Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to observe application behavior during execution, intercept function calls, modify runtime values, and identify vulnerabilities that static analysis misses. Use when testing Android apps for runtime security flaws, hooking sensitive methods, bypassing client-side protections, or analyzing obfuscated applications. Activates for requests involving Android dynamic analysis, runtime hooking, Frida Android instrumentation, or live app behavior analysis.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionperforming-dynamic-analysis-of-android-appExecute the skills CLI command in your project's root directory to begin installation:
Fetches performing-dynamic-analysis-of-android-app from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate performing-dynamic-analysis-of-android-app. Access via /performing-dynamic-analysis-of-android-app in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Quickly understand datasets, identify patterns, and generate insights
Example
Analyze CSV with 100K rows, identify outliers, visualize correlations, suggest hypotheses
Reduce EDA time from hours to minutes, uncover insights faster
Write scripts to clean messy data, handle missing values, normalize formats
Example
Generate Python/SQL to fix date formats, impute missing values, remove duplicates
Automate 80% of data preprocessing work
Perform hypothesis testing, regression, and statistical modeling
Example
Run A/B test analysis, calculate confidence intervals, interpret p-values
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | performing-dynamic-analysis-of-android-app |
| description | 'Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to observe application behavior during execution, intercept function calls, modify runtime values, and identify vulnerabilities that static analysis misses. Use when testing Android apps for runtime security flaws, hooking sensitive methods, bypassing client-side protections, or analyzing obfuscated applications. Activates for requests involving Android dynamic analysis, runtime hooking, Frida Android instrumentation, or live app behavior analysis. ' |
| domain | cybersecurity |
| subdomain | mobile-security |
| author | mahipal |
| tags | - mobile-security - android - frida - dynamic-analysis - owasp-mobile - penetration-testing |
| version | 1.0.0 |
| license | Apache-2.0 |
| nist_csf | - PR.PS-01 - PR.AA-05 - ID.RA-01 - DE.CM-09 |
Use this skill when:
Do not use this skill on production environments without authorization -- dynamic instrumentation can alter app behavior and trigger security alerts.
frida-tools and objection packages# Check device architecture
adb shell getprop ro.product.cpu.abi
# Output: arm64-v8a
# Download matching Frida server from GitHub releases
# https://github.com/frida/frida/releases
# Push to device
adb push frida-server-16.x.x-android-arm64 /data/local/tmp/frida-server
adb shell chmod 755 /data/local/tmp/frida-server
adb shell /data/local/tmp/frida-server &
# Verify Frida connection
frida-ps -U
# List all packages
frida-ps -U -a
# Attach Objection for high-level exploration
objection --gadget com.target.app explore
# List activities, services, receivers
android hooking list activities
android hooking list services
android hooking list receivers
# List loaded classes
android hooking list classes
android hooking search classes com.target.app
# Hook all methods of a class
android hooking watch class com.target.app.auth.LoginManager
# Hook specific method with argument dumping
android hooking watch class_method com.target.app.auth.LoginManager.authenticate --dump-args --dump-return
# Hook crypto operations
android hooking watch class javax.crypto.Cipher --dump-args
android hooking watch class java.security.MessageDigest --dump-args
# Hook network calls
android hooking watch class okhttp3.OkHttpClient --dump-args
android hooking watch class java.net.URL --dump-args
// hook_crypto.js - Intercept encryption/decryption operations
Java.perform(function() {
var Cipher = Java.use("javax.crypto.Cipher");
Cipher.doFinal.overload("[B").implementation = function(input) {
var mode = this.getAlgorithm();
console.log("[Cipher] Algorithm: " + mode);
console.log("[Cipher] Input: " + bytesToHex(input));
var result = this.doFinal(input);
console.log("[Cipher] Output: " + bytesToHex(result));
return result;
};
function bytesToHex(bytes) {
var hex = [];
for (var i = 0; i < bytes.length; i++) {
hex.push(("0" + (bytes[i] & 0xFF).toString(16)).slice(-2));
}
return hex.join("");
}
});
# Execute custom Frida script
frida -U -f com.target.app -l hook_crypto.js --no-pause
// root_bypass.js - Common root detection bypass
Java.perform(function() {
// Bypass RootBeer library
var RootBeer = Java.use("com.scottyab.rootbeer.RootBeer");
RootBeer.isRooted.implementation = function() {
console.log("[RootBeer] isRooted() bypassed");
return false;
};
// Bypass generic file-based root checks
var File = Java.use("java.io.File");
var originalExists = File.exists;
File.exists.implementation = function() {
var path = this.getAbsolutePath();
var rootPaths = ["/system/app/Superuser.apk", "/system/xbin/su",
"/sbin/su", "/system/bin/su", "/data/local/bin/su"];
if (rootPaths.indexOf(path) >= 0) {
console.log("[Root] Blocked check for: " + path);
return false;
}
return originalExists.call(this);
};
// Bypass SafetyNet/Play Integrity
try {
var SafetyNet = Java.use("com.google.android.gms.safetynet.SafetyNetApi");
console.log("[SafetyNet] Class found - may need additional bypass");
} catch(e) {}
});
// network_monitor.js - Monitor all HTTP requests
Java.perform(function() {
// Hook OkHttp3
try {
var OkHttpClient = Java.use("okhttp3.OkHttpClient");
var Interceptor = Java.use("okhttp3.Interceptor");
var Chain = Java.use("okhttp3.Interceptor$Chain");
console.log("[OkHttp] Monitoring network requests...");
var Request = Java.use("okhttp3.Request");
Request.url.implementation = function() {
var url = this.url();
console.log("[OkHttp] URL: " + url.toString());
return url;
};
} catch(e) {
console.log("[OkHttp] Not found, trying HttpURLConnection");
}
// Hook HttpURLConnection
var URL = Java.use("java.net.URL");
URL.openConnection.overload().implementation = function() {
console.log("[URL] Opening: " + this.toString());
return this.openConnection();
};
});
# Using Objection for quick extraction
objection --gadget com.target.app explore
# Dump Android Keystore entries
android keystore list
android keystore dump
# Search heap for sensitive objects
android heap search instances com.target.app.model.User
android heap evaluate <handle> "JSON.stringify(clazz)"
# Memory string search
memory search "password" --string
memory search "api_key" --string
| Term | Definition |
|---|---|
| Dynamic Instrumentation | Modifying application behavior at runtime by injecting code into the running process |
| Method Hooking | Replacing or wrapping function implementations to intercept arguments and return values |
| Frida Server | Daemon running on the target device that receives instrumentation commands from the host |
| Dalvik/ART Runtime | Android runtime environments; Frida hooks at the ART level for Java/Kotlin methods |
| Heap Inspection | Examining live objects in the application's memory heap to extract runtime data |
/proc/self/maps. Use Frida Gadget injection or custom server builds.a.b.c.d()). Use android hooking search classes to discover actual runtime names.Java.enumerateLoadedClasses() after app is fully initialized.Get statistically sound analysis without PhD in statistics
Create charts, dashboards, and visual reports
Example
Generate matplotlib/seaborn code for time series plots, distribution charts, heatmaps
Build presentation-ready visualizations 3x faster
Prerequisites
Time Estimate
20-40 minutes to set up and run first analysis
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use for exploratory data analysis, data cleaning, statistical testing, visualization prototyping, and learning new analysis techniques. Best for initial exploration and rapid insights.
✗ Avoid when
Avoid for mission-critical financial analysis, medical research requiring regulatory compliance, production ML models, or when deep statistical expertise is required for nuanced interpretation.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
Solid pick for teams standardizing on skills: performing-dynamic-analysis-of-android-app is focused, and the summary matches what you get after install.
We added performing-dynamic-analysis-of-android-app from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
Registry listing for performing-dynamic-analysis-of-android-app matched our evaluation — installs cleanly and behaves as described in the markdown.
Keeps context tight: performing-dynamic-analysis-of-android-app is the kind of skill you can hand to a new teammate without a long onboarding doc.
performing-dynamic-analysis-of-android-app reduced setup friction for our internal harness; good balance of opinion and flexibility.
performing-dynamic-analysis-of-android-app is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
I recommend performing-dynamic-analysis-of-android-app for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Registry listing for performing-dynamic-analysis-of-android-app matched our evaluation — installs cleanly and behaves as described in the markdown.
performing-dynamic-analysis-of-android-app has been reliable in day-to-day use. Documentation quality is above average for community skills.
Useful defaults in performing-dynamic-analysis-of-android-app — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
showing 1-10 of 55