Find out what the mobile application was developed with.
- Step 1 - Download APK
- Step 2 - Decode APK
- Step 3 - Scan decoded APK
Try to update frameworks following State of JS Mobile
- Android APK scan
- iOS App scan
- Bulk Scan
- Build an intuitive web app
- Scan vulnerabilities
- Scan sensitive data
- Scan security fails
If you're on MacOS you can run this command yarn run install:macos
- Install firstly gplaydl and login with your Play Store account
- Install Apktool
- Install node_modules with
yarn
yarn start
or you can start with following arguments:
yarn start --apkID com.facebook.katana
yarn start --scanListFile ./myAPKsList.txt
| parameters | description | required | default value |
|---|---|---|---|
| apkID | Android APK Play Store ID | false | |
| scanListFile | File containing a list of APK IDs | false |
Example a React Native Android decompiled app always contains an assets/index.android.bundle file.
We've indentified typical framework architectures. Take a look here for more details. Open to new frameworks suggestions.
Check an example on a command that we run to check react native occurances in app files.
grep -iR "react_native\|react-native\|reactnative" ${apkDecodedPath} | wc -w