Skip to content
An opinionated static source code, binary, configuration, and dependency analyzer for iOS and macOS applications. Designed specifically to work locally via CLI and streamlined within your CICD pipeline.
Go
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
adapters
entities
framework
test
usecases
.fossa.yml
.gitignore
.gitmodules
.travis.yml
ITUNES_COUNTRY_CODES
LICENSE
README.md
go.mod
go.sum
help.go
main.go
main_test.go
project.code-workspace
vulnscan.png

README.md

vulnscan

Gitter chat codecov FOSSA Status Build Status golangci

v0.2.0 Released!

  • Download
  • This project is still in very early stages, it is incompelte, unstable, and under rapid development.
  • At the same time, it would be great to get feedback, feature requests, and most importantly bug reports.
  • Active tickets / improvements

⚠️ macOS 10.15 Catalina - breaking change

The new version of macOS 10.15 Catalina has dropped support for 32-bit apps and while Vulnscan is 64-bit one of it's external dependencies (class-dump-z) is 32-bit. This has created a breaking change. Working now to replace this depedency with a different 64bit port. Expecting to deliver a fixed version in the coming week or so. More details can be found in this ticket.

Overview

Vulnscan is an opinionated static source code, binary, configuration, and dependency analyzer for iOS and macOS applications.

Written in Golang with smart defaults to make it highly portable and easy to use locally as part of the local development toolchain or integrated into an automated CI/CD process with few or no configuration.

Documentation

How-to's and more information has been moved to the wiki.

Help

vulnscan -h

NAME:
   vulnscan - iOS and macOS vulnerability scanner

USAGE:
   app [global options] command [command options] [arguments...]

VERSION:
   0.2.0

AUTHOR:
   Vulnscan Team <vulnscan@simplycubed.com>

COMMANDS:
     binary, b    search binary vulnerabilities
     code, c      search code vulnerabilities
     download, d  downloads the external tools used by vulnscan to work
     files, f     lookup and clasify files
     lookup, l    store app lookup
     plist, p     plists scan
     scan, s      source directory and binary file security scan
     virus, v     performs a virus analysis using the VirusTotal API
     help, h      Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

COPYRIGHT:
   (c) 2019 SimplyCubed, LLC - Mozilla Public License 2.0

Acknowledgements

This project borrows heavily from the concepts in OWASP Mobile Security Testing Guide and MobSF. It's also based on our understanding of HashiCorp's approach to open source projects.

Contributors

A special thanks to the following members. They have made a significant contribution to the development and release of Vulnscan.

License

FOSSA Status

You can’t perform that action at this time.