/fufluns

Easy to use APK/IPA Mobile App Inspector

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

CircleCI Docker Build Docker Pulls Docker Builds

Fufluns

Easy to use APK/IPA Mobile App Inspector

Features

Detects common fails in compiled apps for Android and iOS (iPhones, iPads, etc..)

  • Android

    • APKiD
    • Secrets (Private keys, API keys, etc..)
    • Insecure AndroidManifest.xml attributes
    • Network Security
    • Permissions
    • Root Detection
    • Source Code
    • SQL Injections
  • iOS

    • Compiler options (-fstack-protector-all, -fobjc-arc, -pie, etc..)
    • Insecure C imports (memcmp, memcpy, memmove, me​mset, etc..)
    • Jailbreak Detection
    • Network Security
    • Permissions
    • Secrets (Private keys, API keys, etc..)
    • Source Code
    • SQL Injections

Export

The tool allows to export the data in JSON, Markdown and Textile formats.

Tools Required

  • APKiD
  • Apktool (and the Android Platform Tools)
  • rizin (python rzpipe)

Docker

You can download it from docker hub or build it by yourself.

Download from docker hub

# Download first the image
docker pull deroad/fufluns:latest .
# run the image
docker run -it --rm -p 8080:8080 deroad/fufluns:latest

Or Build from sources

To build a docker image just run

# Build first the image
docker build -t fufluns:latest .
# Run the built image
docker run -it --rm -p 8080:8080 fufluns:latest

Debug

To debug http traffic, you need to define the environment variable 'DEBUG_MODE'.

For example:

DEBUG_MODE=1 ./fufluns.sh

Development

Check the documents here: https://github.com/wargio/fufluns/blob/master/DOCS.md