Mobile App Static Analysis Tool
DarknetHacking Tools, Hacker News & Cyber Security
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
This tool will look for interesting lines in the code which can contain:
- Hardcoded credentials
- API keys
- URL’s of API’s
- Decryption keys
- Major coding mistakes
This tool was created with a big focus on usability and graphical guidance in the user interface.
Features of StaCoAn Mobile App Static Analysis Tool
The concept is that you drag and drop your mobile application file (an .apk or .ipa file) on the StaCoAn application and it will generate a visual and portable report for you. You can tweak the settings and wordlists to get a customized experience.
The reports contain a handy tree viewer so you can easily browse through your decompiled application.
It also contains the following features:
- Looting concept – Roughly equivalent to bookmarking findings of value.
- Wordlists – The application uses wordlists for finding interesting lines in the code.
- Filetypes – Any source file will be processed. This contains ‘
.java', '.js', '.html', '.xml',...files. - Responsive Design – The reports are made to fit on all screens.
Limitations wise, this tool will have trouble with obfuscated code. If you are a developer try to compile without obfuscation turned on before running this tool.
We have covered a few other static analysis tools, but none really native mobile-focused such as:
You can download StaCoAn here:
Posted in:Hacking Tools
Latest Posts:
StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
April 24, 2018 – 60 Shares
snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn’t be public and can pose a s
April 17, 2018 – 172 Shares
Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
April 7, 2018 – 210 Shares
Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
March 25, 2018 – 117 Shares
GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it’s a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
March 19, 2018 – 262 Shares
Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
March 13, 2018 – 213 Shares
5 Mobile App Marketing Tips
New mobile app can help track severity of Parkinson’s disease
From Website to Mobile App – Your Four Best Options
About Author
