scrounger: Mobile application testing toolkit

scrounger – a person who borrows from or lives of others.

There is no better description for this tool for two main reasons, the first is because this tool takes inspiration from many other tools that have already been published, the second reason is that it lives off mobile application‘s vulnerabilities.


Even though several other mobile application analysis tools have been developed, there is no one tool that can be used for both android and ios and can be called a “standard” must use on every mobile application assessment.

The idea behind Scrounger is to make a Metasploit-like tool that will not do a pentesters work but help the pentester on his assessment by executing mundane tasks that need to be performed on all assessments.

The Difference

The main features Scrounger offers that others don’t:

  • Works with Android and iOS
  • Metasploit-like console and modules
  • Offers a variety of modules that can be run to give the pentester a starting point
  • Easily extendable


git clone
cd scrounger
pip install -r requirements.txt
python install


$ scrounger --help
usage: scrounger [-h] [-m analysis/ios/module1;analysis/ios/module2]
                 [-a argument1=value1;argument1=value2;]
                 [-f /path/to/the/app.[apk|ipa]] [-d device_id] [-l] [-o]
                 [-p /path/to/full-analysis.json] [-V] [-D]

  / ____|
 | (___   ___ _ __ ___  _   _ _ __   __ _  ___ _ __
  \___ \ / __| '__/ _ \| | | | '_ \ / _` |/ _ \ '__|
  ____) | (__| | | (_) | |_| | | | | (_| |  __/ |
 |_____/ \___|_|  \___/ \__,_|_| |_|\__, |\___|_|
                                     __/ |

optional arguments:
  -h, --help            show this help message and exit
  -m analysis/ios/module1;analysis/ios/module2, --modules analysis/ios/module1;analysis/ios/module2
                        modules to be run - seperated by ; - will be run in order
  -a argument1=value1;argument1=value2;, --arguments argument1=value1;argument1=value2;
                        arguments for the modules to be run
  -f /path/to/the/app.[apk|ipa], --full-analysis /path/to/the/app.[apk|ipa]
                        runs a full analysis on the application
  -d device_id, --device device_id
                        device to be used by the modules
  -l, --list            list available devices and modules
  -o, --options         prints the required options for the selected modules
  -p /path/to/full-analysis.json, --print-results /path/to/full-analysis.json
                        prints the results of a full analysis json file
  -V, --verbose         prints more information when running the modules
  -D, --debug           prints more information when running scrounger






Copyright (c) 2018, Nettitude
All rights reserved.