whatisgithub

What is selimdroid?

selimwdev/selimdroid — explained in plain English

Analysis updated 2026-05-18

16JavaScriptAudience · researcherComplexity · 4/5LicenseSetup · hard

In one sentence

SelimDroid is an open source tool that automatically tests running Android apps for security weaknesses like data leaks, weak session handling, and SSL pinning gaps.

Mindmap

mindmap
  root((SelimDroid))
    What it does
      Dynamic security scans
      Runtime analysis
      Automated bypass checks
    Tech stack
      Python
      Frida
      ADB
    Use cases
      Pentesting
      Security research
      App audits
    Audience
      Security researchers
      Pentesters
    Requirements
      Rooted device
      Frida server
      Python 3.9+

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run automated dynamic security scans on Android apps you are authorized to test

USE CASE 2

Check whether sensitive data leaks through logs, clipboard, or insecure storage

USE CASE 3

Test whether an app's session data is properly cleared after logout

USE CASE 4

Bypass SSL pinning and root detection to evaluate an app's runtime defenses

What is it built with?

PythonFridaADB

How does it compare?

selimwdev/selimdroidakaakshat246/ecoscore-browser-extensionandrelog99/dam
Stars161616
LanguageJavaScriptJavaScriptJavaScript
Setup difficultyhardhardeasy
Complexity4/53/52/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires a rooted Android device or emulator plus a running Frida server.

Use, modify, and distribute freely, including commercially, as long as you keep the copyright notice.

So what is it?

SelimDroid is an open source security testing tool built for Android apps. It falls into a category called DAST, which stands for Dynamic Application Security Testing: instead of just reading an app's code, it watches and interacts with the app while it is actually running on a phone or emulator. The tool connects to a rooted Android device using ADB (Android Debug Bridge) and Frida, a runtime instrumentation toolkit that lets it hook into a live app and inspect what it is doing. Once connected, SelimDroid runs a series of automated checks: it looks for sensitive data stored insecurely in local databases or shared preferences, scans system logs and the clipboard for leaked information, tests whether the app properly detects rooted devices, and attempts to bypass SSL pinning, a common defense against network traffic interception. It also checks exported app components, content providers, and WebViews for common security holes. A notable feature is its post logout validation: after a user logs out of the tested app, SelimDroid checks whether session tokens, cached data, and database records were actually cleared, rather than assuming the logout worked. Some checks need the person running the scan to interact with the app directly, such as logging in, copying something to the clipboard, or moving through a WebView, the tool pauses and prompts for these actions when needed. After a scan finishes, SelimDroid produces a single combined report listing everything it found, saved to a reports folder. To run it, you need Python 3.9 or newer, Frida and its server component, ADB, and a rooted Android device or emulator with USB debugging turned on. This is a specialist tool aimed at security researchers and penetration testers, not general app developers. The author states it is meant only for authorized testing, security research, and educational use, and should not be run against apps or systems without permission.

Copy-paste prompts

Prompt 1
Walk me through setting up Frida server and ADB so I can run SelimDroid against a test Android app
Prompt 2
Explain what SelimDroid's post logout validation checks for and why it matters
Prompt 3
Help me interpret a SelimDroid security report and prioritize which findings to fix first
Prompt 4
What does SSL pinning bypass mean and how does SelimDroid test for it

Frequently asked questions

What is selimdroid?

SelimDroid is an open source tool that automatically tests running Android apps for security weaknesses like data leaks, weak session handling, and SSL pinning gaps.

What language is selimdroid written in?

Mainly JavaScript. The stack also includes Python, Frida, ADB.

What license does selimdroid use?

Use, modify, and distribute freely, including commercially, as long as you keep the copyright notice.

How hard is selimdroid to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is selimdroid for?

Mainly researcher.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.