time so a response might take some time. To contribute with challenges see the file.


In the case you are get stuck with a challenge, see the wiki for hints.

You can’t perform that action at this time.