# MPT (Mobile Pentest Toolkit)
The MPT (Mobile Pentest Toolkit) is a must-have solution for your android penetration testing workflows. This tool allow you to automate security tasks and focus on security assessment without to know, where the tools are located and with parameters are required.
Features:
- Automation of your security checks
- Perform project based security assessments
- TMP provides a full set of required tools on any linux distribution
- local installation of required tools, you can easy extend missing tools
- installation of required APKs on your devices
- ADB is included
- Switch WI-FI proxy on your device (e.g. Burp Proxy)
- Show colored logcat output with special highlighting
- Install and run frida server on your device
- Dump application memory
- Analyse source code using several decompilers
- Backup and dump you application data from device. Even if backup is disabled.
- Disable SSL pinning
- Disable root detection
- Start security tools from one place
list of available tools:
* MobSF [ Mobile Security Framework (MobSF) ]
* RMS [ Runtime Mobile Security (RMS) ]
* objection [ Runtime Mobile Exploration Toolkit ]
* jadx [ Dex to Java decompiler ]
* jd-gui [ Java Decompiler, dex2jar required ]
* luyten [ Java Decompiler Gui for Procyon ]
* sqlitestudio [ Multi-platform SQLite database manager ]
* pidcat [ excellent logcat color script ]
* pidcat-ex [ PID Cat (extended version) ]
* adus [ Bash script to dump, build and sign apk ]
* fridump [ Memory dumping tool uring frida ]
* adb [ Android Debug Bridge (adb) ]
* aapt [ Android Asset Packaging Tool ]
* abe [ Android backup extractor, android:allowBackup="true" required ]
* signapk [ sign an apk with the Android test certificate ]
* apktool [ A tool for reverse engineering Android apk files ]
* dex2jar [ Convert the Dalvik Executable (.dex) file to jar ]
* janus [ scans an APK and an Android device for CVE-2017–13156 ]
* linux-router [ Set Linux as router in one command. Able to provide Internet, or create WiFi hotspot ]
* scrcpy [ Application mirrors Android devices (video and audio) connected via USB ]
The mobile pentest toolkit (MPT) was presented on conference OWASP Bucharest AppSec 2018.
* [Tales of Practical Android Penetration Testing
(Mobile Pentest Toolkit)](https://www.owasp.org/images/4/4b/OWASP-Tales-of-practical-penetration-testing.pdf)
# Installation
## Installation using PIPX (preferred installation method)
```
pipx install mptsec
# alternative way install from a public repository
pipx install git+https://github.com/ByteSnipers/mobile-pentest-toolkit --include-deps
```
### 1. if required install pipx
```
# Python (pip)
python3 -m pip install --user pipx
# Debian/Ubuntu/Kali
sudo apt update
sudo apt install python-pipx
# Fedora/Red Hat
sudo dnf install pipx
# Arch Linux/Black Arch
sudo pacman -S python-pipx
# openSUSE
sudo zypper install python-pipx
```
### 2. ensure pipx path is set correctly
The pipx ensurepath command is used to ensure that the directory containing pipx's installed binaries is included in your system's `PATH` environment variable.
```
pipx ensurepath
```
## Installation using PIP
```
pip install mptsec
```
If `pip install mptsec` fails, you can isolate the installation using a virtual environment (venv) to avoid system-level conflicts.
```
python3 -m venv venv
source venv/bin/activate
pip install mptsec
```
# Update
### Update using PIPX
```
pipx install git+https://github.com/ByteSnipers/mobile-pentest-toolkit --include-deps --force
```
### Update using MPT
```
mpt --update
```
# Uninstallation
### Uninstall using PIPX
```
pipx uninstall mptsec
```
### Uninstall using PIP
```
pip uninstall mptsec
```
# Configuration
### Alias pentest-dir
You can set this alias to quickly and easily navigate to your project directory based on the configuration in the `settings.json` file. Here’s how you can do it:
#### Adding the Alias to `.bashrc` or `.zshrc`
Run the following command to add the alias to your `.bashrc` file:
```
echo '\n# mpt alias\nalias pentest-dir="cd $(cat /home/$USER/.mpt/settings.json | grep pentest-dir | awk -F'\''\\"'\'' '\''{print $4}'\'') && ls -l"' >> ~/.bashrc
```
You can also add a new alias manually to your `.bashrc` file:
```
alias pentest-dir="cd $(cat /home/$USER/.mpt/settings.json | grep pentest-dir | awk -F'\"' '{print $4}') && ls -l"
```
#### Activating the Alias:
After adding the alias, reload your .bashrc file to make it immediately available or open a new terminal window
```
source ~/.bashrc
```
### Install zsh plugin (autocomplete support) - Outdated
:warning: You need to install [Oh My ZSH](https://github.com/robbyrussell/oh-my-zsh)
:warning: The command line options has not been updated for a while and does not match with the latest version. PRs are welcome
```
cp -r mpt/mpt-zsh-plugin/ ~/.oh-my-zsh/plugins/mpt
```
Enable MPT plugin in `.zshrc` by adding the fooling line `plugins=(mpt)`
# Start New Project
1) Setup pentest environment and install required tools
```
mpt --install-tools
```
2) Setup a new pentest project
```
mpt --setup <apk-file>
```
# Usage
```
mpt.py <command> [options]
options:
-h, --help show this help message and exit
--update Update MPT to the latest version
Pentest:
Configure and manage current pentest
--setup [APK] Setup pentest environment
--config Show current pentest config
Frida:
Run frida server and execute frida scripts
-f, --frida Run frida server on the device
-fs, --frida-select-version
Run frida server on the device (select frida version)
-s [package-name], --ssl-pinning [package-name]
Disable SSL Pinning (<package name> optional)
-r [package-name], --root-detection [package-name]
Disable Root Detection (<package name> optional)
Application:
Perform app related tasks
-l [all], --list-packages [all]
Show all installed packages (use option 'all' to display system apps)
-p [package-name], --pidcat [package-name]
Show colored logcat for a specific application (<package name> optional)
-st, --screenshot Take a screenshot from device screen
-sc, --screen-copy Mirrors Android device screen connected via USB to host (scrcpy)
-D, --fridump Dump application memory
-b [package-name], --backup [package-name]
Backup an android application (<package name> optional)
-d [decompiler], --decompile [decompiler]
Start java decompiler for source code analysis (<decompiler> optional): jadx(default), jd-gui, luyten
Tools:
Install and run pentest tools on your host
-tl, --tool-list Show all supported tools
-t tool [tool ...], --tool tool [tool ...]
Run selected tool with <arguments> (use option 'list' to display all tools)
-i, --install-tools Install pentesting tools on local system in a separate environment
-a, --adb-run Start adb server with root to avoid a lot of issues using adb
Proxy and WiFi:
Manage proxy on device and WiFi settings locally
-ps, --proxy-status Check WiFi proxy status
-pe [host:port], --proxy-enable [host:port]
Set proxy for WiFi connection on your device (optional <host:port>), if not set loads proxy settings from configuration file
-pd, --proxy-disable Disable WiFi proxy
-ap, --access-point Create an Hotspot which connected to internet and can be used for Burp proxy
```
## License
[GNU GPL v3](LICENSE) ©[@bytesnipers](https://bytesnipers.com)
Raw data
{
"_id": null,
"home_page": null,
"name": "mptsec",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "MPT, Mobile, Pentesting",
"author": null,
"author_email": "Alexander Subbotin <dev@bytesnipers.com>",
"download_url": "https://files.pythonhosted.org/packages/bd/66/c63abba873cab02cde08ac232ef204df349ded3d35da261b3f4ebaa30fec/mptsec-0.7.53.tar.gz",
"platform": null,
"description": "\n\n\n\n\n# MPT (Mobile Pentest Toolkit)\n\nThe MPT (Mobile Pentest Toolkit) is a must-have solution for your android penetration testing workflows. This tool allow you to automate security tasks and focus on security assessment without to know, where the tools are located and with parameters are required.\n\nFeatures:\n\n- Automation of your security checks\n- Perform project based security assessments\n- TMP provides a full set of required tools on any linux distribution\n - local installation of required tools, you can easy extend missing tools\n - installation of required APKs on your devices \n- ADB is included\n- Switch WI-FI proxy on your device (e.g. Burp Proxy)\n- Show colored logcat output with special highlighting\n- Install and run frida server on your device\n- Dump application memory\n- Analyse source code using several decompilers\n- Backup and dump you application data from device. Even if backup is disabled.\n- Disable SSL pinning\n- Disable root detection\n- Start security tools from one place\n\nlist of available tools:\n * MobSF [ Mobile Security Framework (MobSF) ]\n * RMS [ Runtime Mobile Security (RMS) ]\n * objection [ Runtime Mobile Exploration Toolkit ]\n * jadx [ Dex to Java decompiler ]\n * jd-gui [ Java Decompiler, dex2jar required ]\n * luyten [ Java Decompiler Gui for Procyon ]\n * sqlitestudio [ Multi-platform SQLite database manager ]\n * pidcat [ excellent logcat color script ]\n * pidcat-ex [ PID Cat (extended version) ]\n * adus [ Bash script to dump, build and sign apk ]\n * fridump [ Memory dumping tool uring frida ]\n * adb [ Android Debug Bridge (adb) ]\n * aapt [ Android Asset Packaging Tool ]\n * abe [ Android backup extractor, android:allowBackup=\"true\" required ]\n * signapk [ sign an apk with the Android test certificate ]\n * apktool [ A tool for reverse engineering Android apk files ]\n * dex2jar [ Convert the Dalvik Executable (.dex) file to jar ]\n * janus [ scans an APK and an Android device for CVE-2017\u201313156 ]\n * linux-router \t [ Set Linux as router in one command. Able to provide Internet, or create WiFi hotspot ]\n * scrcpy \t [ Application mirrors Android devices (video and audio) connected via USB ]\n\n\n\nThe mobile pentest toolkit (MPT) was presented on conference OWASP Bucharest AppSec 2018.\n\n* [Tales of Practical Android Penetration Testing\n(Mobile Pentest Toolkit)](https://www.owasp.org/images/4/4b/OWASP-Tales-of-practical-penetration-testing.pdf)\n\n# Installation\n\n## Installation using PIPX (preferred installation method)\n```\npipx install mptsec\n\n# alternative way install from a public repository\npipx install git+https://github.com/ByteSnipers/mobile-pentest-toolkit --include-deps\n```\n\n### 1. if required install pipx\n```\n# Python (pip)\npython3 -m pip install --user pipx\n\n# Debian/Ubuntu/Kali\nsudo apt update\nsudo apt install python-pipx\n\n# Fedora/Red Hat\nsudo dnf install pipx\n\n# Arch Linux/Black Arch\nsudo pacman -S python-pipx\n\n# openSUSE\nsudo zypper install python-pipx\n```\n### 2. ensure pipx path is set correctly \nThe pipx ensurepath command is used to ensure that the directory containing pipx's installed binaries is included in your system's `PATH` environment variable. \n```\npipx ensurepath\n```\n\n## Installation using PIP\n```\npip install mptsec\n```\nIf `pip install mptsec` fails, you can isolate the installation using a virtual environment (venv) to avoid system-level conflicts.\n```\npython3 -m venv venv\nsource venv/bin/activate\npip install mptsec\n```\n\n# Update\n\n### Update using PIPX\n```\npipx install git+https://github.com/ByteSnipers/mobile-pentest-toolkit --include-deps --force\n```\n### Update using MPT\n```\nmpt --update\n```\n\n# Uninstallation\n### Uninstall using PIPX\n```\npipx uninstall mptsec\n```\n\n### Uninstall using PIP\n```\npip uninstall mptsec\n```\n\n\n# Configuration\n\n### Alias pentest-dir\n\nYou can set this alias to quickly and easily navigate to your project directory based on the configuration in the `settings.json` file. Here\u2019s how you can do it:\n\n#### Adding the Alias to `.bashrc` or `.zshrc`\nRun the following command to add the alias to your `.bashrc` file:\n\n```\necho '\\n# mpt alias\\nalias pentest-dir=\"cd $(cat /home/$USER/.mpt/settings.json | grep pentest-dir | awk -F'\\''\\\\\"'\\'' '\\''{print $4}'\\'') && ls -l\"' >> ~/.bashrc\n\n```\nYou can also add a new alias manually to your `.bashrc` file:\n \n\n```\nalias pentest-dir=\"cd $(cat /home/$USER/.mpt/settings.json | grep pentest-dir | awk -F'\\\"' '{print $4}') && ls -l\"\n\n```\n\n#### Activating the Alias:\nAfter adding the alias, reload your .bashrc file to make it immediately available or open a new terminal window\n\n```\nsource ~/.bashrc\n```\n\n### Install zsh plugin (autocomplete support) - Outdated \n\n:warning: You need to install [Oh My ZSH](https://github.com/robbyrussell/oh-my-zsh)\n\n:warning: The command line options has not been updated for a while and does not match with the latest version. PRs are welcome\n\n```\ncp -r mpt/mpt-zsh-plugin/ ~/.oh-my-zsh/plugins/mpt\n\n```\nEnable MPT plugin in `.zshrc` by adding the fooling line `plugins=(mpt)`\n\n\n# Start New Project\n\n1) Setup pentest environment and install required tools\n\n```\nmpt --install-tools\n```\n\n2) Setup a new pentest project\n\n```\nmpt --setup <apk-file>\n```\n\n\n# Usage\n```\nmpt.py <command> [options]\n\noptions:\n -h, --help show this help message and exit\n --update Update MPT to the latest version\n\nPentest:\n Configure and manage current pentest\n\n --setup [APK] Setup pentest environment\n --config Show current pentest config\n\nFrida:\n Run frida server and execute frida scripts\n\n -f, --frida Run frida server on the device\n -fs, --frida-select-version\n Run frida server on the device (select frida version)\n\n -s [package-name], --ssl-pinning [package-name]\n Disable SSL Pinning (<package name> optional)\n -r [package-name], --root-detection [package-name]\n Disable Root Detection (<package name> optional)\n\nApplication:\n Perform app related tasks\n\n -l [all], --list-packages [all]\n Show all installed packages (use option 'all' to display system apps)\n -p [package-name], --pidcat [package-name]\n Show colored logcat for a specific application (<package name> optional)\n -st, --screenshot Take a screenshot from device screen\n -sc, --screen-copy Mirrors Android device screen connected via USB to host (scrcpy)\n -D, --fridump Dump application memory\n -b [package-name], --backup [package-name]\n Backup an android application (<package name> optional)\n -d [decompiler], --decompile [decompiler]\n Start java decompiler for source code analysis (<decompiler> optional): jadx(default), jd-gui, luyten\n\nTools:\n Install and run pentest tools on your host\n\n -tl, --tool-list Show all supported tools\n -t tool [tool ...], --tool tool [tool ...]\n Run selected tool with <arguments> (use option 'list' to display all tools)\n -i, --install-tools Install pentesting tools on local system in a separate environment\n -a, --adb-run Start adb server with root to avoid a lot of issues using adb\n\nProxy and WiFi:\n Manage proxy on device and WiFi settings locally\n\n -ps, --proxy-status Check WiFi proxy status\n -pe [host:port], --proxy-enable [host:port]\n Set proxy for WiFi connection on your device (optional <host:port>), if not set loads proxy settings from configuration file\n -pd, --proxy-disable Disable WiFi proxy\n -ap, --access-point Create an Hotspot which connected to internet and can be used for Burp proxy\n\n```\n\n## License\n[GNU GPL v3](LICENSE) \u00a9[@bytesnipers](https://bytesnipers.com)\n",
"bugtrack_url": null,
"license": null,
"summary": "Mobile Pentest Toolkit (MPT)",
"version": "0.7.53",
"project_urls": {
"Changelog": "https://github.com/ByteSnipers/mobile-pentest-toolkit/blob/master/CHANGELOG.md",
"Homepage": "https://github.com/ByteSnipers/mobile-pentest-toolkit",
"Repository": "https://github.com/ByteSnipers/mobile-pentest-toolkit"
},
"split_keywords": [
"mpt",
" mobile",
" pentesting"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "ddec81da4e9b888ead1d471d12bf0cc83049b7f160b1964d8fe9d6148112f2b7",
"md5": "14752f5342e84e9432ddf5aef52596ee",
"sha256": "37c021d105c0a86858a6e7ddc9289ff618134474c82034e6d1f8def975f1c6cb"
},
"downloads": -1,
"filename": "mptsec-0.7.53-py3-none-any.whl",
"has_sig": false,
"md5_digest": "14752f5342e84e9432ddf5aef52596ee",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 51282,
"upload_time": "2025-01-25T12:04:28",
"upload_time_iso_8601": "2025-01-25T12:04:28.577801Z",
"url": "https://files.pythonhosted.org/packages/dd/ec/81da4e9b888ead1d471d12bf0cc83049b7f160b1964d8fe9d6148112f2b7/mptsec-0.7.53-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "bd66c63abba873cab02cde08ac232ef204df349ded3d35da261b3f4ebaa30fec",
"md5": "bfb920312c78e38a3dbd7abd793bbcb2",
"sha256": "fdbad2411001e5d7d98f0d01a3383fdf258500771be4619d2a8e439c3760e5e5"
},
"downloads": -1,
"filename": "mptsec-0.7.53.tar.gz",
"has_sig": false,
"md5_digest": "bfb920312c78e38a3dbd7abd793bbcb2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 53603,
"upload_time": "2025-01-25T12:04:30",
"upload_time_iso_8601": "2025-01-25T12:04:30.225788Z",
"url": "https://files.pythonhosted.org/packages/bd/66/c63abba873cab02cde08ac232ef204df349ded3d35da261b3f4ebaa30fec/mptsec-0.7.53.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-25 12:04:30",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ByteSnipers",
"github_project": "mobile-pentest-toolkit",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "GitPython",
"specs": []
},
{
"name": "colorlog",
"specs": []
},
{
"name": "colorama",
"specs": []
},
{
"name": "tabulate",
"specs": []
},
{
"name": "frida-tools",
"specs": []
},
{
"name": "simple-term-menu",
"specs": []
},
{
"name": "netifaces",
"specs": []
},
{
"name": "poetry",
"specs": []
}
],
"lcname": "mptsec"
}
JSON
