whatisgithub

What is apkshield-pt?

whitehat987/apkshield-pt — explained in plain English

Analysis updated 2026-05-18

21PythonAudience · developerComplexity · 4/5Setup · hard

In one sentence

A Python tool for authorized Android penetration testing that auto-detects and bypasses root detection and SSL pinning.

Mindmap

mindmap
  root((APKShield-PT))
    What it does
      Decompiles APKs
      Detects root checks
      Detects SSL pinning
      Generates Frida scripts
    Tech stack
      Python
      apktool
      jadx
      Frida
    Use cases
      Mobile security audits
      Bypass testing
      Automated report generation
    Audience
      Security testers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Automatically detect root detection code inside an Android APK during a security audit.

USE CASE 2

Generate ready-to-run Frida scripts that bypass only the specific SSL pinning found.

USE CASE 3

Produce an HTML and JSON report of a mobile app's security protections.

USE CASE 4

Use optional AI analysis to catch obfuscated or custom security checks.

What is it built with?

PythonapktooljadxFrida

How does it compare?

whitehat987/apkshield-pt0whitedev/detranspiler2951461586/mulerun-pool
Stars212121
LanguagePythonPythonPython
Setup difficultyhardhardmoderate
Complexity4/54/53/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Designed for Kali Linux with apktool, jadx, and Frida installed, only for authorized testing with written permission.

So what is it?

APKShield-PT is a Python tool for Android penetration testing, the practice of security professionals legally probing an app for vulnerabilities. It automates two specific tasks that are common in mobile security assessments: detecting and bypassing root detection, and detecting and bypassing SSL certificate pinning. Root detection is code inside an Android app that checks whether it's running on a rooted (jailbroken) device and refuses to work if so. SSL pinning is a security technique where an app only accepts a specific trusted certificate, preventing security researchers from intercepting its network traffic with a proxy. Both protections make security testing difficult, so bypassing them is a standard step in a security audit of a mobile app. The tool takes an Android APK file (an app package), decompiles it using apktool and jadx (two open-source Android reverse engineering tools), analyzes the Java source and bytecode for 14 categories of root detection patterns and 15 categories of SSL pinning patterns, then automatically generates Frida scripts targeting exactly what it found. Frida is a dynamic instrumentation toolkit, it injects code into a running app to modify its behavior at runtime. The generated scripts bypass only the specific protections detected, rather than using generic hooks. An optional AI analysis mode (using Anthropic's API) can find obfuscated or custom security checks that pattern matching might miss. The tool outputs an HTML and JSON report plus ready-to-run Frida script files. The tech stack is Python 3.10 or later and is designed for Kali Linux. It is intended only for authorized penetration testing with written permission. The full README is longer than what was provided.

Copy-paste prompts

Prompt 1
Run APKShield-PT against this APK and explain the root detection and SSL pinning patterns it found.
Prompt 2
Help me set up APKShield-PT with apktool, jadx, and Frida on Kali Linux.
Prompt 3
Show me how to use the Frida scripts APKShield-PT generated to bypass SSL pinning during testing.
Prompt 4
Enable APKShield-PT's optional AI analysis mode to catch custom security checks pattern matching missed.

Frequently asked questions

What is apkshield-pt?

A Python tool for authorized Android penetration testing that auto-detects and bypasses root detection and SSL pinning.

What language is apkshield-pt written in?

Mainly Python. The stack also includes Python, apktool, jadx.

How hard is apkshield-pt to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is apkshield-pt for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.