Trueseeing is a non-decompiling Android application vulnerability scanner.
Project description
README
trueseeing is a fast, accurate and resillient vulnerabilities scanner for Android apps. It operates on Android Packaging File (APK) and outputs a comprehensive report in HTML, JSON or a CI-friendly format. It doesn't matter if the APK is obfuscated or not.
Capability
Currently trueseeing can detect the following class of vulnerabilities:
-
Improper Platform Usage (M1)
- Debuggable
- Inadvent publishing of Activities, Services, ContentProviders, BroadcastReceivers
-
Insecure Data (M2)
- Backupable (i.e. suspectible to the backup attack)
- Insecure file permissions
- Logging
-
Insecure Commnications (M3)
- Lack of pinning (i.e. suspictible to the TLS interception attack)
- Use of cleartext HTTP
- Tamperable WebViews
-
Insufficient Cryptography (M5)
- Hardcoded passphrase/secret keys
- Vernum ciphers with static keys
- Use of the ECB mode
-
Client Code Quality Issues (M7)
- Reflectable WebViews (i.e. XSSs in such views should be escalatable to remote code executions via JS reflection)
- Usage of insecure policy on mixed contents
-
Code Tampering (M8)
- Hardcoded certificates
-
Reverse Engineering (M9)
- Lack of obfuscation
Installation
We provide containers so you can use right away as follows; now this is also the recommended way to run:
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing
If you want to run statelessly you omit mounting volume onto /cache (not recommended for day-to-day use though; also see #254):
$ docker run --rm -v $(pwd):/out alterakey/trueseeing
Finally if you would like to use plain old installation (e.g. for interacting with devices), you can do as follows:
$ pip3 install trueseeing
Usage
The following command line is sufficient to scan a APK (target.apk), yielding findings listed in stderr:
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing target.apk
To generate a report in HTML format:
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing -o report.html target.apk
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --format=html -o report.html target.apk
To generate a report in JSON format:
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --format=json -o report.json target.apk
To get report generated in stdout, specify '-' as filename:
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing -o - target.apk > report.html
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --format=html -o - target.apk > report.html
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --format=json -o - target.apk > report.json
To fix (not all) problems it catches:
$ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --patch-all target.apk
From 2.1.8, we have rewritten the means of interactively analyzing apps; inspect mode II (hence, forget that I). You can try it as follows:
$ docker run -it --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --inspect target.apk
[+] trueseeing 2.1.8 [inspect mode]
ts[target.apk]> ?
...
ts[target.apk]> aa
...
[+] done, found 6403 issues (174.94 sec.)
ts[target.apk]> i
...
ts[target.apk]> gh report.html
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for trueseeing-2.1.8.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 95d11c6075d4b090f7c4b482a8feacfe7450d3145cc1e4184b5d1514d920acef |
|
MD5 | c41a552528479dcc3e4acf3c73e3643d |
|
BLAKE2b-256 | 921f9b4717fb069e62e536da179b815b35ce45135d69b93d87316b55451a00f7 |