Skip to main content
Help us improve Python packaging – donate today!

Trueseeing is a non-decompiling Android application vulnerability scanner.

Project Description

trueseeing is a fast, accurate and resillient vulnerabilities scanner for Android apps. It operates on Android Packaging File (APK) and outputs a comprehensive report in HTML. It doesn’t matter if the APK is obfuscated or not.

Capability

Currently trueseeing can detect the following class of vulnerabilities:

  • Improper Platform Usage (M1)
    • Debuggable
    • Inadvent publishing of Activities, Services, ContentProviders, BroadcastReceivers
  • Insecure Data (M2)
    • Backupable (i.e. suspectible to the backup attack)
    • Insecure file permissions
    • Logging
  • Insecure Commnications (M3)
    • Lack of pinning (i.e. suspictible to the TLS interception attack)
    • Use of cleartext HTTP
    • Tamperable WebViews
  • Insufficient Cryptography (M5)
    • Hardcoded passphrase/secret keys
    • Vernum ciphers with static keys
    • Use of the ECB mode
  • Client Code Quality Issues (M7)
    • Reflectable WebViews (i.e. XSSs in such views should be escalatable to remote code executions via JS reflection)
    • Usage of insecure policy on mixed contents
  • Code Tampering (M8)
    • Hardcoded certificates
  • Reverse Engineering (M9)
    • Lack of obfuscation

Usage

The following command line is sufficient to scan a APK (target.apk):

$ trueseeing /path/to/target.apk > report.html

Release history Release notifications

This version
History Node

2.0.9

History Node

2.0.8

History Node

2.0.7

History Node

2.0.6

History Node

2.0.3

History Node

2.0.2

History Node

2.0.1

History Node

2.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
trueseeing-2.0.9-py3-none-any.whl (9.3 MB) Copy SHA256 hash SHA256 Wheel py3 Nov 13, 2017

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page