0x1 Posted August 30, 2019 Share Posted August 30, 2019 This is the hidden content, please Sign In or Sign Up StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This is the hidden content, please Sign In or Sign Up This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL's of API's Decryption keys Major coding mistakes This tool was created with a big focus on usability and graphical guidance in the user interface. *: note that currently only apk files are supported, but ipa files will follow very shortly. Features The concept is that you drag and drop your mobile application file (an .apk or .ipa file) on the StaCoAn application and it will generate a visual and portable report for you. You can tweak the settings and wordlists to get a customized experience. The reports contain a handy tree viewer so you can easily browse trough your decompiled application. Spoiler Filetypes Any source file will be processed. This contains '.java', '.js', '.html', '.xml',... files. Database-files are also searched for keywords. The database also has a table viewer. This is the hidden content, please Sign In or Sign Up Responsive Design The reports are made to fit on all screens. This is the hidden content, please Sign In or Sign Up How does the tool works? This is the hidden content, please Sign In or Sign Up Limitations This tool will have trouble with obfuscated code. If you are a developer try to compile without obfuscation turned on before running this tool. If you are on the offensive side, good luck bro. Getting Started From the releases If you want to get started as soon as possible, head over to the releases page and download the executable or archive which corresponds to your operating system. If you have downloaded the release zip file, extract this. On Windows you can just double click the executable. It will open in server mode and you can just drag and drop your mobile applications in the webinterface. This is the hidden content, please Sign In or Sign Up More info & Download This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts