Android Pentest Container¶
The Android pentest container provides a pre-configured environment for testing Android applications with Sable.
The container runs an Android emulator along with specialized pentesting tools that allow the Sable agent to load your APK and attack it dynamically. This enables man-in-the-middle (MITM) attacks and other runtime analysis techniques against the running application. The emulator takes approximately 15 minutes to boot from a cold start, so Sable will often decompile and perform static analysis on the APK before beginning dynamic testing.
Prerequisites¶
- Docker installed
- An Android APK file to test
- A Sable account at app.vulnetic.ai
Running the container¶
You must use the Android-specific container (latest-mobile) for Android assessments — the regular shell container does not include the emulator or mobile pentesting tools.
Start the Android pentest container:
docker run --rm --network host --pull always --user root ghcr.io/vulnetic-inc/shell-container:latest-mobile
When running correctly, you should see logs similar to:
INFO: Started server process [1]
INFO: Waiting for application startup.
INFO: Application startup complete.
INFO: Uvicorn running on http://0.0.0.0:8002 (Press CTRL+C to quit)
Configuring the assessment¶
- Create an assessment in Sable and select Android App as the target type
- Upload your APK file
- Ensure the Android pentest container is running and connected
- Launch the assessment
Troubleshooting¶
Port conflicts
- If port 8002 is already in use, stop the conflicting service or check for other running containers with docker ps.
Container not connecting
- Verify the container is running with docker ps
- Check that your browser is not blocking local network access (see Shell Server Troubleshooting for browser-specific fixes)