MARA is a Mobile Application
Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats. http://www.shadowinfosec.io Its objective is to make this task easier and friendlier to mobile application developers and security professionals.
Features supported
APK Reverse Engineering
- Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
- Disassembling Dalvik bytecode to java bytecode via enjarify
- Decompiling APK to Java source code via jadx
APK Deobfuscation
- APK deobfuscation via [apk-deguard.com] (http://www.apk-deguard.com/)
APK Analysis
- Parsing smali files for analysis via smalisca
- Dump apk assets,libraries and resources
- Extracting certificate data via openssl
- Extract strings and app permissions via aapt
- Identify methods and classes via ClassyShark
- Scan for apk vulnerabilities via androbugs
- Analyze apk for potential malicious behaviour via androwarn
- Identify compilers, packers and obfuscators via APKiD
- Extract execution paths, IP addresses, URL, URI, emails via regex
APK Manifest Analysis
- Extract Intents
- Extract exported activities
- Extract receivers
- Extract exported receivers
- Extract Services
- Extract exported services
- Check if apk is debuggable
- Check if apk allows backups
- Check if apk allows sending of secret codes
- Check if apk can receive binary SMS
Domain Analysis
Videos Demo And Using
0 on: "MARA-Framework on Kali Linux for Mobile Penetration Testing "