🔥 Ultimate Mobile Pentest MCP

v2.0.0

The first unified MCP server that bridges the entire mobile application security arsenal into a single, AI-orchestrated endpoint.

Give your AI agent a scalpel. Give it a sledgehammer. Give it both.

Claude · Gemini · Cursor · Windsurf · Any MCP-Compatible AI Client

DECOMPILE · PATCH · REPACK · BYPASS · INSTRUMENT · OWN

---

⚡ Architecture

flowchart TD
    A["🤖 AI Client\n(Cursor · Claude · Gemini · etc.)\nvia MCP JSON-RPC over stdio"]
    A --> B

    subgraph B["🔥 Ultimate Mobile Pentest MCP"]
        P["⚙️ 6-Layer Token Optimization Pipeline\nLRU Cache → Tiering → Diffing → Summary → Gzip → Artifact Offload"]
        P --> E1 & E2 & E3 & E4 & E5 & E6
        E1[" ADB\n21 tools"]
        E2[" Frida\n14 tools"]
        E3[" Objection\n13 tools"]
        E4[" MobSF\n10 tools"]
        E5[" JADX\n9 tools"]
        E6[" APKTool\n10 tools"]
    end

    E1 --> D1["Device"]
    E2 --> D2["Memory"]
    E3 --> D3["Runtime"]
    E4 --> D4["Web UI"]
    E5 --> D5["Java"]
    E6 --> D6["Smali"]

Loading

---

🧠 The Context Window Problem — Annihilated

A single decompiler listing can generate 100KB+ of output — that's 30,000+ tokens gone in one command. Three commands and your context is dead.

🛡️ The 6-Layer Defense

#	Layer	What It Does	Tokens Saved
1	LRU Cache	Identical calls return instantly — zero execution, zero tokens	100% on repeats
2	Tiered Delivery	minimal · summary · full — AI picks what it needs	60 – 80%
3	Smart Diffing	Sends only what changed between repeated polling calls	85 – 95%
4	Summary Extraction	RegExp matchers strip boilerplate, surface only critical findings	50 – 70%
5	Gzip Compression	Artifacts stored compressed, preserving local disk	70% size cut
6	Artifact Offloading	Dumps >500 lines saved as .md — AI gets path + summary only	95%+

Before:  ████████████████████████████████████  100,000 tokens
After:   ████                                   11,600 tokens  (88.4% saved)

---

🛠️ Arsenal — 83 Tools, 6 Engines

ADB Engine — 21 Tools

Category	Tools
Device Management	adb_devices · adb_getprop · adb_port_forward
Application Operations	adb_install · adb_uninstall · adb_clear_data · adb_list_packages
Security Inspection	adb_dump_package · adb_list_permissions (auto-flags dangerous) · adb_list_activities · adb_check_debuggable
Shell & Filesystem	adb_shell · adb_pull · adb_push
Debug & Monitor	adb_logcat (noise-filtered) · adb_screenshot · adb_backup
Intent Manipulation	adb_start_activity · adb_start_service · adb_broadcast

Frida Instrumentation — 14 Tools

Category	Tools
Session Management	frida_ps · frida_ps_apps · frida_spawn · frida_attach · frida_kill
Scripting & Evaluation	frida_eval (arbitrary JS into process memory) · frida_trace (native method tracer) · frida_enum_classes
⭐ Bypass & Hook Injectors	frida_hook_ssl_pinning (universal SSL bypass) · frida_hook_root_detection · frida_hook_crypto (live AES/DES/RSA key extraction) · frida_hook_intent · frida_hook_shared_prefs · frida_dump_ui

Objection Runtime — 13 Tools

Category	Tools
Inspection	objection_explore · objection_env · objection_clipboard
Bypass	objection_sslpinning_disable
File System & Data	objection_ls · objection_cat · objection_download · objection_sqlite_dump (auto-extracts all SQLite tables) · objection_dump_keys (full keystore dump)
Android / iOS Specifics	objection_list_activities · objection_list_services · objection_list_receivers · objection_search_classes · objection_list_class_methods · objection_plist_read

MobSF Cloud Client — 10 Tools

Category	Tools
Core	mobsf_upload · mobsf_scan · mobsf_delete_scan · mobsf_recent_scans
Reports	mobsf_report_json (machine-readable static analysis) · mobsf_pdf_report (visual PDF dossier)
Dynamic	mobsf_dynamic_start · mobsf_dynamic_stop · mobsf_frida_logs · mobsf_api_info

JADX Decompiler — 9 Tools

Category	Tools
Decompile Core	jadx_decompile · jadx_decompile_resources · jadx_read_source
⭐ Automated Security Audits	jadx_search_secrets (hardcoded API keys, Firebase URLs) · jadx_search_crypto (MD5/SHA-1/ECB insecure usage) · jadx_search_urls (endpoints, domains, IPs from bytecode) · jadx_search_permissions (dangerous permission call sites)
Navigation	jadx_list_classes · jadx_show_structure

APKTool Engine — 10 Tools

Category	Tools
Core	apktool_decode (smali + raw resource disassembly) · apktool_build (rebuilds folder back into binary APK)
Inspection	apktool_read_manifest · apktool_list_resources · apktool_read_resource
⭐ Surgical Patch Suite	apktool_patch_manifest (debuggable / perms / visibility) · apktool_read_smali · apktool_patch_smali (opcode injection) · apktool_search_smali (regex search across all smali) · apktool_patch_and_rebuild (decode ▶ patch ▶ build ▶ sign)

Meta & Workflow — 6 Tools

Tool	Description
pentest_workflow	Full static pipeline in a single command
check_tools	Dependency health check
token_stats	Live optimization dashboard
read_artifact	Read offloaded file payloads

---

Installation

Step 1 — Prerequisites

🐧 Ubuntu / Kali / WSL

sudo apt install -y adb apktool jadx python3-pip npm
pip3 install frida-tools objection

# Optional: MobSF via Docker
docker run -it --rm -p 8000:8000 opensecurity/mobsf:latest

macOS

brew install adb apktool jadx
pip3 install frida-tools objection

# Optional: MobSF via Docker
docker run -it --rm -p 8000:8000 opensecurity/mobsf:latest

Step 2 — Clone & Build

git clone https://github.com/Wael-Rd/ultimate-mobile-mcp.git
cd ultimate-mobile-mcp
npm install && npm run build

Step 3 — Register (Claude Desktop — One Command)

npm run register
# ✓ Detected OS config path
# ✓ Injected mobile-pentest server entry
# ✓ Restart Claude Desktop to activate

---

⚙️ Manual Config

Cursor / Windsurf

{
  "mcpServers": {
    "mobile-pentest": {
      "command": "node",
      "args": ["/absolute/path/to/ultimate-mobile-mcp/dist/index.js"],
      "env": {
        "MOBSF_URL": "http://127.0.0.1:8000",
        "MOBSF_API_KEY": "YOUR_MOBSF_API_KEY_HERE"
      }
    }
  }
}

Claude Desktop Config Paths

OS	Path
macOS	~/Library/Application Support/Claude/claude_desktop_config.json
Windows	%APPDATA%\Claude\claude_desktop_config.json
🐧 Linux	~/.config/Claude/claude_desktop_config.json

---

💡 Real-World Prompts

Full Automated Scan

"Run a full pentest_workflow on test.apk and report all high-severity findings."

Decompiles · parses manifest · scans secrets · audits crypto · outputs a single MD dossier

🔓 SSL Pinning Bypass

"Launch frida_hook_ssl_pinning on process com.insecure.bank so I can proxy traffic."

Spawns under Frida · injects universal bypass · logs intercepted traffic in real time

🔧 Patch APK & Recompile

"Add android:debuggable=true to the manifest and recompile with apktool_patch_and_rebuild."

Injects flag · patches smali check · rebuilds APK · signs it · done

🔑 Live Crypto Key Extraction

"Inject crypto tracer into com.insecure.bank and show me raw AES keys from login."

Hooks cryptographic APIs · dumps live keys · captures payload before encryption

---

📊 Performance

╔══════════════════════════════════════════════════╗
║           MCP OPTIMIZATION METRICS              ║
╠══════════════════════╦═══════════════════════════╣
║  Total Calls Logged  ║  83                      ║
║  Raw Bytes Processed ║  2.4 MB                  ║
║  LLM Context Saved   ║  1,840,000 tokens        ║
║  Compression Ratio   ║  88.4%                   ║
╠══════════════════════╩═══════════════════════════╣
║                                                  ║
║  Raw    ████████████████████████  100%          ║
║  After  ████                      11.6%  🔥     ║
╚══════════════════════════════════════════════════╝

Run token_stats at any time to view your live dashboard.

---

⚠️ Legal Disclaimer

This tool is intended STRICTLY for:

• ✅ Authorized security research
• ✅ Application security auditing
• ✅ Bug bounty evaluations with explicit scope

Usage against targets without explicit written consent is ILLEGAL under the CFAA, Computer Misuse Act, and equivalent laws worldwide.

The author assumes ZERO liability for misuse. You own your actions. Use responsibly.

---

📄 MIT License · 🐛 Issues · ⭐ Star this repo · 🍴 Fork it

Built with ❤️ by Wael-Rd