Learning Penetration Testing of Android Applications
How to start with Android Application Pentesting?
The should be very easy. We configured two virtual machines with all tools you need here:
OWASP Android VM.ova- Android 5 VM for the Android App Pentest Workshop (
OWASP Ruhrpott.ova- Ubuntu based VM for the OWASP Android App Pentest Workshop (
The following are hardware and software recommendations:
- Linux / Windows / Mac Operating System
- Oracle VirtualBox (in a recent version)
- 25 GB of storage on your hard drive
- >4 GB RAM
- After you downloaded the two VMs import them in VirtualBox via
File -> Import Appliance ....
- Configure the the DHCP of VirtualBox to allow configure the internal network:
VBoxManage dhcpserver add --netname intnet --ip 10.13.13.100 --netmask 255.255.255.0 --lowerip 10.13.13.101 --upperip 10.13.13.254 --enable
- Start the Android VM first and wait until it is booted, this ensures that the it will have the IP
10.13.13.101. (PIN: 0000)
- Start the OWASP VM. It will should have the IP
- You are now ready to start with the challenges.
This repository was used in previous Workshops and the following table is used to reference them:
|OWASP Stammtisch Ruhrpott||Essen, Germany||31.01.17||Slides||Wiki|
|OWASP Stammtisch Ruhrpott||Essen, Germany||04.03.17||Slides||Wiki|
It would be nice if you give us a small notice, when you are doing a workshop with our project so we can reference it here.
You can contribute via a pull request or an issue with a bug or a feature request. Please keep in mind that we are developing this project in our free time so a response might take some time. To contribute with challenges see the CONTRIBUTING.md file.
In the case you are get stuck with a challenge, see the wiki for hints.