Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Learning Penetration Testing of Android Applications

How to start with Android Application Pentesting?


The should be very easy. We configured two virtual machines with all tools you need here:

    • OWASP Android VM.ova - Android 5 VM for the Android App Pentest Workshop (SHA256 236917e4953af0b336f373e72e63946a96ade543107f32acf88df12d9e79755a)
    • OWASP Ruhrpott.ova - Ubuntu based VM for the OWASP Android App Pentest Workshop (SHA256 419e7161172b8270cc2c83f7957a4311b57a63f5229cac4d082c4fec6007dd59)


The following are hardware and software recommendations:

  • Linux / Windows / Mac Operating System
  • Oracle VirtualBox (in a recent version)
  • 25 GB of storage on your hard drive
  • >4 GB RAM


  1. After you downloaded the two VMs import them in VirtualBox via File -> Import Appliance ....
  2. Configure the the DHCP of VirtualBox to allow configure the internal network:
    1. VBoxManage dhcpserver add --netname intnet --ip --netmask --lowerip --upperip --enable
  3. Start the Android VM first and wait until it is booted, this ensures that the it will have the IP (PIN: 0000)
  4. Start the OWASP VM. It will should have the IP (pentester:owasp2017)
  5. You are now ready to start with the challenges.


This repository was used in previous Workshops and the following table is used to reference them:

What Where When Slides Link
OWASP Stammtisch Ruhrpott Essen, Germany 31.01.17 Slides Wiki
OWASP Stammtisch Ruhrpott Essen, Germany 04.03.17 Slides Wiki
SHA2017 Zeewolde, Netherlands 05.08.17 Slides Link

It would be nice if you give us a small notice, when you are doing a workshop with our project so we can reference it here.


You can contribute via a pull request or an issue with a bug or a feature request. Please keep in mind that we are developing this project in our free time so a response might take some time. To contribute with challenges see the file.


In the case you are get stuck with a challenge, see the wiki for hints.