Frida-powered hook runner based on JSON hook files.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for holguera from gravatar.com holguera

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

Frooky

   ___    ____           
  / __\  / _  |    _     _    _  _   _   _
 / _\   | (_) |  / _ \ / _ \ | / /  | | | |
/ /     / / | | | (_) | (_) ||  <   | |_| |
\/     /_/  |_|  \___/ \___/ |_|\_\  \__, |
                                     |___/

frooky is a Frida-based dynamic analysis tool for Android and iOS apps based on JSON hook files.

PyPI - Version Test

  • Hook Java/Kotlin methods and native C/C++ functions
  • Simple JSON hook file format
  • Support for method overloads and stack trace capture
  • Argument capture with various data types
  • Filter hooks by argument values or stack trace patterns
  • Output events in JSON Lines format for easy processing

See more in docs/usage.md.

Installation

Simply install via pip to get the frooky CLI tool:

pip3 install frooky

Usage

Create a hook file (e.g., hooks.json) as described in docs/usage.md, then run frooky with the desired options:

# Attach by app name
frooky -U -n "My App" --platform android hooks.json

# Spawn and add multiple hook files (hooks are merged)
frooky -U -f com.example.app --platform android storage.json crypto.json

See frooky -h for more options.

Example

We'll use the OWASP MAS MASTG-DEMO-0072 app to demonstrate hooking a cryptographic key generation method.

First you need to create a hook file, e.g., crypto.json:

{
  "category": "CRYPTO",
  "hooks": [
    {
      "class": "android.security.keystore.KeyGenParameterSpec$Builder",
      "method": "$init",
      "maxFrames": 10
    }
  ]
}

Then run frooky with the hook file against your target app:

frooky -U -n "MASTestApp" --platform android crypto.json

Output (pretty-printed for readability):

Events are written to the output file in JSON Lines format (one JSON object per line, known as NDJSON). You can easily pretty-print it e.g. using jq . output.json.

{
  "id": "14535033-08ea-4063-897c-eacd4a885d8b",
  "type": "hook",
  "category": "CRYPTO",
  "time": "2026-01-14T16:02:21.782Z",
  "class": "android.security.keystore.KeyGenParameterSpec$Builder",
  "method": "$init",
  "instanceId": 35486102,
  "stackTrace": [
    "android.security.keystore.KeyGenParameterSpec$Builder.<init>(Native Method)",
    "org.owasp.mastestapp.MastgTest.generateKey(MastgTest.kt:97)",
    "org.owasp.mastestapp.MastgTest.mastgTest(MastgTest.kt:41)",
    "org.owasp.mastestapp.MainActivityKt.MainScreen$lambda$12$lambda$11(MainActivity.kt:101)",
    "org.owasp.mastestapp.MainActivityKt.$r8$lambda$Pm6AsbKBmypP53K-UABM21E_Xxk(Unknown Source:0)",
    "org.owasp.mastestapp.MainActivityKt$$ExternalSyntheticLambda3.run(D8$$SyntheticClass:0)",
    "java.lang.Thread.run(Thread.java:1012)"
  ],
  "inputParameters": [
    {
      "declaredType": "java.lang.String",
      "value": "MultiPurposeKey"
    },
    {
      "declaredType": "int",
      "value": 15
    }
  ],
  "returnValue": [
    {
      "declaredType": "void",
      "value": "void"
    }
  ]
}

See more in docs/usage.md and a full example in docs/examples/example.md.

For development and local testing instructions of this repo, see docs/develop.md.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for holguera from gravatar.com holguera

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

frooky-0.2.1.tar.gz (11.9 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

frooky-0.2.1-py3-none-any.whl (107.2 kB view details)

Uploaded Python 3

File details

Details for the file frooky-0.2.1.tar.gz.

File metadata

  • Download URL: frooky-0.2.1.tar.gz
  • Upload date:
  • Size: 11.9 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for frooky-0.2.1.tar.gz
Algorithm Hash digest
SHA256 d5d7903527db20a810b78299171fc3fc45217186fa08bbbfe0b934aab754e3f0
MD5 d17f730a52444ee6e34a13f6446e03c9
BLAKE2b-256 1fce31909454fb296e3195f6f8f6aa487b2a99f0832e6b944d71d18d8cd7a783

See more details on using hashes here.

Provenance

The following attestation bundles were made for frooky-0.2.1.tar.gz:

Publisher: publish.yml on cpholguera/frooky

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file frooky-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: frooky-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 107.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for frooky-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 cf9c4e12821246559aa14ceff7d449c7c674d9de62cd35dd19b597af8a0a160d
MD5 7ba3f20f13f390c1438ecf776f6fb06e
BLAKE2b-256 8710ac103188c2c7eb81262fd8891af97bd8a2a9aa46d6f0e45ce7dfc18f8d96

See more details on using hashes here.

Provenance

The following attestation bundles were made for frooky-0.2.1-py3-none-any.whl:

Publisher: publish.yml on cpholguera/frooky

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page