Is a tool that automates the process of identifying the framework/technology used to create a mobile application.
Additionally, it assists in finding sensitive information or provides suggestions for working with the identified platform.
The tool searches for files associated with the technologies used in mobile application development, such as configuration files, resource files, and source code files.
Search files:
index.html
cordova.js
cordova_plugins.jsSearch file
Andorid files:
libreactnativejni.so
index.android.bundle
iOS files:
main.jsbundle❗A minimum of Java 8 is required to run Apktool.
pip install -r requirements.txt
python3 mhf.py app.apk|ipa|aab
python3 mobile_helper_framework.py file.apk
[+] App was written in React Native
Do you want analizy the application (y/n) y
Output directory already exists. Skipping decompilation.
Beauty the react code? (y/n) n
Search any info? (y/n) y
==>>Searching possible internal IPs in the file
results.........
==>>Searching possible emails in the file
results.........
==>>Searching possible interesting words in the file
results.........
==>>Searching Private Keys in the file
results.........
==>>Searching high confidential secrets
results.........
==>>Searching possible sensitive URLs in js files
results.........
==>>Searching possible endpoints in js files results.........This tool uses Apktool for decompilation of Android applications.
This tool renames the .ipa file of iOS applications to .zip and extracts the contents.
| Feature | Note | Cordova | React Native | Native JavaScript | Flutter | Xamarin |
|---|---|---|---|---|---|---|
| JavaScript beautifier | Use this for the first few occasions to see better results. | ✅ | ✅ | ✅ | ||
| Identifying multiple sensitive information | IPs, Private Keys, API Keys, Emails, URLs | ✅ | ✅ | ✅ | ❌ | |
| Cryptographic Functions | ✅ | ✅ | ✅ | ❌ | ❌ | |
| Endpoint extractor | ✅ | ✅ | ✅ | ❌ | ❌ | |
| Automatically detects if the code has been beautified. | ❌ | ❌ | ❌ | |||
| Extracts automatically apk of devices/emulator | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Patching apk | ✅ | |||||
| Extract an APK from a bundle file. | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Detect if JS files are encrypted | ❌ | ❌ | ||||
| Detect if the resources are compressed. | ❌ | Hermes✅ | ❌ | ❌ | XALZ✅ | |
| Detect if the app is split | ❌ | ❌ | ❌ | ❌ | ❌ |
What is patching apk: This tool uses Reflutter, a framework that assists with reverse engineering of Flutter apps using a patched version of the Flutter library.
Split APKs is a technique used by Android to reduce the size of an application and allow users to download and use only the necessary parts of the application.
Instead of downloading a complete application in a single APK file, Split APKs divide the application into several smaller APK files, each of which contains only a part of the application such as resources, code libraries, assets, and configuration files.
adb shell pm path com.package
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/base.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.arm64_v8a.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.en.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.xxhdpi.apkFor example, in Flutter if the application is a Split it’s necessary patch split_config.arm64_v8a.apk, this file contains libflutter.so
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…