Easy to use APK/IPA Mobile App Inspector (experimental)
Detects common fails in compiled apps for Android and iOS (iPhones, iPads, etc..)
-
Android
- APKiD
- Secrets (Private keys, API keys, etc..)
- Insecure AndroidManifest.xml attributes
- Network Security
- Permissions
- Root Detection
- Source Code
- SQL Injections
-
iOS
- Compiler options (-fstack-protector-all, -fobjc-arc, -pie, etc..)
- Insecure C imports (memcmp, memcpy, memmove, memset, etc..)
- Jailbreak Detection
- Network Security
- Permissions
- Secrets (Private keys, API keys, etc..)
- Source Code
- SQL Injections
The tool allows to export the data in JSON, Markdown and Textile formats.
- APKiD
- Apktool (and the Android Platform Tools)
- radare2 (python r2pipe)
To build a docker image just run
docker build -t fufluns:latest .
To debug http traffic, you need to define the environment variable 'DEBUG_MODE'.
For example:
DEBUG_MODE=1 ./fufluns.sh
Check the documents here: https://github.com/wargio/fufluns/blob/master/DOCS.md
I cannot reach the container from the browser.
docker run -it --rm -p 8080:8080 fufluns:latest