Metadata-Version: 1.1
Name: trueseeing
Version: 2.0.1
Summary: Trueseeing is a fast, accurate, and resillient vulnerability scanner for Android apps.
Home-page: https://github.com/taky/trueseeing
Author: Takahiro Yoshimura
Author-email: takahiro_y@monolithworks.co.jp
License: UNKNOWN
Description: ======
        README
        ======
        
        ``trueseeing`` is a fast, accurate and resillient vulnerabilities scanner for Android apps.  It operates on Android Packaging File (APK) and outputs a comprehensive report in HTML.  It doesn't matter if the APK is obfuscated or not.
        
        Since it is an early beta stage we provide it as a service; this is the reference API client implementation.  Once it goes stable we will release it with complete implementation -- please look forward to it.
        
        Capability
        ----------
        
        Currently ``trueseeing`` can detect the following class of vulnerabilities:
        
          * Improper Platform Usage (M1)
        
            * Debuggable
            * Inadvent publishing of Activities, Services, ContentProviders, BroadcastReceivers
        
          * Insecure Data (M2)
        
            * Backupable (i.e. suspectible to the backup attack)
            * Insecure file permissions
            * Logging
        
          * Insecure Commnications (M3)
        
            * Lack of pinning (i.e. suspictible to the TLS interception attack)
            * Use of cleartext HTTP
            * Tamperable WebViews
        
          * Insufficient Cryptography (M5)
        
            * Hardcoded passphrase/secret keys
            * Vernum ciphers with static keys
            * Use of the ECB mode
        
          * Client Code Quality Issues (M7)
        
            * Reflectable WebViews (i.e. XSSs in such views should be escalatable to remote code executions via JS reflection)
            * Usage of insecure policy on mixed contents
        
          * Code Tampering (M8)
        
            * Hardcoded certificates
        
          * Reverse Engineering (M9)
        
            * Lack of obfuscation
        
        Usage
        -----
        
        The following command line is sufficient to scan a APK (target.apk)::
        
            $ trueseeing /path/to/target.apk > report.html
        
        
        
Keywords: android java security pentest hacking
Platform: UNKNOWN
Classifier: Topic :: Security
Classifier: Operating System :: Android
Classifier: Programming Language :: Java
