Setup Android Pentesting Environment on Debian Linux
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
This guide covers setting up a mobile testing environment, including installation of Genymotion, Frida, Drozer, APK Signer, Medusa, and Jadx. Each tool is critical for analyzing and testing Android applications in a controlled, virtual environment.
sudo apt update
sudo apt install default-jre
sudo apt install default-jdkGenymotion is a powerful Android emulator ideal for penetration testing.
Download Genymotion: Genymotion Official Website
Install: Follow the installation wizard for your operating system.
Create Android Virtual Devices (AVDs): Open Genymotion and add a virtual device by selecting a specific Android version and device model.
Python is essential for Frida, and most Debian-based systems come with it pre-installed. To verify and install Python if necessary, follow these steps:
python3 --versionIf not installed, use:
sudo apt update
sudo apt install -y python3 python3-pip
sudo apt install python3.12-venvmkdir -p ~/.venvs
python3 -m venv ~/.venvs/frida-env
source ~/.venvs/frida-env/bin/activate
pip install Frida
pip install frida-toolsadb shell getprop ro.product.cpu.abi # result should be x86
wget https://github.com/frida/frida/releases/download/12.7.20/frida-server-12.7.20-android-x86.xz
unxz frida-server-12.7.20-android-x86.xz
mv frida-server-12.7.20-android-x86 frida-serveradb push ~/Downloads/cacert.cer /data/local/tmp/cert-der.crt
adb push ~/Downloads/cacert.cer /sdcard/Download/cacert.cer
adb push ~/Downloads/frida-server /data/local/tmp
adb shell chmod 777 /data/local/tmp/frida-server
adb shell /data/local/tmp/frida-server &Proxy Listener
Proxy settings for WiFi
Install Certificate
Drozer is a useful Android security framework for penetration testing.
wget https://github.com/WithSecureLabs/drozer/releases/download/3.0.1/drozer-3.0.1-py3-none-any.whl
mkdir -p ~/.venvs
python3 -m venv ~/.venvs/drozer
~/.venvs/drozer/bin/python -m pip install drozer-3.0.1-py3-none-any.whl
pip install drozer-3.0.1-py3-none-any.whl
source ~/.venvs/drozer/bin/activate
pip install distro
~/.venvs/drozer/bin/drozerTo use drozer globally, add an alias in your shell configuration file (~/.zshrc or ~/.bashrc):
alias drozer="~/.venvs/drozer/bin/drozer"Then, reload your shell configuration with source ~/.zshrc or source ~/.bashrc.
# Download the latest release
wget https://github.com/skylot/jadx/releases/latest/download/jadx-*.zip
# Unzip the downloaded file
unzip jadx-*.zip
# Move the extracted directory to a known location (e.g., ~/bin/jadx)
mv jadx-* ~/bin/jadx
# Make sure they are in bin/ diredctory and the lib/ directory is in the home directoryDownload the Linux wrapper script. (Right click, Save Link As apktool)
Download the latest version of Apktool.
Rename the downloaded jar to apktool.jar.
Move both apktool.jar and apktool to /usr/local/bin. (root needed)
Make sure both files are executable. (chmod +x)
Try running apktool via CLI.
# Download APKTool
wget https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool
# Make it executable
chmod +x apktool
# Move it to a known location (e.g., ~/bin/apktool)
mv apktool ~/bin/apktool
# Download the APKTool jar file
wget https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.10.0.jar -O ~/bin/apktool.jar# Download Dex2Jar
wget https://github.com/pxb1988/dex2jar/releases/download/v2.4/dex-tools-v2.4.zip
# Unzip the downloaded file
unzip dex-tools-v2.4.zip
# Move the extracted directory to a known location (e.g., ~/bin/dex2jar)
mv dex-tools-v2.4/ ~/bin/dex2jarAPK Signer is required to sign APKs. It comes with the Android SDK’s build tools, so you need to install android-sdk to access it.
Install the Android SDK and APK Signer:
sudo apt update
sudo apt install -y android-sdkSign an APK:
c sign --ks my-release-key.jks --out signed.apk unsigned.apkReplace my-release-key.jks with your keystore file and unsigned.apk with the file you want to sign.
