v1.2: Report Export, MASVS Severity Scoring, Runtime Checks

What's New

JSON/HTML Report Export

• New ReportCollector class accumulates findings throughout the session
• Export to self-contained HTML with severity badges, MASVS references, device info, and findings table
• Export to structured JSON with all metadata
• Menu option [r] Export Report or CLI --report json|html --output report.html

OWASP MASVS v2.0 Severity Scoring

• All 19 security checks mapped to MASVS categories (STORAGE, NETWORK, PLATFORM, RESILIENCE, CODE)
• Each finding tagged with CWE ID and severity level (CRITICAL/HIGH/MEDIUM/LOW)
• Color-coded severity tags in terminal output: [CRITICAL] Debuggable (MASVS-RESILIENCE-1 | CWE-489)
• Risk summary at end of scan: CRITICAL: 2 | HIGH: 3 | MEDIUM: 4 | LOW: 2

Runtime Security Checks (Menu Option 12)

• Data at Rest (Post-Launch): launches app, scans SharedPrefs/databases for runtime secrets
• File Permissions: detects world-readable files in app data directory
• Exported Component Probing: dynamically launches exported activities to test for auth bypass
• Clipboard Leakage: monitors clipboard after app launch
• Logcat Secret Scanning: captures logcat with PID filter, scans for secrets/PII
• WebView Cache: checks for cached web data
• All ADB-based — no Frida required

Bug Fixes

• Quoted all file paths with spaces in ADB commands
• SQL table names double-quoted to prevent injection
• Logcat capture uses PID filter (reduces false positives from other apps)
• Clipboard clearing uses proper service call (was using non-existent broadcast)
• HTML report escapes None values safely
• Force-stops app after runtime security checks
• Enabled --help CLI flag
• Fixed stale report timestamp (now reflects export time)
• Findings cleared when switching target apps
• Fixed MASVS sub-controls (MASVS-RESILIENCE-3 → RESILIENCE-2, MASVS-PLATFORM-3 → CODE-1)

v1.1.0 — Universal Bypass + Hardened Frida Script

What's New in v1.1.0

🧬 Universal Bypass Script (frida_scripts/universal_bypass.js)

A single all-in-one Frida script that bypasses SSL pinning, root detection, and runtime tampering simultaneously — more comprehensive than any individual CodeShare script.

frida -U -f <package> -l frida_scripts/universal_bypass.js

Layer	What It Bypasses
SSL Pinning	TrustManager, TrustManagerFactory, HostnameVerifier, OkHttp3 CertificatePinner (+ proguarded), Conscrypt, TrustKit, WebView SSL, Flutter BoringSSL, Apache HTTP
Root Detection	File.exists (30+ paths), PackageManager (20+ root packages), Runtime.exec, ProcessBuilder, Build.TAGS, SystemProperties, RootBeer library, native fopen/access/stat/lstat
Runtime Tampering	Anti-Frida (port 27042, /proc/maps, native strstr), anti-debug (ptrace, TracerPid spoofing), System.exit blocking, emulator detection, Xposed detection, process kill prevention

🔧 Hardened Hooks (v1.1.0 fix)

• Removed dangerous String.contains hook — replaced with targeted native strstr on libc
• BufferedReader.readLine now targeted — only filters lines matching /proc/maps patterns
• Added OkHttp proguarded variant (check$okhttp) + class scanner
• Added native stat/lstat hooks for root path detection
• Added TracerPid spoofing via native open/read hooks
• Unique class names (_uid = Date.now()) prevent collision on script reload

📄 README Redesign

• Terminal demo mockups — see the tool in action without running it
• Collapsible detail sections for cleaner presentation
• Star call-to-action with star-history chart

---

Full Feature Set

• 11 integrated tools — static analysis, dynamic analysis, Frida instrumentation, binary patching
• 19-check security scan — covers everything MobSF flags
• 38 Frida CodeShare scripts — SSL bypass, root hiding, biometric bypass, crypto/storage monitoring, tracing
• Binary patching — Frida Gadget injection + LSPatch (Xposed) embedding
• Storage audit — SharedPrefs, SQLite, Realm DB with ~40 secret detection regex patterns
• Framework-aware — auto-detects Flutter, React Native, Kotlin, Java
• Zero dependencies — pure Python stdlib

---

⭐ If this tool saved you time, star the repo — it helps other security researchers discover it!

v1.0.0 — APK Analyzer

APK Analyzer v1.0.0

All-in-one Android security analysis toolkit for penetration testers and security researchers.

Highlights

• 11 integrated tools — static analysis, dynamic analysis, Frida instrumentation, binary patching
• 19-check security scan — debuggable, allowBackup, exported components, permissions, cleartext traffic, data leakage, deeplinks, WebView, PendingIntent, broadcast security, FLAG_SECURE, clipboard exposure, debug logging, keyboard cache, task hijacking, tapjacking, APK signing scheme
• 38 Frida CodeShare scripts — SSL bypass, root hiding, biometric bypass, crypto/storage monitoring, tracing
• Binary patching — Frida Gadget injection + LSPatch (Xposed) embedding
• Storage audit — SharedPrefs, SQLite, Realm DB analysis with secret & PII detection (~40 regex patterns)
• Framework-aware scanning — auto-detects Flutter, React Native, Kotlin, Java and adjusts keyword groups
• Zero dependencies — pure Python stdlib, no pip install needed

Requirements

• Python 3.6+
• ADB + rooted Android device
• apktool for decompilation
• Optional: frida, apksigner

Usage

python3 apkanalyzer.py

---

If this tool helped you, please consider giving it a ⭐!