Easy to use APK/IPA Mobile App Inspector
Detects common fails in compiled apps for Android and iOS (iPhones, iPads, etc..)
-
Android
- APKiD
- Secrets (Private keys, API keys, etc..)
- Insecure AndroidManifest.xml attributes
- Network Security
- Permissions
- Root Detection
- Source Code
- SQL Injections
-
iOS
- Compiler options (-fstack-protector-all, -fobjc-arc, -pie, etc..)
- Insecure C imports (memcmp, memcpy, memmove, memset, etc..)
- Jailbreak Detection
- Network Security
- Permissions
- Secrets (Private keys, API keys, etc..)
- Source Code
- SQL Injections
The tool allows to export the data in JSON, Markdown and Textile formats.
- APKiD
- Apktool (and the Android Platform Tools)
- rizin (python rzpipe)
You can download it from docker hub or build it by yourself.
# Download first the image
docker pull deroad/fufluns:latest .
# run the image
docker run -it --rm -p 8080:8080 deroad/fufluns:latest
To build a docker image just run
# Build first the image
docker build -t fufluns:latest .
# Run the built image
docker run -it --rm -p 8080:8080 fufluns:latest
To debug http traffic, you need to define the environment variable 'DEBUG_MODE'.
For example:
DEBUG_MODE=1 ./fufluns.sh
Check the documents here: https://github.com/wargio/fufluns/blob/master/DOCS.md