git404hub

what is selimdroid fr?

selimwdev/selimdroid — explained in plain English

Analysis updated 2026-05-18

16JavaScriptAudience · researcherComplexity · 4/5LicenseSetup · hard

tl;dr

SelimDroid is an open source tool that automatically tests running Android apps for security weaknesses like data leaks, weak session handling, and SSL pinning gaps.

vibe map

mindmap
  root((SelimDroid))
    What it does
      Dynamic security scans
      Runtime analysis
      Automated bypass checks
    Tech stack
      Python
      Frida
      ADB
    Use cases
      Pentesting
      Security research
      App audits
    Audience
      Security researchers
      Pentesters
    Requirements
      Rooted device
      Frida server
      Python 3.9+

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Run automated dynamic security scans on Android apps you are authorized to test

VIBE 2

Check whether sensitive data leaks through logs, clipboard, or insecure storage

VIBE 3

Test whether an app's session data is properly cleared after logout

VIBE 4

Bypass SSL pinning and root detection to evaluate an app's runtime defenses

what's the stack?

PythonFridaADB

how it stacks up fr

selimwdev/selimdroidakaakshat246/ecoscore-browser-extensionandrelog99/dam
Stars161616
LanguageJavaScriptJavaScriptJavaScript
Setup difficultyhardhardeasy
Complexity4/53/52/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · hard time til it works · 1h+

Requires a rooted Android device or emulator plus a running Frida server.

Use, modify, and distribute freely, including commercially, as long as you keep the copyright notice.

in plain english

SelimDroid is an open source security testing tool built for Android apps. It falls into a category called DAST, which stands for Dynamic Application Security Testing: instead of just reading an app's code, it watches and interacts with the app while it is actually running on a phone or emulator. The tool connects to a rooted Android device using ADB (Android Debug Bridge) and Frida, a runtime instrumentation toolkit that lets it hook into a live app and inspect what it is doing. Once connected, SelimDroid runs a series of automated checks: it looks for sensitive data stored insecurely in local databases or shared preferences, scans system logs and the clipboard for leaked information, tests whether the app properly detects rooted devices, and attempts to bypass SSL pinning, a common defense against network traffic interception. It also checks exported app components, content providers, and WebViews for common security holes. A notable feature is its post logout validation: after a user logs out of the tested app, SelimDroid checks whether session tokens, cached data, and database records were actually cleared, rather than assuming the logout worked. Some checks need the person running the scan to interact with the app directly, such as logging in, copying something to the clipboard, or moving through a WebView, the tool pauses and prompts for these actions when needed. After a scan finishes, SelimDroid produces a single combined report listing everything it found, saved to a reports folder. To run it, you need Python 3.9 or newer, Frida and its server component, ADB, and a rooted Android device or emulator with USB debugging turned on. This is a specialist tool aimed at security researchers and penetration testers, not general app developers. The author states it is meant only for authorized testing, security research, and educational use, and should not be run against apps or systems without permission.

prompts (copy fr)

prompt 1
Walk me through setting up Frida server and ADB so I can run SelimDroid against a test Android app
prompt 2
Explain what SelimDroid's post logout validation checks for and why it matters
prompt 3
Help me interpret a SelimDroid security report and prioritize which findings to fix first
prompt 4
What does SSL pinning bypass mean and how does SelimDroid test for it

Frequently asked questions

what is selimdroid fr?

SelimDroid is an open source tool that automatically tests running Android apps for security weaknesses like data leaks, weak session handling, and SSL pinning gaps.

What language is selimdroid written in?

Mainly JavaScript. The stack also includes Python, Frida, ADB.

What license does selimdroid use?

Use, modify, and distribute freely, including commercially, as long as you keep the copyright notice.

How hard is selimdroid to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is selimdroid for?

Mainly researcher.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.