MobileAudit

Overview

Mobile Audit is a powerful tool designed for performing static analysis of Android APKs, helping developers and security professionals detect malicious content and vulnerabilities in their applications. Built as a Django web application, it provides an intuitive dashboard for examining app metadata and scanning source code for weaknesses. With features that aggregate results, including SAST findings and malware checks, Mobile Audit promises to streamline the process of ensuring Android app security.

This tool is particularly noteworthy for its rich integration capabilities and user-friendly interface, making it accessible for those looking to enhance their app's security posture. Whether you're a developer looking to ensure best practices or a security expert seeking detailed insights into app vulnerabilities, Mobile Audit is equipped with everything you need to keep your Android applications safe.

Features

• Comprehensive APK Analysis: Extracts detailed application information, including security insights, components, certificate info, and more.
• SAST Findings Categorization: Scans and categorizes security findings based on CWE and Mobile Top 10 mappings for easier understanding of risks.
• Malware Detection: Checks apps against MalwareDB and Maltrail to identify known threats and vulnerabilities.
• VirusTotal Integration: Optional integration for API v3 lookups and uploads to check against a comprehensive malware database.
• DefectDojo Support: Provides optional API v2 integration for exporting findings, aiding in vulnerability management.
• User-Friendly API: Comes with Swagger and ReDoc documentation, plus token-based authentication for secure access to functionalities.
• PDF Report Generation: Users can easily export scan reports to PDF for documentation and sharing purposes.
• Dynamic Page Improvements: The app includes features under development for enhanced user experience through dynamic page reloads, making interactions smoother.