# F-Droid RFP: Pentest Toolkit ## Application Information **Name:** Pentest Toolkit **Package ID:** com.fbnoname.pentesttoolkit **Git repository:** https://github.com/FBNonaMe/pentest-toolkit **Description:** Comprehensive Android security testing toolkit with 20+ tools for penetration testers and security researchers. Features include: - SQL injection testing with 7 injection types and 40+ payloads - XSS vulnerability scanning - Security test generator with export to Burp Suite, OWASP ZAP, Postman - Port scanning and subdomain enumeration - Security headers and SSL/TLS analysis - Cookie security analyzer - Web reconnaissance with CDN/WAF detection - Automated security testing roadmap (6 phases, 22 tasks) - And many more security analysis tools **License:** Apache-2.0 **Categories:** Security, Development **Source Code:** https://github.com/FBNonaMe/pentest-toolkit **Issue Tracker:** https://github.com/FBNonaMe/pentest-toolkit/issues **Changelog:** https://github.com/FBNonaMe/pentest-toolkit/blob/main/CHANGELOG.md ## Why should this app be added to F-Droid? 1. **100% Free and Open Source Software (FOSS)** - All dependencies are FOSS (AndroidX, Kotlin, Retrofit/OkHttp, Hilt/Dagger, Jsoup) - Licensed under Apache 2.0 2. **Privacy-respecting** - No telemetry or analytics - No data collection - No tracking libraries - All data stored locally only - No Google Play Services dependency 3. **Useful tool for security professionals** - Comprehensive security testing suite - Mobile penetration testing capabilities - Educational tool for learning security concepts 4. **Active development** - Recently released v1.0 - Maintained and actively developed - Well-documented codebase 5. **Clean architecture** - Built with modern Android technologies (Kotlin, Jetpack Compose) - MVVM architecture with dependency injection - Reproducible builds possible ## Technical Details - **Min SDK:** 24 (Android 7.0) - **Target SDK:** 36 - **Language:** Kotlin 100% - **Build system:** Gradle - **Size:** \~15 MB ## Anti-Features None - the app has no ads, no tracking, no non-free dependencies, and no other anti-features. ## Legal Notice This tool is designed for authorized security testing only. The app includes clear warnings about legal and ethical use. It's intended for security professionals who test systems they own or have explicit permission to test. ## Additional Information - Fastlane metadata structure is ready at: `fastlane/metadata/android/en-US/` - Screenshots are available - App icon is provided - All build requirements are documented Thank you for considering this application for inclusion in F-Droid! plese