– Initial Crash Report about com.whatsapp
– New UI
– Features list
This is a tool to analyze android, linux and windows, to detect points to attack, as intents, receivers, services, processes and libraries.
This tool uses a static analysis methods to do this, the vector attack founded by this tool, can be attacked by fuzzing methods to discover vulnerabilities..
More security researchers, bug hunters, exploit writers, malware developers find a problems as unsecure compilation flags, methods/functions exposes, with this tool is more easy, this tool search by you automatically.
It is well known in the world of IT Security, that have been created countermeasures and memory protections to prevent easily create exploits and prevent programmers to write programs that execute arbitrary code, as RELRO, PAX, ASLR, PIE, NX, SSP, StackCanary and others, this tool search this flags to do the job.
For now this tool only check ELF Binary Format, searching RELRO, PAX, PIE, ASLR, NX, RPATH, RUNPATH, StackCanary and FORTIFY SOURCE protections.
Features about this project:
– Analysis apk and so/elf
– Extract apk and so/elf
– Scanner AIDL (Android Interface Definition Language)
– Analysis ssl pining and man in the middle
– Disassemble resources and sources
– Mapping classes, methods and imports
– Analysis backendless (MBaaS – Mobile Backend As A Service) libs
– Analysis Network traffic
– Analysis crash on classes
– CA certificates extractor, APK embedded certificates and Url certificate catcher.
– Analysis cryptografic API’s
– Analysis intent filters
– Analysis file system permissions
– Analysis SH (Shell Scripts)
– Analysis webview xss and injections.
– Crash log view
– Dinamic code injection
– Fuzzing on intents and native libs (SO/ELF)
– Hooking native libs / java libs / JNI libs
– Analysis framework
– Url certificate catcher
– Analisys of reflexing code
– Shellcode detector
– Analysis apps vulnerable to cloning cards
– Scanner unsecure storage
– Hooking passing intents