ANDROID PENTESTING SERIES PART 6 : Setting up Android Pentest Lab

To setup Android pentest Lab we have to install following things :


VirtualBox is used as a core by Genymotion to virtualize Android Operating Systems. So in order to have a successful Genymotion installation you need VirtualBox in your system. Just go to virtualbox website Link, download appropriate version of your OS then install it. You can find more details about virtualbox installation here.


Genymotion is a popular Android emulator based on VirtualBox. It is a proprietary software, but the personal edition for gaming is absolutely free, and we are going to use it for appsec. You can download genymotion from here. There are two version available, First one is without virtualbox and second one with virtualbox. So if you previously installed virtualbox and download first one or download the second one, it will automatically install the virtual box. For more instruction about installation follow this post.

Install SDK Platform Tools

Android SDK support tools contains important tools like adb. To install platform tools first download it from here, then extract it and add the path into environment variable.


JD-GUI is a standalone graphical utility that displays the Java source code from the class files. You can download JD-GUI from here.


It is a tool to work with Android .dex and .jar files. This helps convert the .dex file to .class file (zipped jar files). You can download d2j-dex2jar from here.


A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications. It also makes working with an app easier because of the project like file structure and automation of some repetitive tasks like building apk, etc. Download Link.

Bytecode Viewer

Bytecode Viewer – a lightweight user-friendly Java/Android Bytecode Viewer, decompiler & More. Github link.


GDA is an apk Dalvik Bytecode decompiler, which also shows some basic static analysis of the application. It has also contains a lot of functionalities. Github


Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pentesting framework capable of performing static, dynamic, and malware analysis. It can be used for effective and fast security analysis of Android, iOS, and Windows mobile applications and support both binaries (APK, IPA, APPX) and zipped source code. MobSF can also perform dynamic testing of the application. You can download MobSF from here.


Burp Suite is one of the most widely used software packages for not only pentesting web applications but, for pentesting mobile applications as well. It is designed for the hands-on penetration tester and has a host of functionalities that help perform various Security related tasks depending on the environment in which it is being used. For our perpose burpsuite community version would be enough. Download Link.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.