owasp-mastg VS H4CKINTO

https://mas.owasp.org/ :

> The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases

Have a look at the OWASP Mobile Application Testing Guide https://github.com/OWASP/owasp-mastg

owasp-mastg

Be aware that this kind of tools shouldn't be seen as a substitute for a manual and thorough pentesting of the application. As u/StoryOfDavid suggested decompiling the application (I usually use jadx for this) and using Wireshark to check the network traffic are good ways to start assessing the security of your application. If you want to be thorough I suggest going through the OWASP-MSTG guide (now renamed to MASTG) which provides a categorization of possible security issues, with a description of the problem and actionable ways to statically/dynamically analyze your application.

Check out OWASP, they have plenty documentation about threat modeling and attack vectors for mobile apps. Regarding jailbreak detection, see the following: https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06j-Testing-Resiliency-Against-Reverse-Engineering.md

- OWASP is as usual a good resource: https://owasp.org/www-project-mobile-security-testing-guide/

Your question has been up almost a week and I'm guessing it's gone unanswered because the standard advice would be "don't do this." I did a quick look and found another repo that notes supporting "Java Runtime Environment 9 or above" and has an update within the last six months. The list of operations is nearly identical to L3mon. The most recent Java update was only a few weeks ago, so there could be some issues introduced, but using this repo as a base looks like a better start of the project than you have now.