npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skillsThis skill uses the workspace's default tool permissions.
Use this skill when:
Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.
Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.
Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.
Use this skill when:
Do not use this skill on production environments without authorization -- dynamic instrumentation can alter app behavior and trigger security alerts.
frida-tools and objection packages# Check device architecture
adb shell getprop ro.product.cpu.abi
# Output: arm64-v8a
# Download matching Frida server from GitHub releases
# https://github.com/frida/frida/releases
# Push to device
adb push frida-server-16.x.x-android-arm64 /data/local/tmp/frida-server
adb shell chmod 755 /data/local/tmp/frida-server
adb shell /data/local/tmp/frida-server &
# Verify Frida connection
frida-ps -U
# List all packages
frida-ps -U -a
# Attach Objection for high-level exploration
objection --gadget com.target.app explore
# List activities, services, receivers
android hooking list activities
android hooking list services
android hooking list receivers
# List loaded classes
android hooking list classes
android hooking search classes com.target.app
# Hook all methods of a class
android hooking watch class com.target.app.auth.LoginManager
# Hook specific method with argument dumping
android hooking watch class_method com.target.app.auth.LoginManager.authenticate --dump-args --dump-return
# Hook crypto operations
android hooking watch class javax.crypto.Cipher --dump-args
android hooking watch class java.security.MessageDigest --dump-args
# Hook network calls
android hooking watch class okhttp3.OkHttpClient --dump-args
android hooking watch class java.net.URL --dump-args
// hook_crypto.js - Intercept encryption/decryption operations
Java.perform(function() {
var Cipher = Java.use("javax.crypto.Cipher");
Cipher.doFinal.overload("[B").implementation = function(input) {
var mode = this.getAlgorithm();
console.log("[Cipher] Algorithm: " + mode);
console.log("[Cipher] Input: " + bytesToHex(input));
var result = this.doFinal(input);
console.log("[Cipher] Output: " + bytesToHex(result));
return result;
};
function bytesToHex(bytes) {
var hex = [];
for (var i = 0; i < bytes.length; i++) {
hex.push(("0" + (bytes[i] & 0xFF).toString(16)).slice(-2));
}
return hex.join("");
}
});
# Execute custom Frida script
frida -U -f com.target.app -l hook_crypto.js --no-pause
// root_bypass.js - Common root detection bypass
Java.perform(function() {
// Bypass RootBeer library
var RootBeer = Java.use("com.scottyab.rootbeer.RootBeer");
RootBeer.isRooted.implementation = function() {
console.log("[RootBeer] isRooted() bypassed");
return false;
};
// Bypass generic file-based root checks
var File = Java.use("java.io.File");
var originalExists = File.exists;
File.exists.implementation = function() {
var path = this.getAbsolutePath();
var rootPaths = ["/system/app/Superuser.apk", "/system/xbin/su",
"/sbin/su", "/system/bin/su", "/data/local/bin/su"];
if (rootPaths.indexOf(path) >= 0) {
console.log("[Root] Blocked check for: " + path);
return false;
}
return originalExists.call(this);
};
// Bypass SafetyNet/Play Integrity
try {
var SafetyNet = Java.use("com.google.android.gms.safetynet.SafetyNetApi");
console.log("[SafetyNet] Class found - may need additional bypass");
} catch(e) {}
});
// network_monitor.js - Monitor all HTTP requests
Java.perform(function() {
// Hook OkHttp3
try {
var OkHttpClient = Java.use("okhttp3.OkHttpClient");
var Interceptor = Java.use("okhttp3.Interceptor");
var Chain = Java.use("okhttp3.Interceptor$Chain");
console.log("[OkHttp] Monitoring network requests...");
var Request = Java.use("okhttp3.Request");
Request.url.implementation = function() {
var url = this.url();
console.log("[OkHttp] URL: " + url.toString());
return url;
};
} catch(e) {
console.log("[OkHttp] Not found, trying HttpURLConnection");
}
// Hook HttpURLConnection
var URL = Java.use("java.net.URL");
URL.openConnection.overload().implementation = function() {
console.log("[URL] Opening: " + this.toString());
return this.openConnection();
};
});
# Using Objection for quick extraction
objection --gadget com.target.app explore
# Dump Android Keystore entries
android keystore list
android keystore dump
# Search heap for sensitive objects
android heap search instances com.target.app.model.User
android heap evaluate <handle> "JSON.stringify(clazz)"
# Memory string search
memory search "password" --string
memory search "api_key" --string
| Term | Definition |
|---|---|
| Dynamic Instrumentation | Modifying application behavior at runtime by injecting code into the running process |
| Method Hooking | Replacing or wrapping function implementations to intercept arguments and return values |
| Frida Server | Daemon running on the target device that receives instrumentation commands from the host |
| Dalvik/ART Runtime | Android runtime environments; Frida hooks at the ART level for Java/Kotlin methods |
| Heap Inspection | Examining live objects in the application's memory heap to extract runtime data |
/proc/self/maps. Use Frida Gadget injection or custom server builds.a.b.c.d()). Use android hooking search classes to discover actual runtime names.Java.enumerateLoadedClasses() after app is fully initialized.