https://github.com/aress31/corellium-utils
A collection of utility scripts leveraging the Corellium API and designed to facilitate mobile pentesting.
https://github.com/aress31/corellium-utils
android api corellium cyber-security emulation https ios mobile network-analysis pentest pentest-tool pentesting pentesting-tool reverse-engineering screenshots security-audit ssl-pinning
Last synced: about 1 year ago
JSON representation
A collection of utility scripts leveraging the Corellium API and designed to facilitate mobile pentesting.
- Host: GitHub
- URL: https://github.com/aress31/corellium-utils
- Owner: aress31
- License: apache-2.0
- Created: 2022-10-15T01:16:10.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-10-16T11:36:27.000Z (over 3 years ago)
- Last Synced: 2025-01-27T10:43:27.509Z (about 1 year ago)
- Topics: android, api, corellium, cyber-security, emulation, https, ios, mobile, network-analysis, pentest, pentest-tool, pentesting, pentesting-tool, reverse-engineering, screenshots, security-audit, ssl-pinning
- Language: JavaScript
- Homepage:
- Size: 19.5 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# corellium-utils
[](https://www.javascript.com/)
[](https://opensource.org/licenses/Apache-2.0)
## Corellium Utility Scripts
A collection of scripts written in `JavaScript` designed to interact with the [Corellium API](https://corellium.github.io/corellium-api/) with the aim of facilitating pentesting activities.
Currently comprises of:
- `sslPinning.js`: Allows querying the current `status` of SSL pinning as well as switching SSL pinning `on`/`off`.
- `takeScreenshot.js`: Facilitates screenshot taking by directly dropping screenshots within the local `screenshots` folder.
## Installation
1. Install [Node.js](https://nodejs.org/en/).
2. Download this repository:
```bash
git clone https://github.com/aress31/corellium-utils
cd .\corellium-utils
```
3. Install the dependencies:
> [!IMPORTANT]
> The command below is to be executed in the root folder of this project.
```bash
npm install
```
4. Create an `.env` file in the root folder containing the following constants:
> [!NOTE]
> Replace the placeholder values with your values.
```
API_TOKEN="XXX"
ENDPOINT="https://app.corellium.com"
INSTANCE="XXX"
PROJECT="Default Project"
```
## Usage
- To take a screenshot:
```bash
node .\takeScreenshot.js
```
- To query the `status` of SSL pinning:
```bash
node .\sslPinning.js -c status
```
- To `enable` SSL pinning bypass:
```bash
node .\sslPinning.js -c enable
```
- To `disable` SSL pinning bypass:
```bash
node .\sslPinning.js -c disable
```
## Roadmap
- [ ] Improve the `argparsing` logic.
- [ ] Merge the scripts into a master script with more function modularity, e.g., `login`.
- [ ] Automate proxying to Burp Suite, so far it seems that the current version of the [Corellium API](https://corellium.github.io/corellium-api/) does not export any function that could enable us implementing this feature.
- [ ] Implement additional features - open to suggestions.
## Sponsor 💖
If you want to support this project and appreciate the time invested in developping, maintening and extending it; consider donating toward my next cup of coffee. ☕
It is easy, all you got to do is press the `Sponsor` button at the top of this page or alternatively [click this link](https://github.com/sponsors/aress31). 💸
## Reporting Issues
Found a bug? I would love to squash it! 🐛
Please report all issues on the GitHub [issues tracker](https://github.com/aress31/corellium-utils/issues).
## Contributing
You would like to contribute to better this project? 🤩
Please submit all `PRs` on the GitHub [pull requests tracker](https://github.com/aress31/corellium-utils/pulls).
## License
See [LICENSE](LICENSE).