Droidective

Droidective / For security testers

For security & pentest

The Android assessment pipeline, in one window

Droidective is an Android security testing tool for macOS. Inspect, decompile, and re-sign an APK, set up Frida, browse an app's on-device data, and route its traffic through Burp — the static-analysis, instrumentation, and interception loop without gluing five tools together.

Download for macOS View on GitHub

Free & open source · Apple Developer ID-signed & notarized · macOS 14+ · assess only what you're authorized to

Droidective's tool catalog on macOS, including the APK Studio, Frida, and sandbox browser used for Android security assessments

Recon to interception, without the glue code

APK Studio

Inspect the manifest, permissions, exported components, and signing certs; decompile with jadx or apktool with an in-app source viewer and search; recompile and re-sign a patched build.

Frida setup

Match the device ABI to the right frida-server or gadget, push it, and run it — the setup that usually eats the first hour, in a click.

On-device data

Browse and pull an app's private data on debuggable builds with the sandbox browser, or the whole filesystem — with read-write remount — on a rooted device.

Traffic interception

Point the device's global proxy at Burp or mitmproxy in one click, and clear it just as fast — no digging through Android's Wi-Fi settings.

Runtime observation

Tail logcat and catch crashes to watch what an app leaks at runtime and the stack traces your hooks trigger.

Auditable by design

Fully open source, and every action is logged with the exact command it ran — so your assessment notes can cite precisely what touched the device.

From adb pull to Burp in one app

Download for macOS