一键在 Manus 中运行任何 Skill

mobile-overview

星标4,445

分支878

更新时间2026年6月2日 21:04

Use when the engagement target is an Android (APK / AAB) or iOS (IPA) application. Covers static analysis (jadx, apktool, class-dump), dynamic instrumentation via Frida and Objection, SSL-pinning bypass, root/jailbreak detection bypass, deep-link / URL-scheme abuse, exported-component attacks, IPC redirection, WebView vulnerabilities, and biometric / Face ID / Touch ID bypass.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

PurpleAILAB

PurpleAILAB/Decepticon

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Mobile Operator Skill Catalog

Mobile is 40% of modern bug-bounty programs and is conspicuously absent from Strix and XBOW commercial. This catalog covers both platforms with shared Frida tooling for runtime work.

Playbooks — Android

Skill	Use for
`/skills/standard/mobile/android/apk-triage/SKILL.md`	apktool decode + jadx -d for source recovery
`/skills/standard/mobile/android/manifest-analysis/SKILL.md`	exported components, permissions, deeplinks
`/skills/standard/mobile/android/insecure-storage/SKILL.md`	SharedPreferences / SQLite / external storage scans
`/skills/standard/mobile/android/intent-redirection/SKILL.md`	Intent forwarding / pendingIntent abuse
`/skills/standard/mobile/android/webview-flaws/SKILL.md`	JavaScriptInterface, file:// access, mixed content
`/skills/standard/mobile/android/frida-ssl-pin-bypass/SKILL.md`	OkHttp / TrustKit / Cordova pin-bypass scripts
`/skills/standard/mobile/android/root-detect-bypass/SKILL.md`	Common root-detection libraries and their bypasses

Playbooks — iOS

Skill	Use for
`/skills/standard/mobile/ios/ipa-triage/SKILL.md`	class-dump-z + Hopper; Mach-O headers; entitlements
`/skills/standard/mobile/ios/keychain-acl/SKILL.md`	Keychain ACL misconfigurations; `kSecAccessControl` flags
`/skills/standard/mobile/ios/url-scheme-abuse/SKILL.md`	Universal links + URL scheme handler attacks
`/skills/standard/mobile/ios/xpc-services/SKILL.md`	XPC interface enumeration; unauthenticated XPC services
`/skills/standard/mobile/ios/frida-trust-killer/SKILL.md`	SSL Kill Switch + Frida pin-bypass for iOS apps
`/skills/standard/mobile/ios/jailbreak-detect-bypass/SKILL.md`	DTAppJailbreakDetectorSwift, Liberty Lite, common patterns

Cross-platform

Skill	Use for
`/skills/standard/mobile/frida-bridge/SKILL.md`	frida-server install on emulator / jailbroken device; basic scripts
`/skills/standard/mobile/objection-walkthrough/SKILL.md`	Objection cheatsheet (env, memory, sqlite, classes)
`/skills/standard/mobile/firebase-misconfig/SKILL.md`	Firebase /Firestore RLS / Storage / Auth bypasses
`/skills/standard/mobile/mobile-api-testing/SKILL.md`	Burp / Caido proxy → mobile API endpoint enumeration

Workflow

Triage: jadx for Android, class-dump for iOS. Search strings for API endpoints, Firebase config, AWS keys.
Static: AndroidManifest.xml exported components; iOS Info.plist URL schemes + entitlements.
Dynamic setup: Frida server on a rooted emulator (Android) or jailbroken physical device (iOS); Objection for quick inspection.
SSL pin bypass: Frida script; verify HTTPS now visible in Burp.
API enumeration: re-route the app through the proxy; spider reachable endpoints; export to Burp project for later web-recon-style testing.
Insecure storage: pull /data/data/<pkg>/ (Android) or app container (iOS); grep for credentials, tokens, PII.
Component-level attacks: send crafted Intents (adb shell am start ...) or URL-scheme payloads (xcrun simctl openurl ...).

Tools sandbox

adb + emulator / physical device.
jadx, apktool, dex2jar, jd-gui.
class-dump, Hopper Disassembler, IDA Free (host-side).
Frida-server (per device), frida (host), objection.
mitmproxy / Burp Suite Community / Caido (PR #304 lands the LangChain Caido tool bundle).
MobSF (mobsf Docker image) for automated triage when speed matters.

同仓库更多 Skills

同仓库

decepticon

PurpleAILAB/Decepticon

Drive Decepticon — an autonomous multi-agent red-team framework — over MCP to run authorized penetration tests and bug-bounty engagements end to end, then watch and steer them live from chat. Launch an engagement against a target, poll its transcript to narrate progress, send messages to refocus it, and pull findings as SARIF. Use when the user asks to run a pentest/red-team engagement, hunt a bug bounty, do recon, exploit/scan a host, web app, API, network, cloud, Active Directory, mobile app, or smart contract WITH Decepticon — or to check/resume a running engagement or report what Decepticon found. Triggers: run a decepticon engagement, pentest this with decepticon, bug bounty, recon this target, red team this, scan this host, resume the engagement, what did decepticon find, decepticon status. Do NOT use for ad-hoc local tool runs (running nmap/sqlmap/ffuf directly) when no Decepticon server is involved — this drives the Decepticon orchestrator, not raw tools.

2026-06-164.4k

iot-security

PurpleAILAB/Decepticon

IoT device security reconnaissance — firmware extraction, embedded analysis, protocol identification, default credential checking, vulnerability scanning, device fingerprinting.

2026-06-154.4k

mobile-security

PurpleAILAB/Decepticon

Mobile application security reconnaissance — APK/IPA analysis, permission enumeration, certificate validation, hardcoded secret detection, insecure storage identification, network security analysis.

2026-06-154.4k

wireless-security

PurpleAILAB/Decepticon

Wireless network security reconnaissance — WiFi analysis, Bluetooth assessment, RFID/NFC evaluation, signal capture, protocol analysis, encryption testing, rogue device detection.

2026-06-154.4k

finding-protocol

PurpleAILAB/Decepticon

Operational-tier finding template — minimal fields for sub-agent decision support. Heavyweight deliverable promotion lives in skills/decepticon/final-report.

2026-06-124.4k

engagement-lifecycle

PurpleAILAB/Decepticon

Red team engagement lifecycle management — initiation, phase transitions, go/no-go gates, deconfliction, emergency procedures, completion.

2026-06-124.4k

name	mobile-overview
description	>

Mobile Operator Skill Catalog

Mobile is 40% of modern bug-bounty programs and is conspicuously absent from Strix and XBOW commercial. This catalog covers both platforms with shared Frida tooling for runtime work.

Playbooks — Android

Skill	Use for
`/skills/standard/mobile/android/apk-triage/SKILL.md`	apktool decode + jadx -d for source recovery
`/skills/standard/mobile/android/manifest-analysis/SKILL.md`	exported components, permissions, deeplinks
`/skills/standard/mobile/android/insecure-storage/SKILL.md`	SharedPreferences / SQLite / external storage scans
`/skills/standard/mobile/android/intent-redirection/SKILL.md`	Intent forwarding / pendingIntent abuse
`/skills/standard/mobile/android/webview-flaws/SKILL.md`	JavaScriptInterface, file:// access, mixed content
`/skills/standard/mobile/android/frida-ssl-pin-bypass/SKILL.md`	OkHttp / TrustKit / Cordova pin-bypass scripts
`/skills/standard/mobile/android/root-detect-bypass/SKILL.md`	Common root-detection libraries and their bypasses

Playbooks — iOS

Skill	Use for
`/skills/standard/mobile/ios/ipa-triage/SKILL.md`	class-dump-z + Hopper; Mach-O headers; entitlements
`/skills/standard/mobile/ios/keychain-acl/SKILL.md`	Keychain ACL misconfigurations; `kSecAccessControl` flags
`/skills/standard/mobile/ios/url-scheme-abuse/SKILL.md`	Universal links + URL scheme handler attacks
`/skills/standard/mobile/ios/xpc-services/SKILL.md`	XPC interface enumeration; unauthenticated XPC services
`/skills/standard/mobile/ios/frida-trust-killer/SKILL.md`	SSL Kill Switch + Frida pin-bypass for iOS apps
`/skills/standard/mobile/ios/jailbreak-detect-bypass/SKILL.md`	DTAppJailbreakDetectorSwift, Liberty Lite, common patterns

Cross-platform

Skill	Use for
`/skills/standard/mobile/frida-bridge/SKILL.md`	frida-server install on emulator / jailbroken device; basic scripts
`/skills/standard/mobile/objection-walkthrough/SKILL.md`	Objection cheatsheet (env, memory, sqlite, classes)
`/skills/standard/mobile/firebase-misconfig/SKILL.md`	Firebase /Firestore RLS / Storage / Auth bypasses
`/skills/standard/mobile/mobile-api-testing/SKILL.md`	Burp / Caido proxy → mobile API endpoint enumeration

Workflow

Triage: jadx for Android, class-dump for iOS. Search strings for API endpoints, Firebase config, AWS keys.
Static: AndroidManifest.xml exported components; iOS Info.plist URL schemes + entitlements.
Dynamic setup: Frida server on a rooted emulator (Android) or jailbroken physical device (iOS); Objection for quick inspection.
SSL pin bypass: Frida script; verify HTTPS now visible in Burp.
API enumeration: re-route the app through the proxy; spider reachable endpoints; export to Burp project for later web-recon-style testing.
Insecure storage: pull /data/data/<pkg>/ (Android) or app container (iOS); grep for credentials, tokens, PII.
Component-level attacks: send crafted Intents (adb shell am start ...) or URL-scheme payloads (xcrun simctl openurl ...).

Tools sandbox

adb + emulator / physical device.
jadx, apktool, dex2jar, jd-gui.
class-dump, Hopper Disassembler, IDA Free (host-side).
Frida-server (per device), frida (host), objection.
mitmproxy / Burp Suite Community / Caido (PR #304 lands the LangChain Caido tool bundle).
MobSF (mobsf Docker image) for automated triage when speed matters.