Android Testing Distributions to help with penetration testing

In this article we present a variety of Android Testing Distributions to help with penetration testing.


Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual Machine(VM) or dualboot.
It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android Security Analysis Tool and is a one stop answer for all the tools needed in Android Application Security Assessment, Android Forensics, Android Malware Analysis. Many tools are included as well as vulnerable applications to hone your skills


AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis. This contains tools like Frida Inject, ByteCodeViewer, Mobile Security Framework, APKtool, AndroidStudio IDE, Burpsuite, wireshark and other tools as well as vulnerable applications to hone your skills


Android Tamer is a Virtual / Live Platform for Android Security professionals. This Environment allows people to work on large array of android security related task’s ranging from Malware Analysis, Penetration Testing and Reverse Engineering.


AppUse is a VM (Virtual Machine) developed by AppSec Labs. It is a unique platform for mobile application security testing, Android and iOS applications and includes exclusive custom-made tools and scripts created by AppSec Labs. This is a commercial product and costs around $199


The MobiSec Live Environment Mobile Testing Framework project is a live environment for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities. The MobiSec Live Environment provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry­‐proven testing framework. Using a live environment provides penetration testers the ability to boot the MobiSec Live Environment on any Intel-­based system from a DVD or USB flash drive, or run the test environment within a virtual machine.


Santoku is dedicated to mobile forensics, analysis, and security, and packaged in an easy to use, Open Source platform.

Here is a list of the features

Mobile device emulators
Utilities to simulate network services for dynamic analysis
Decompilation and disassembly tools
Access to malware databases
Firmware flashing tools for multiple manufacturers
Imaging tools for NAND, media cards, and RAM
Free versions of some commercial forensics tools
Useful scripts and utilities specifically designed for mobile forensics
Decompilation and disassembly tools
Scripts to detect common issues in mobile applications
Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more


BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 2261 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. It contains 32 useful tools for mobile testing.


ANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!

ANDRAX enable to all Android device with root access enabled and a good unlocked rom become a weapon for advanced Penetration Testing.