ワンクリックでManusで任意のスキルを実行

$pwd:

mobile-overview

Name: Mobile Overview
Author: PurpleAILAB

// Use when the engagement target is an Android (APK / AAB) or iOS (IPA) application. Covers static analysis (jadx, apktool, class-dump), dynamic instrumentation via Frida and Objection, SSL-pinning bypass, root/jailbreak detection bypass, deep-link / URL-scheme abuse, exported-component attacks, IPC redirection, WebView vulnerabilities, and biometric / Face ID / Touch ID bypass.

Manusで実行

$ git log --oneline --stat

stars:4,187

forks:826

updated:2026年5月28日 10:40

ファイルエクスプローラー

3 ファイル

SKILL.md

readonly

name	mobile-overview
description	Use when the engagement target is an Android (APK / AAB) or iOS (IPA) application. Covers static analysis (jadx, apktool, class-dump), dynamic instrumentation via Frida and Objection, SSL-pinning bypass, root/jailbreak detection bypass, deep-link / URL-scheme abuse, exported-component attacks, IPC redirection, WebView vulnerabilities, and biometric / Face ID / Touch ID bypass.
metadata	{"subdomain":"mobile","tags":"mobile, android, ios, frida, objection, ssl-pinning, jadx, apktool","mitre_attack":"T1635, T1623, T1517, T1521, T1517.001"}

Mobile Operator Skill Catalog

Mobile is 40% of modern bug-bounty programs and is conspicuously absent from Strix and XBOW commercial. This catalog covers both platforms with shared Frida tooling for runtime work.

Playbooks — Android

Skill	Use for
`/skills/standard/mobile/android/apk-triage/SKILL.md`	apktool decode + jadx -d for source recovery
`/skills/standard/mobile/android/manifest-analysis/SKILL.md`	exported components, permissions, deeplinks
`/skills/standard/mobile/android/insecure-storage/SKILL.md`	SharedPreferences / SQLite / external storage scans
`/skills/standard/mobile/android/intent-redirection/SKILL.md`	Intent forwarding / pendingIntent abuse
`/skills/standard/mobile/android/webview-flaws/SKILL.md`	JavaScriptInterface, file:// access, mixed content
`/skills/standard/mobile/android/frida-ssl-pin-bypass/SKILL.md`	OkHttp / TrustKit / Cordova pin-bypass scripts
`/skills/standard/mobile/android/root-detect-bypass/SKILL.md`	Common root-detection libraries and their bypasses

Playbooks — iOS

Skill	Use for
`/skills/standard/mobile/ios/ipa-triage/SKILL.md`	class-dump-z + Hopper; Mach-O headers; entitlements
`/skills/standard/mobile/ios/keychain-acl/SKILL.md`	Keychain ACL misconfigurations; `kSecAccessControl` flags
`/skills/standard/mobile/ios/url-scheme-abuse/SKILL.md`	Universal links + URL scheme handler attacks
`/skills/standard/mobile/ios/xpc-services/SKILL.md`	XPC interface enumeration; unauthenticated XPC services
`/skills/standard/mobile/ios/frida-trust-killer/SKILL.md`	SSL Kill Switch + Frida pin-bypass for iOS apps
`/skills/standard/mobile/ios/jailbreak-detect-bypass/SKILL.md`	DTAppJailbreakDetectorSwift, Liberty Lite, common patterns

Cross-platform

Skill	Use for
`/skills/standard/mobile/frida-bridge/SKILL.md`	frida-server install on emulator / jailbroken device; basic scripts
`/skills/standard/mobile/objection-walkthrough/SKILL.md`	Objection cheatsheet (env, memory, sqlite, classes)
`/skills/standard/mobile/firebase-misconfig/SKILL.md`	Firebase /Firestore RLS / Storage / Auth bypasses
`/skills/standard/mobile/mobile-api-testing/SKILL.md`	Burp / Caido proxy → mobile API endpoint enumeration

Workflow

Triage: jadx for Android, class-dump for iOS. Search strings for API endpoints, Firebase config, AWS keys.
Static: AndroidManifest.xml exported components; iOS Info.plist URL schemes + entitlements.
Dynamic setup: Frida server on a rooted emulator (Android) or jailbroken physical device (iOS); Objection for quick inspection.
SSL pin bypass: Frida script; verify HTTPS now visible in Burp.
API enumeration: re-route the app through the proxy; spider reachable endpoints; export to Burp project for later web-recon-style testing.
Insecure storage: pull /data/data/<pkg>/ (Android) or app container (iOS); grep for credentials, tokens, PII.
Component-level attacks: send crafted Intents (adb shell am start ...) or URL-scheme payloads (xcrun simctl openurl ...).

Tools sandbox

adb + emulator / physical device.
jadx, apktool, dex2jar, jd-gui.
class-dump, Hopper Disassembler, IDA Free (host-side).
Frida-server (per device), frida (host), objection.
mitmproxy / Burp Suite Community / Caido (PR #304 lands the LangChain Caido tool bundle).
MobSF (mobsf Docker image) for automated triage when speed matters.

related-skills.json

同じリポジトリ

dfir-overview.md

from "PurpleAILAB/Decepticon"

Use to close the Offensive Vaccine loop on the defender side. The Detector agent produces Sigma / YARA rules from offensive operations; this catalog validates those rules against real memory dumps, event logs, and forensic artifacts using Volatility 3, plaso, and sigma-cli. Without this catalog, detection rules are theoretical.

2026-05-284.2k

ics-overview.md

from "PurpleAILAB/Decepticon"

Use when the target is an industrial control system or operational technology network running Modbus, BACnet, S7Comm/S7Comm Plus, DNP3, OPC-UA, or any PLC/HMI/SCADA stack. Engagements MUST set RoE flag industrial_safety_critical=true; this catalog gates every write-scope operation behind explicit operator confirmation regardless of HITL middleware.

2026-05-284.2k

iot-overview.md

from "PurpleAILAB/Decepticon"

Use when the engagement target is IoT, embedded Linux, RTOS, or any device reachable via UART/JTAG/SWD or by extracting its firmware. Covers firmware acquisition, binwalk extraction, filesystem mounting, default-credential hunting, bootloader attacks, wireless protocol sidebands (BLE, Zigbee, Z-Wave, LoRaWAN, sub-GHz).

2026-05-284.2k

osint-overview.md

from "PurpleAILAB/Decepticon"

Use when the engagement requires passive reconnaissance only — no packets to the target's authoritative infrastructure. Splits off from the Recon agent so bug-bounty and pre-engagement work can run with outbound-only network policy. Maltego, Shodan, Censys, Hunter.io, breach-data lookups, GitHub code search, Wayback Machine archives, certificate transparency, BGP/ASN mapping.

2026-05-284.2k

phish-overview.md

from "PurpleAILAB/Decepticon"

Use ONLY when the engagement's ConOps explicitly declares phishing_engagement=true. Covers GoPhish campaign management, Evilginx2 reverse-proxy MFA bypass, Modlishka live credential capture, and the deconfliction handshake with SOC / incident response.

2026-05-284.2k

supply-chain-overview.md

from "PurpleAILAB/Decepticon"

Use when the engagement scope includes supply-chain attack simulation — typosquatted package publication, dependency confusion, GitHub Actions secret mining, internal mirror poisoning, OAuth-app impersonation, or vendor portal credential abuse.

2026-05-284.2k

package.json

"author": "PurpleAILAB"

"repository": "PurpleAILAB/Decepticon"

GitHub リポジトリを開く Creator のリポジトリを見る

$ install --global

$ download --local

Manusで実行

$ useful --forSOC

情報セキュリティアナリストコンピュータ・数学職15-1212L4

name	mobile-overview
description	Use when the engagement target is an Android (APK / AAB) or iOS (IPA) application. Covers static analysis (jadx, apktool, class-dump), dynamic instrumentation via Frida and Objection, SSL-pinning bypass, root/jailbreak detection bypass, deep-link / URL-scheme abuse, exported-component attacks, IPC redirection, WebView vulnerabilities, and biometric / Face ID / Touch ID bypass.
metadata	{"subdomain":"mobile","tags":"mobile, android, ios, frida, objection, ssl-pinning, jadx, apktool","mitre_attack":"T1635, T1623, T1517, T1521, T1517.001"}

Mobile Operator Skill Catalog

Mobile is 40% of modern bug-bounty programs and is conspicuously absent from Strix and XBOW commercial. This catalog covers both platforms with shared Frida tooling for runtime work.

Playbooks — Android

Skill	Use for
`/skills/standard/mobile/android/apk-triage/SKILL.md`	apktool decode + jadx -d for source recovery
`/skills/standard/mobile/android/manifest-analysis/SKILL.md`	exported components, permissions, deeplinks
`/skills/standard/mobile/android/insecure-storage/SKILL.md`	SharedPreferences / SQLite / external storage scans
`/skills/standard/mobile/android/intent-redirection/SKILL.md`	Intent forwarding / pendingIntent abuse
`/skills/standard/mobile/android/webview-flaws/SKILL.md`	JavaScriptInterface, file:// access, mixed content
`/skills/standard/mobile/android/frida-ssl-pin-bypass/SKILL.md`	OkHttp / TrustKit / Cordova pin-bypass scripts
`/skills/standard/mobile/android/root-detect-bypass/SKILL.md`	Common root-detection libraries and their bypasses

Playbooks — iOS

Skill	Use for
`/skills/standard/mobile/ios/ipa-triage/SKILL.md`	class-dump-z + Hopper; Mach-O headers; entitlements
`/skills/standard/mobile/ios/keychain-acl/SKILL.md`	Keychain ACL misconfigurations; `kSecAccessControl` flags
`/skills/standard/mobile/ios/url-scheme-abuse/SKILL.md`	Universal links + URL scheme handler attacks
`/skills/standard/mobile/ios/xpc-services/SKILL.md`	XPC interface enumeration; unauthenticated XPC services
`/skills/standard/mobile/ios/frida-trust-killer/SKILL.md`	SSL Kill Switch + Frida pin-bypass for iOS apps
`/skills/standard/mobile/ios/jailbreak-detect-bypass/SKILL.md`	DTAppJailbreakDetectorSwift, Liberty Lite, common patterns

Cross-platform

Skill	Use for
`/skills/standard/mobile/frida-bridge/SKILL.md`	frida-server install on emulator / jailbroken device; basic scripts
`/skills/standard/mobile/objection-walkthrough/SKILL.md`	Objection cheatsheet (env, memory, sqlite, classes)
`/skills/standard/mobile/firebase-misconfig/SKILL.md`	Firebase /Firestore RLS / Storage / Auth bypasses
`/skills/standard/mobile/mobile-api-testing/SKILL.md`	Burp / Caido proxy → mobile API endpoint enumeration

Workflow

Triage: jadx for Android, class-dump for iOS. Search strings for API endpoints, Firebase config, AWS keys.
Static: AndroidManifest.xml exported components; iOS Info.plist URL schemes + entitlements.
Dynamic setup: Frida server on a rooted emulator (Android) or jailbroken physical device (iOS); Objection for quick inspection.
SSL pin bypass: Frida script; verify HTTPS now visible in Burp.
API enumeration: re-route the app through the proxy; spider reachable endpoints; export to Burp project for later web-recon-style testing.
Insecure storage: pull /data/data/<pkg>/ (Android) or app container (iOS); grep for credentials, tokens, PII.
Component-level attacks: send crafted Intents (adb shell am start ...) or URL-scheme payloads (xcrun simctl openurl ...).

Tools sandbox

adb + emulator / physical device.
jadx, apktool, dex2jar, jd-gui.
class-dump, Hopper Disassembler, IDA Free (host-side).
Frida-server (per device), frida (host), objection.
mitmproxy / Burp Suite Community / Caido (PR #304 lands the LangChain Caido tool bundle).
MobSF (mobsf Docker image) for automated triage when speed matters.

mobile-overview

Mobile Operator Skill Catalog

Playbooks — Android

Playbooks — iOS

Cross-platform

Workflow

Tools sandbox

このリポジトリの他の Skills

Mobile Operator Skill Catalog

Playbooks — Android

Playbooks — iOS

Cross-platform

Workflow

Tools sandbox

このリポジトリの他の Skills