{"id":13438071,"url":"https://github.com/SUPERAndroidAnalyzer/super","last_synced_at":"2025-03-19T18:31:51.458Z","repository":{"id":97706709,"uuid":"58658168","full_name":"SUPERAndroidAnalyzer/super","owner":"SUPERAndroidAnalyzer","description":"Secure, Unified, Powerful and Extensible Rust Android Analyzer","archived":true,"fork":false,"pushed_at":"2020-09-17T10:07:49.000Z","size":74242,"stargazers_count":422,"open_issues_count":32,"forks_count":59,"subscribers_count":23,"default_branch":"master","last_synced_at":"2024-09-27T00:01:44.234Z","etag":null,"topics":["analyzer","android","android-analyzer","android-development","apk","linux","macos","rust","security","security-audit","security-automation","security-scanner","security-tools","super","vulnerabilities","windows"],"latest_commit_sha":null,"homepage":"https://superanalyzer.rocks/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SUPERAndroidAnalyzer.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"contributing.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2016-05-12T16:25:49.000Z","updated_at":"2024-08-25T09:25:20.000Z","dependencies_parsed_at":"2023-04-28T16:30:57.996Z","dependency_job_id":null,"html_url":"https://github.com/SUPERAndroidAnalyzer/super","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SUPERAndroidAnalyzer%2Fsuper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SUPERAndroidAnalyzer%2Fsuper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SUPERAndroidAnalyzer%2Fsuper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SUPERAndroidAnalyzer%2Fsuper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SUPERAndroidAnalyzer","download_url":"https://codeload.github.com/SUPERAndroidAnalyzer/super/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221729798,"owners_count":16871106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analyzer","android","android-analyzer","android-development","apk","linux","macos","rust","security","security-audit","security-automation","security-scanner","security-tools","super","vulnerabilities","windows"],"created_at":"2024-07-31T03:01:02.678Z","updated_at":"2025-03-19T18:31:51.452Z","avatar_url":"https://github.com/SUPERAndroidAnalyzer.png","language":"Rust","readme":"# SUPER Android Analyzer #\n\n[![Build Status][linux_mac_build_img]][linux_mac_build]\n[![codecov][coverage_img]][coverage]\n\n\u003cimg src=\"templates/super/img/logo.svg\" alt=\"SUPER Android Analyzer logo\" title=\"SUPER Android Analyzer\" width=\"150\"\u003e\n\n*Secure, Unified, Powerful and Extensible Rust Android Analyzer*\n\nSUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes\n*.apk* files in search for vulnerabilities. It does this by decompressing APKs and applying a series\nof rules to detect those vulnerabilities.\n\nBut, why create a new analyzer? Is it not enough with MobSF, Qark, Androbugs…? Well, we think it's\nnot enough. All of them have two main issues we wanted to fix: They are written in Java or Python\nand they are not easily extensible. They are not meant to be used by businesses directly working in\nAndroid analysis, and don't put that kind of functionality first.\n\nOur approach solves those issues in different ways: We first decided to use **Rust** as our\nprogramming language. The language developed openly by Mozilla Foundation gives us lots of\nutilities to work with regular expressions, files etc. and, most importantly, it enables us to\ncreate a secure software that does not depend in *JVM* or *JIT* compilers. With Rust, stack\noverflows, segmentation faults etc. are directly not possible, which makes sense in a security\ncentered application. And it also gives us enough power to do efficient analysis, giving us the\noption to automate it in high volume. This is given by Rust zero-cost abstractions, that gives us\nan efficiency only comparable to C/C++.\n\nAnd secondly, we decided to make the software 100% extensible: All rules are centered in a\n`rules.json` file, and each company or tester could create its own rules to analyze what they need.\nIt's also modular, so that new developments can easily add new functionality. Finally, a templating\nsystem for results reports gives users the ability to personalize the report.\n\nIt also gives great code review tools, directly in the HTML report, so that anyone can search\nthrough the generated code with syntax highlighting for even better vulnerability analysis.\n\n## Installation ##\n\nWe have released some binaries in the [download page][downloads] for Windows (8.1+), Linux, and\nMacOS X. We only have 64-bit packages for now. If you need to use SUPER in a 32-bit system, you\nwill need to [compile SUPER from source][compile]. For that, you will need to install **Rust** with\n[rustup.rs][rustup].\n\n*Note: It requires Java 1.7+ to run.*\n\n## Usage ##\n\nSUPER is very easy to use. Just download the desired *.apk* into the *downloads* folder (create\nthat folder if necessary) and use the name as an argument when running the program. After the\nexecution, a detailed report will appear in the *results* folder with that application name. There\nare a few usage options available:\n\n```\nUSAGE:\n    super [FLAGS] [OPTIONS] \u003cpackage\u003e\n\nFLAGS:\n        --bench       Show benchmarks for the analysis\n        --force       If you'd like to force the auditor to do everything from the beginning\n    -h, --help        Prints help information\n        --html        Generates the reults in HTML format\n        --json        Generates the reults in JSON format\n        --open        Open the report in a browser once it is complete\n    -q, --quiet       If you'd like a zen auditor that won't output anything in stdout\n    -a, --test-all    Test all .apk files in the downloads directory\n    -V, --version     Prints version information\n    -v, --verbose     If you'd like the auditor to talk more than necessary\n\nOPTIONS:\n        --dex2jar \u003cdex2jar\u003e                    Where to store the jar files\n        --dist \u003cdist\u003e                          Folder where distribution files will be extracted\n        --downloads \u003cdownloads\u003e                Folder where the downloads are stored\n        --jd-cmd \u003cjd-cmd\u003e                      Path to the jd-cmd file\n        --min-criticality \u003cmin_criticality\u003e    Set a minimum criticality to analyze (Critical, High, Medium, Low)\n        --results \u003cresults\u003e                    Folder where to store the results\n        --rules \u003crules\u003e                        Path to a JSON rules file\n        --template \u003ctemplate\u003e                  Path to a results template file\n    -t, --threads \u003cthreads\u003e                    Number of threads to use, by default it will use one thread per logical CPU core\n\nARGS:\n    \u003cpackage\u003e    The package string of the application to test\n```\n\n## Contributing ##\n\nEverybody is welcome to contribute to SUPER. Please check out the\n[SUPER Contribution Guidelines][contributing] for instructions about how to proceed.\n\n[Development documentation][documentation]\n\n## License ##\n\nThis program is free software: you can redistribute it and/or modify it under the terms of the GNU\nGeneral Public License as published by the Free Software Foundation, either version 3 of the\nLicense, or (at your option) any later version.\n\n[linux_mac_build_img]: https://travis-ci.org/SUPERAndroidAnalyzer/super.svg?branch=master\n[linux_mac_build]: https://travis-ci.org/SUPERAndroidAnalyzer/super\n[coverage_img]: https://codecov.io/gh/SUPERAndroidAnalyzer/super/branch/master/graph/badge.svg\n[coverage]: https://codecov.io/gh/SUPERAndroidAnalyzer/super\n[compile]: https://superanalyzer.rocks/download.html#compile-from-source\n[downloads]: https://superanalyzer.rocks/download.html\n[rustup]: https://www.rustup.rs/\n[contributing]: https://github.com/SUPERAndroidAnalyzer/super/blob/master/contributing.md\n[documentation]: https://superandroidanalyzer.github.io/super/\n","funding_links":[],"categories":["Android Security","Rust","Rust (42)","android","Tools","Awesome Mobile Application Penetration Testing  ![awesome](https://awesome.re/badge.svg)"],"sub_categories":["Static Analysis Tools","Android Application Penetration Testing"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSUPERAndroidAnalyzer%2Fsuper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSUPERAndroidAnalyzer%2Fsuper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSUPERAndroidAnalyzer%2Fsuper/lists"}