Appmon - Runtime Security Testing Framework for iOS, Mac OS X and Android Apps.

Appmon – Runtime Security Testing Framework for iOS, Mac OS X and Android Apps.

AppMon is an automated framework for monitoring and tampering system API calls of native apps on iOS, Mac OS X and Android apps (upcoming). You may call it the GreaseMonkey for native mobile apps. 😉
AppMon is my vision is to make become the Mac OS X/iOS/Android equivalent of the this project apimonitor and GreaseMonkey. This should become a useful tool for the mobile penetration testers to validate the security issues report by a source code scanner and by inspecting the APIs in runtime and monitoring the app’s overall activity and focus on things that seem suspicious. You can also use pre-defined user-scripts to modify the app’s functionality/logic in the runtime e.g. spoofing the DeviceID, spoofing the GPS co-ordinates, faking In-App purchases, bypassing TouchID etc.

appmon

appmon

API’S Categories:
+ Disk I/O (R/W)
+ Network (HTTP GET, POST etc.)
+ Crypto (HMAC, Hash function, block ciphers, X.509 certs etc.)
+ XML/JSON
+ KeyChain
+ Database (e.g. SQLite)
+ WebView
+ UserDefaults (SharedPreferences equiv.) & more.

appintruder

appintruder

latest change 24/5/2016: script:Logging Hooks

Usage:

Download: appmon.zip  | appmon.tar.gz
Source: https://github.com/dpnishant