trueseeing is a fast, accurate and resillient vulnerabilities scanner for Android apps.

trueseeing is a fast, accurate and resillient vulnerabilities scanner for Android apps.

trueseeing is a fast, accurate and resillient vulnerabilities scanner for Android apps. It operates on Android Packaging File (APK) and outputs a comprehensive report in HTML. It doesn’t matter if the APK is obfuscated or not.

Currently trueseeing can detect the following class of vulnerabilities:
+ Improper Platform Usage (M1)
* Debuggable
* Inadvent publishing of Activities, Services, ContentProviders, BroadcastReceivers

+ Insecure Data (M2)
* Backupable (i.e. suspectible to the backup attack)
* Insecure file permissions
* Logging

trueseeing

+ Insecure Commnications (M3)
* Lack of pinning (i.e. suspictible to the TLS interception attack)
* Use of cleartext HTTP
* Tamperable WebViews

+ Insufficient Cryptography (M5)
* Hardcoded passphrase/secret keys
* Vernum ciphers with static keys
* Use of the ECB mode

+ Client Code Quality Issues (M7)
* Reflectable WebViews (i.e. XSSs in such views should be escalatable to remote code executions via JS reflection)
* Usage of insecure policy on mixed contents

+ Code Tampering (M8)
* Hardcoded certificates

+ Reverse Engineering (M9)
* Lack of obfuscation

Dependencies:
+ Apktool
+ Python 3.x

Usage and Install:

Source: https://github.com/monolithworks