Fausto-404

Fausto-404 / ai-mobile-reverse-skills

Public

面向移动安全分析场景的 6 阶段总控 Skill。用于统一调度 APK 静态侦察、流量与代码对齐、SO/JNI 深度分析、加密与漏洞综合分析、验证设计与报告交付流程。支持 JADX MCP、Burp/Yakit MCP、IDA/Ghidra MCP。

xz.aliyun.comnews92020 android-reverse-engineering burp ghhidra ida jadx
15
0
100% credibility
Found Apr 23, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A structured toolkit with guides, scripts, and templates for analyzing Android mobile apps through six phases of security review, from static scanning to report generation.

How It Works

1
🔍 Discover the toolkit

You find a helpful collection of guides and tools to check mobile apps for security weak spots.

2
📱 Prepare your app files

You unpack the mobile app into a simple folder so you can look inside its contents easily.

3
Choose your speed
🐌
Step by step

Take time to review results after each check before moving on.

🚀
Automatic flow

Let the process handle most steps smoothly without pausing.

4
🔎 Scan app basics

Start by spotting key parts like connections, hidden codes, and safety checks inside the app.

5
📊 Map traffic and deep dive

Link captured network activity to code, explore hidden native parts, and uncover risks – the magic happens here!

6
🧪 Design safe tests

Create simple ways to verify issues in a controlled space without real harm.

📈 Get your security report

Receive a clear summary of findings, risks, and next steps to make the app safer.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ai-mobile-reverse-skills?

This Python-based skill orchestrates a 6-phase workflow for Android APK security analysis, handling static recon, traffic-code alignment, native SO/JNI deep dives, crypto/vuln hunting, POC validation, and report generation. It solves the chaos of manual mobile reverse engineering by chaining tools like JADX for decomp, Burp/Yakit for traffic, and IDA/Ghidra for binaries via MCP integrations. Users get structured JSON outputs, Frida bypass templates, and automated Ghidra imports—turning scattered APK skill jobs into a repeatable pipeline.

Why is it gaining traction?

In the github skill directory and marketplace, it stands out by blending local Python scripts for endpoint/secret scanning with AI agents for semantic analysis, supporting step-by-step or auto-chain modes without full MCP dependency. Developers grab it for quick wins like env guard reports or native target resolution, skipping boilerplate in skill apk download workflows. The Frida templates and POC generators make crash skill apk testing feasible even in authorized envs.

Who should use this?

Mobile pentesters dissecting skill game apk downloads or skill cash apk for weak crypto/JNI. Reverse engineers targeting skill clash apk or skill ludo apk with heavy native logic, using jadx/Burp flows. Teams in github skill agent setups like claude/copilot needing apk skill job automation over ad-hoc scripts.

Verdict

Solid niche tool for structured APK reveng, with clear docs and runnable scripts despite 15 stars and 1.0% credibility score—maturity is early, so pair with manual review. Worth forking if you're in mobile security; test on a skill tree apk first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.