Is a tool that automates the process of identifying the framework/technology used to create a mobile application.
Additionally, it assists in finding sensitive information or provides suggestions for working with the identified platform.
The tool searches for files associated with the technologies used in mobile application development, such as configuration files, resource files, and source code files.
Search files:
index.html
cordova.js
cordova_plugins.jsSearch file
Andorid files:
libreactnativejni.so
index.android.bundle
iOS files:
main.jsbundle❗A minimum of Java 8 is required to run Apktool.
pip install -r requirements.txt
python3 mhf.py app.apk|ipa|aab
python3 mobile_helper_framework.py file.apk
[+] App was written in React Native
Do you want analizy the application (y/n) y
Output directory already exists. Skipping decompilation.
Beauty the react code? (y/n) n
Search any info? (y/n) y
==>>Searching possible internal IPs in the file
results.........
==>>Searching possible emails in the file
results.........
==>>Searching possible interesting words in the file
results.........
==>>Searching Private Keys in the file
results.........
==>>Searching high confidential secrets
results.........
==>>Searching possible sensitive URLs in js files
results.........
==>>Searching possible endpoints in js files results.........This tool uses Apktool for decompilation of Android applications.
This tool renames the .ipa file of iOS applications to .zip and extracts the contents.
| Feature | Note | Cordova | React Native | Native JavaScript | Flutter | Xamarin |
|---|---|---|---|---|---|---|
| JavaScript beautifier | Use this for the first few occasions to see better results. | ✅ | ✅ | ✅ | ||
| Identifying multiple sensitive information | IPs, Private Keys, API Keys, Emails, URLs | ✅ | ✅ | ✅ | ❌ | |
| Cryptographic Functions | ✅ | ✅ | ✅ | ❌ | ❌ | |
| Endpoint extractor | ✅ | ✅ | ✅ | ❌ | ❌ | |
| Automatically detects if the code has been beautified. | ❌ | ❌ | ❌ | |||
| Extracts automatically apk of devices/emulator | ❌ | ❌ | ❌ | ❌ | ❌ | |
| Patching apk | ✅ | |||||
| Extract an APK from a bundle file. | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Detect if JS files are encrypted | ❌ | ❌ | ||||
| Detect if the resources are compressed. | ❌ | Hermes✅ | ❌ | ❌ | XALZ✅ | |
| Detect if the app is split | ❌ | ❌ | ❌ | ❌ | ❌ |
What is patching apk: This tool uses Reflutter, a framework that assists with reverse engineering of Flutter apps using a patched version of the Flutter library.
Split APKs is a technique used by Android to reduce the size of an application and allow users to download and use only the necessary parts of the application.
Instead of downloading a complete application in a single APK file, Split APKs divide the application into several smaller APK files, each of which contains only a part of the application such as resources, code libraries, assets, and configuration files.
adb shell pm path com.package
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/base.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.arm64_v8a.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.en.apk
package:/data/app/com.package-NW8ZbgI5VPzvSZ1NgMa4CQ==/split_config.xxhdpi.apkFor example, in Flutter if the application is a Split it’s necessary patch split_config.arm64_v8a.apk, this file contains libflutter.so
AutoExif is a powerful Bash script designed to streamline the process of editing image metadata…
SimpleImager V4.3, your go-to tool for streamlined system imaging and data acquisition. Designed to simplify…
MetaOSINT enables open source intelligence ("OSINT") practitioners to jumpstart their investigations by quickly identifying relevant,…
ThreatPinch Lookup creates informational tooltips when hovering oven an item of interest on any website.…
Myself and any other potential contributors to this website are NOT in any way affiliated…
The Mobile Evidence Acquisition Toolkit designed by BlackStone Discovery. Developed to enhance digital forensics, this…