Is a tool that automates the process of identifying the framework/technology used to create a mobile application.
Additionally, it assists in finding sensitive information or provides suggestions for working with the identified platform.
The tool searches for files associated with the technologies used in mobile application development, such as configuration files, resource files, and source code files.
Search files:
index.html
cordova.js
cordova_plugins.jsSearch file
Andorid files:
libreactnativejni.so
index.android.bundle
iOS files:
main.jsbundle❗A minimum of Java 8 is required to run Apktool.
pip install -r requirements.txt
python3 mhf.py app.apk|ipa|aab
python3 mobile_helper_framework.py file.apk
[+] App was written in React Native
Do you want analizy the application (y/n) y
Output directory already exists. Skipping decompilation.
Beauty the react code? (y/n) n
Search any info? (y/n) y
==>>Searching possible internal IPs in the file
results.........
==>>Searching possible emails in the file
results.........
==>>Searching possible interesting words in the file
results.........
==>>Searching Private Keys in the file
results.........
==>>Searching high confidential secrets
results.........
==>>Searching possible sensitive URLs in js files
results.........
==>>Searching possible endpoints in js files results.........This tool uses Apktool for decompilation of Android applications.
This tool renames the .ipa file of iOS applications to .zip and extracts the contents.
| Feature | Note | Cordova | React Native | Native JavaScript | Flutter | Xamarin |
|---|---|---|---|---|---|---|
| JavaScript beautifier | Use this for the first few occasions to see better results. | ✅ | ✅ | ✅ | ||
| Identifying multiple sensitive information | IPs, Private Keys, API Keys, Emails, URLs | ✅ | ✅ | ✅ | ❌ | |
| Cryptographic Functions | ✅ | ✅ | ✅ | ❌ | ❌ | |
| Endpoint extractor | ✅ | ✅ | ✅ | ❌ | ❌ | |
| Automatically detects if the code has been beautified. | ❌ | ❌ | ❌ | |||
| Extracts automatically apk of devices/emulator | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Patching apk | ✅ | |||||
| Extract an APK from a bundle file. | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Detect if JS files are encrypted | ❌ | ❌ | ||||
| Detect if the resources are compressed. | ❌ | Hermes✅ | ❌ | ❌ | XALZ✅ | |
| Detect if the app is split | ❌ | ❌ | ❌ | ❌ | ❌ |
What is patching apk: This tool uses Reflutter, a framework that assists with reverse engineering of Flutter apps using a patched version of the Flutter library.
Split APKs is a technique used by Android to reduce the size of an application and allow users to download and use only the necessary parts of the application.
Instead of downloading a complete application in a single APK file, Split APKs divide the application into several smaller APK files, each of which contains only a part of the application such as resources, code libraries, assets, and configuration files.
adb shell pm path com.package
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/base.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.arm64_v8a.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.en.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.xxhdpi.apkFor example, in Flutter if the application is a Split it’s necessary patch split_config.arm64_v8a.apk, this file contains libflutter.so
SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…
The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…
The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…
The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…
AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…
Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…