scrounger: Mobile application testing toolkit

by do son · October 28, 2018

scrounger – a person who borrows from or lives of others.

There is no better description for this tool for two main reasons, the first is because this tool takes inspiration from many other tools that have already been published, the second reason is that it lives off mobile application‘s vulnerabilities.

Why

Even though several other mobile application analysis tools have been developed, there is no one tool that can be used for both android and ios and can be called a “standard” must use on every mobile application assessment.

The idea behind Scrounger is to make a Metasploit-like tool that will not do a pentesters work but help the pentester on his assessment by executing mundane tasks that need to be performed on all assessments.

The Difference

The main features Scrounger offers that others don’t:

Works with Android and iOS
Metasploit-like console and modules
Offers a variety of modules that can be run to give the pentester a starting point
Easily extendable

Install

git clone https://github.com/nettitude/scrounger.git
cd scrounger
pip install -r requirements.txt
python setup.py install

Use

$ scrounger --help

usage: scrounger [-h] [-m analysis/ios/module1;analysis/ios/module2]

                 [-a argument1=value1;argument1=value2;]

                 [-f /path/to/the/app.[apk|ipa]] [-d device_id] [-l] [-o]

                 [-p /path/to/full-analysis.json] [-V] [-D]



   _____

  / ____|

 | (___   ___ _ __ ___  _   _ _ __   __ _  ___ _ __

  \___ \ / __| '__/ _ \| | | | '_ \ / _` |/ _ \ '__|

  ____) | (__| | | (_) | |_| | | | | (_| |  __/ |

 |_____/ \___|_|  \___/ \__,_|_| |_|\__, |\___|_|

                                     __/ |

                                    |___/



optional arguments:

  -h, --help            show this help message and exit

  -m analysis/ios/module1;analysis/ios/module2, --modules analysis/ios/module1;analysis/ios/module2

                        modules to be run - seperated by ; - will be run in order

  -a argument1=value1;argument1=value2;, --arguments argument1=value1;argument1=value2;

                        arguments for the modules to be run

  -f /path/to/the/app.[apk|ipa], --full-analysis /path/to/the/app.[apk|ipa]

                        runs a full analysis on the application

  -d device_id, --device device_id

                        device to be used by the modules

  -l, --list            list available devices and modules

  -o, --options         prints the required options for the selected modules

  -p /path/to/full-analysis.json, --print-results /path/to/full-analysis.json

                        prints the results of a full analysis json file

  -V, --verbose         prints more information when running the modules

  -D, --debug           prints more information when running scrounger

Demo

Tutorial

Source: https://github.com/nettitude/

scrounger: Mobile application testing toolkit

Search

Brilliantly

Content & Links