Trueseeing is a non-decompiling Android application vulnerability scanner.
Project description
trueseeing is a fast, accurate and resillient vulnerabilities scanner for Android apps. It operates on Android Packaging File (APK) and outputs a comprehensive report in HTML. It doesn’t matter if the APK is obfuscated or not.
Capability
Currently trueseeing can detect the following class of vulnerabilities:
Improper Platform Usage (M1)
Debuggable
Inadvent publishing of Activities, Services, ContentProviders, BroadcastReceivers
Insecure Data (M2)
Backupable (i.e. suspectible to the backup attack)
Insecure file permissions
Logging
Insecure Commnications (M3)
Lack of pinning (i.e. suspictible to the TLS interception attack)
Use of cleartext HTTP
Tamperable WebViews
Insufficient Cryptography (M5)
Hardcoded passphrase/secret keys
Vernum ciphers with static keys
Use of the ECB mode
Client Code Quality Issues (M7)
Reflectable WebViews (i.e. XSSs in such views should be escalatable to remote code executions via JS reflection)
Usage of insecure policy on mixed contents
Code Tampering (M8)
Hardcoded certificates
Reverse Engineering (M9)
Lack of obfuscation
Usage
The following command line is sufficient to scan a APK (target.apk):
$ trueseeing /path/to/target.apk > report.html
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for trueseeing-2.0.10-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4bd63951813c12861087a4ffe6db83308e2942a08871fc83114e271481d92cbc |
|
MD5 | bc0d8d42094eff7a1eeccba202f10527 |
|
BLAKE2b-256 | da737b0064674b7a0200038e8b4085464e07ce7630700c53b5be52a2038d8bca |