Location>code7788 >text

Recommend a Python open source mobile application security testing and analyzing tools!!!!

Popularity:534 ℃/2024-08-15 09:48:54

Today to recommend a security testing-related open source projects:nccgroup/house

1. Introduction

It is developed by NCC Group, a dynamic runtime mobile application analysis toolkit written in Frida and Python that provides a Frida-based Web GUI interface designed to simplify the process of hooking dynamic functions and allow researchers to more easily assess the security of Android applications. Thanks to the Frida integration, code injection functionality is provided, allowing real-time modification of running application behavior.

Project Address:

/nccgroup/house

2. Main features

  • Intuitive and easy to use: Through the web interface, users can initiate complex dynamic analysis without deep knowledge of Frida syntax.
  • Flexibility: support for hooking dynamically loaded Dex/Jar files, adaptable.
  • Extensibility: A range of built-in scripts and templates are provided so that users can customize their analysis tasks as needed.
  • Debug Friendly: Built-in REPL (Read-Evaluate-Print Loop) environment for users to explore and debug function behavior.

3、Application Scenario

  • Mobile application penetration testing: detecting potential vulnerabilities such as privacy breaches, insecure network communications, etc.
  • Application Behavior Analysis: Monitor file operations, data sharing and other sensitive activities.
  • Education and research: helping students and researchers better understand how mobile applications work.

4. Project Installation

Cloning the House repository: first, you need to clone the House project from GitHub to your local machine and install the relevant dependencies.

git clone /nccgroup/house
cd house
pip3 install -r 
pip3 install pipenv
pipenv --python=/usr/bin/python3 install
pipenv --python=/usr/bin/python3 shell
python3  <PORT>

# or:
mkvirtualenv --python=/usr/local/bin/python3 house
workon house
pip install -r 
python  <PORT>

# or: (only for Mac OS)
git clone /nccgroup/house
cd house
pip3 install -r 
pip3 install pipenv
pipenv --python=/usr/local/bin/python3 install
pipenv --python=/usr/local/bin/python3 shell
python3  <PORT>

5. Usage

1、Start House: Start the back-end services of House, which can be executed through the command linepython to start House. once started, the Web GUI interface can be used by accessing the specified address and port through a browser. usually http://localhost:8000.

2, select the target application: in the Web GUI interface to select the target application to be analyzed, you can upload the installation package of the application or specify the package name of the application. (You can also use the test_apk that comes with the project to taste it)

3, select the analysis module: according to the analysis needs to select the required analysis module, you can choose the built-in module or custom module.

4. Execute the analysis task: Click the Start Analysis button, House will start Frida to perform dynamic analysis and display the analysis results on the Web GUI in real time.

5、View the analysis results: After the analysis is completed, you can view the analysis results on the Web GUI, including the application's runtime behavior, API calls and so on.

6. Summary

In summary.nccgroup/houseis a powerful and flexible tool for dynamic analysis of mobile applications for a variety of scenarios, including penetration testing, behavioral analysis, and academic research. Through the combination of Frida and Python, it provides an efficient and user-friendly analysis platform. Easy to install and configure, and rich in features and extensibility, it enables researchers and developers to effectively explore and assess the security of mobile applications.