.---. .----------- / \ __ / ------ / / \( )/ ----- ╔╦╗╦═╗╔═╗╦╔╦╗ ╦ ╦╦ ╦╔╗╔╔╦╗╔═╗╦═╗ ////// ' \/ ` --- ║║╠╦╝║ ║║ ║║───╠═╣║ ║║║║ ║ ║╣ ╠╦╝ //// / // : : --- ═╩╝╩╚═╚═╝╩═╩╝ ╩ ╩╚═╝╝╚╝ ╩ ╚═╝╩╚═ // / / /` '-- By HaHwul // //..\\ www.hahwul.com ====UU====UU==== https://github.com/hahwul/droid-hunter '//||\\` ''`` Android application vulnerability analysis and Android pentest tool
A. Support
> App info check
> Baksmaling android app
> Decompile android app
> Extract class file
> Extract java code
> Pattern base Information Leakage
A. Download(clone) & Unpack DROID-HUNTER
git clone https://github.com/hahwul/droid-hunter.git
cd droid-hunter
B. Install Ruby GEM
gem install html-table
gem install colorize
C. Set external tools
Editing "./config/config.rb"
# Tool path $p_adb = "/usr/bin/adb" $p_aapt = "/usr/bin/aapt" # Path aapt # macOS > (https://github.com/hahwul/droid-hunter/issues/12) $p_dex2jar = File.dirname(__FILE__)+"/../ex_tool/dex2jar-0.0.9.15/dex2jar.sh" $p_apktool = File.dirname(__FILE__)+"/../ex_tool/apktool/apktool_2.3.1.jar" $p_jad = File.dirname(__FILE__)+"/../ex_tool/jad/jad" $p_grep = "/bin/grep" $p_unzip = "/usr/bin/unzip" $p_sfilter = File.dirname(__FILE__)+"/../string_filter" D. Run DROID-HUNTER
ruby dhunter.rb
Usage: ruby dhunter.rb [APK] Command -a, --apk : Analysis android APK file. + APK Analysis => dhunter -a 123.apk[apk file] => dhunter --apk 123.apk aaa.apk test.apk hwul.apk -p, --pentest : Penetration testing Device + Pentest Android => dhunter -p device[device code] => dhunter --pentest device -v, --version : Show this droid-hunter version -h, --help : Show help page Bug: Add issue(github)
Contact: [email protected]
Add Vulnerability Scanning module
Update string pattern
Intent diagram
## 6. Screen shot
