Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/devkekops/checkkarlmarx
Careful tool for security checking release apk/ipa files
https://github.com/devkekops/checkkarlmarx
Last synced: 3 months ago
JSON representation
Careful tool for security checking release apk/ipa files
- Host: GitHub
- URL: https://github.com/devkekops/checkkarlmarx
- Owner: devkekops
- Created: 2021-04-22T00:07:25.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-12-16T13:23:33.000Z (almost 3 years ago)
- Last Synced: 2024-04-30T13:35:06.279Z (7 months ago)
- Language: Python
- Homepage: https://hub.docker.com/r/devkekops/checkkarlmarx
- Size: 46.9 KB
- Stars: 34
- Watchers: 1
- Forks: 4
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
CheckKarlMarx
=========================================Automated tool for security checking mobile app release binaries (apk, ipa).
CheckKarlMarx good at finding several things:
* network misconfigurations
* insecure, test and basic auth URLs
* various keys, tokens, credentials
* exported components (android)
* insecure webview settings (android)Usage
-------------Pull from docker hub and run:
```sh
$ docker pull devkekops/checkkarlmarx
$ docker run -v :/mount devkekops/checkkarlmarx /mount
```It will generate ```report.html``` in `````` folder.
Run with options:
```sh
usage: checkkarlmarx.py [-h] [--html | --sarif] [--file | --stdout] [-o [OUTPUT]] [-d [DOMAINS [DOMAINS ...]]] [-q [QATAGS [QATAGS ...]]] [-p [PACKAGES [PACKAGES ...]]] pathpositional arguments:
path path to apk/ipaoptional arguments:
-h, --help show this help message and exit
--html set report format as html
--sarif set report format as sarif
--file print report to file
--stdout print report to stdout
-o [OUTPUT], --output [OUTPUT]
report filename
-d [DOMAINS [DOMAINS ...]], --domains [DOMAINS [DOMAINS ...]]
domain list (e.g. example.com)
-q [QATAGS [QATAGS ...]], --qatags [QATAGS [QATAGS ...]]
test domain tags list
-p [PACKAGES [PACKAGES ...]], --packages [PACKAGES [PACKAGES ...]]
package names (android only, e.g. com.example)
```* report format html or sarif (html by default): --html or --sarif
* print report to file or stdout (file by default): --file or --stdout
* report filename (report.html or report.sarif by default): -o --output
* filter found URLs by domain list: -d --domains
* filter test domain URLs by tag list: -q --qatags
* filter found webview settings by package list (android only): -p --packagesExample:
```sh
$ docker run -v $(pwd):/mount devkekops/checkkarlmarx /mount --sarif --stdout -d mycompany.com -q qa test dev stage -p com.mycompany com.example
```Exit codes:
* 0 - binary have no vulnerabilities
* 1 - binary have some vulnerabilities
* 2 - something went wrongFor build from sources:
```sh
$ docker build -t my_app .
```