React Native Vulnerability Scanner 🔍

A Python tool to scan React Native APKs for vulnerable npm dependencies by analyzing modules.json.
It extracts the list of JavaScript packages used in the app and checks for known vulnerabilities using Snyk's vulnerability database.

🛠️ Prerequisites

Before running this script, decompile the APK using apktool to locate modules.json.

Decompile the APK

apktool d myapp.apk -o myapp_decompiled

Locate modules.json

myapp_decompiled/
│── base/
│   ├── assets/
│   │   ├── modules.json   # ← This is the file you need!

Once found, you can use this script to check for vulnerabilities.

🚀 Features

• ✅ Scans npm dependencies in React Native APKs 🔍
• ✅ Multi-threaded scanning for faster results ⚡
• ✅ Loading animation while scanning 🔄
• ✅ Colored terminal output for better visibility 🎨
• ✅ Optional file output (-o) to save vulnerabilities 📄
• ✅ Auto-detects missing JSON file and provides help messages ❓
• ✅ Prints "No vulnerabilities found! 🎉" if none are detected ✅

🛠️ Installation & Setup

Step 1: Clone the Repository

git clone https://github.com/BhattJayD/react-native-vulnerability-scanner.git
cd react-native-vulnerability-scanner

Step 2: Create a Virtual Environment

python3 -m venv venv
source venv/bin/activate  # On Windows use: venv\Scripts\activate

Step 3: Install Dependencies

pip install -r requirements.txt

🔧 Usage

python RNScanner py
usage: RNScanner.py [-h] [-f FILE] [-o]

Check vulnerabilities in npm packages.

options:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  Path to module.json file (default: modules.json)
  -o, --output          Save results to a file (default: False)

Scan for vulnerabilities in modules.json

python app.py -f myapp_decompiled/base/assets/modules.json

Save the results to a file

python app.py -f myapp_decompiled/base/assets/modules.json -o

📜 Example Output

If vulnerabilities are found

python3 app.py -f modules.json -o
Checking vulnerabilities [\]
react-native : 0.76.7
promise : 8.3.0

Results saved to vulnerable_packages.txt
Done!

If no vulnerabilities are found

No vulnerabilities found! 🎉
✅ Done!

(⚡ No empty file is saved.)

🤝 Contributing

🚀 Contributions are welcome! Feel free to fork the repository, create a branch, make improvements, and submit a pull request.

Steps to Contribute

• Fork the Repository
• Clone Your Fork
• Create a New Branch
• Make Your Changes & Commit
• Push to Your Fork
• Submit a Pull Request (PR)

📜 License

This project is licensed under the MIT License. You are free to use, modify, and distribute it with proper attribution.

🔗 Author

Jay Bhatt

• GitHub: BhattJayD
• Twitter: @ogSplitUnknown
• Youtube: https://www.youtube.com/@SplitUnknown
• Medium: https://splitunknown.medium.com

⭐ Support & Feedback

If you like this project, consider starring 🌟 the repository! For suggestions, issues, or feature requests, open an issue in this repo.