MARA v0.2.2 - is a Mobile Application Reverse engineering and Analysis Framework.

MARA v0.2.2 – is a Mobile Application Reverse engineering and Analysis Framework.

Changelog Mara Framework version: 0.2.2 beta 8/12/2016:
* Requirement at setup.sh update
* Feature Update:
+ Domain Analysis
+-+ Domain SSL scan via pyssltest and testssl
+-+ Website fingerprinting via whatweb
+ APK Reverse Engineering
+-+ Disassembling Dalvik bytecode to java bytecode via enjarify
+-+ Decompiling APK to Java source code via jadx
+ APK Analysis
+-+Analyze apk for potential malicious behaviour via androwarn
+-+ Identify compilers, packers and obfuscators via APKiD
+ Security Analysis
+-+ Source code static analysis based on OWASP Top Mobile Top 10 and the OWASP Mobile Apps Checklist.

Mara v0.2.2

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals.

Features supported:
* APK Reverse Engineering
+ Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
+ Disassembling Dalvik bytecode to java bytecode via enjarify
+ Decompiling APK to Java source code via jadx

* APK Deobfuscation
+ APK deobfuscation via apk-deguard.com

* APK Analysis
+ Parsing smali files for analysis via smalisca
+ Dump apk assets,libraries and resources
+ Extracting certificate data via openssl
+ Extract strings and app permissions via aapt
+ Identify methods and classes via ClassyShark
+ Scan for apk vulnerabilities via androbugs
+ Analyze apk for potential malicious behaviour via androwarn
+ Identify compilers, packers and obfuscators via APKiD
+ Extract execution paths, IP addresses, URL, URI, emails via regex

* APK Manifest Analysis
+ Extract Intents
+ Extract exported activities
+ Extract receivers
+ Extract exported receivers
+ Extract Services
+ Extract exported services
+ Check if apk is debuggable
+ Check if apk allows sending of secret codes
+ Check if apk can receive binary SMS

* Domain Analysis
+ Domain SSL scan via pyssltest and testssl
+ Website fingerprinting via whatweb

* Security Analysis
+ Source code static analysis based on OWASP Top Mobile Top 10 and the OWASP Mobile Apps Checklist

Use and Download from source:

Source: https://github.com/xtiankisutsa | Our Post Before