Monday, December 28, 2015

Ostorlab Mobile Application Security Scanner features list (27-12-15)

4:29 AM Posted by ASM


This is a list of the features currently supported by Ostorlab MASS:

Android:

  • Detect application is compiled with debug mode enabled
  • Detect application is compiled with backup mode enabled
  • APK files list
  • List implementation of Javascript interface
  • List calls to Reflection API
  • List calls to Random API
  • List calls to Android Security API (Keystore and Keychain)
  • List calls to native methods
  • List calls to Crypto API
  • List calls to potentially dangerous Webview methods API
  • List calls to delete files API
  • List calls to IPC API
  • List calls to Logging API
  • List calls to Socket API
  • List calls to XML parsing API
  • List calls to ZIP API
  • List calls to SSL/TLS API
  • List calls to dynamic code loading API
  • List calls to command execution API
  • List WebviewClient implementation
  • List privacy related API
  • List application components (Internal packages and third party libraries)
  • Show certificate information
  • Report outdated certificate
  • List hard-coded strings, URLs and SQL queries
  • List defined classes and methods
  • List exported components (Activities, Services, Content providers, Broadcast receivers)
  • List requested permissions
  • Report unused permissions (Overprivileged)
  • List application attack surface
  • Report non-obfuscated code
  • MD5 based search to Virustotal database
  • Identify root detection methods
  • Report lack of ELF binary protections (ALSR, NX, Stack canaries, RELRO)
iOS:

  • IPA files list
  • Report if stack smashing is disabled
  • Report if ASLR is disabled
  • Report if ARC is disabled
  • List IPA symbols
  • List IPA objective C class dump
  • MD5 based search to Virustotal database
We are currently working on enhancing the stability of the scan engine, correcting bugs and implementing many new rules for the iOS applications. if you have suggestions, bugs reports, please drop us an mail or a message.

Popular Posts