StaCoAn - an open source static code analyser for bugbounty hunters and ethical hackers.

StaCoAn – an open source static code analyser for bugbounty hunters and ethical hackers.

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

This tool will look for interesting lines in the code which can contain:
– Hardcoded credentials
– API keys
– URL’s of API’s
Decryption keys
– Major coding mistakes
This tool was created with a big focus on usability and graphical guidance in the user interface.

StaCoAn – static code analyser

Features:
+ The concept is that you drag and drop your mobile application file (an .apk or .ipa file) on the StaCoAn application and it will generate a visual and portable report for you. You can tweak the settings and wordlists to get a customized experience.
++ Looting concept; The Loot Function let you ‘loot’ (~bookmark) the findings which are of value for you and on the loot-page you will get an overview of your ‘loot’ raid.
++ Wordlists; The application uses wordlists for finding interesting lines in the code.
++ Filetypes; Any source file will be processed. This contains ‘.java’, ‘.js’, ‘.html’, ‘.xml’,… files.

Use and Download:

Source: https://github.com/vincentcox