Shulou(Shulou.com)05/31 Report--

This article mainly shows you what kind of tool Truegaze is. The content is simple, easy to understand and clearly organized. I hope it can help you solve your doubts. Let Xiaobian lead you to study and learn this article "Truegaze is what kind of tool".

Truegaze

Truegaze is a static analysis tool for Android and iOS apps that focuses on security issues with resources outside of the app's source code, such as strings, third-party libraries, and configuration files. Researchers can use Truegaze to conduct security detection and analysis of target mobile applications.

tool requires

The tool requires a Python 3 environment to function properly, and we can find all dependent modules directly in the requirements.txt file. The tool has only been tested in Python 3.7 so far, but theoretically it can run on all Python 3.x versions, and currently the tool does not support Python 2.x environments.

tool mounting

We can install Truegaze via pip using the following command:

pip install truegaze

truegaze

You can also download and run Truegaze manually:

git clone https://github.com/nightwatchcybersecurity/truegaze.git

cd truegaze

pip -r requirements.txt

python -m truegaze.cli

Tools use enumeration function modules:

truegaze list

Scan target applications:

truegaze scan test.apk

truegaze scan test.ipa

Scan multiple applications:

truegaze scan *.apk

truegaze scan *.ipa

Tool sample output function module enumeration:

Scan target application: user@localhost:~/$truegaze scan~/test. ipaIdentified as an iOS application via a manifest located at: Payload/www.example.com using the "AdobeMobileSdk" plugin--Found 1 configuration file (s)--Scanning "Payload/IPAPatch-Dumm myApp.app/Base.lproj/ADBMobileConfig.json'---FOUND: The [" analytics "][" ssl "] setting is missing or false-SSL is not being used---FOUND: The [" remotes "][" analytics. poi "] URL doesn't use SSL: www.example.com FOUND: The [" remotes "][" messages "] URL doesn't use SSL: www.example.com FOUND: A" templateurl "in [" messages "][" payload "] doesn't use SSL: www.example.com user={user.name}&zip={user.zip}&c16={%sdkver%}&c27=cln,{a.PrevSessionLength}---- FOUND: A "templateurl" in ["messages"]["payload"] doesn't use SSL: http://my.43434server.com/? user={user.name}&zip={user.zip}&c16={%sdkver%}&c27=cln,{a.PrevSessionLength}Done! Displays installed tool versions:

user@localhost:~/$ truegaze version

Current version: v0.2

tool framework

Truegaze is a command-line tool that consists of multiple functional modules that detect security vulnerabilities, each of which can perform separate scanning tasks, and all scanning results can be printed directly in the command-line tool.

The above is all the content of this article "Truegaze is a tool", thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.