Android Penetration Tools Walkthrough Series: Androguard

Today, much of our personal and financial information is tied to mobile and web apps. Penetration testing is an ever-growing enterprise in the tech space, as security is becoming more important than ever before. The ability to study a piece of software for liabilities is the goal of reverse software engineering.

In this article, we will guide you step-by-step through the process of using one of the most relevant new programs in the industry: Androguard.

Androguard is a Python-based tool used for reverse engineering Android apps. This entails taking the raw Android Package (.apk) files of the app and breaking them down to analyze. From there, penetration testing for malware and vulnerabilities can be done. Androguard is supported by Linux, Windows, and OSX as long as Python is installed on the system. Note that running Androguard on Windows deals with a great many dependencies, and for simplicity sake, we recommend you use a Virtual Machine to run Linux for the use of this tool.

This instrument is used through the command prompt terminal. Once you download and install Androguard, you can easily input different commands that will provide specific information about the app – such as permissions, associated files, and the code itself.

You can run Linux inside Windows by using a virtual machine like the free VMware Workstation 14 Player, which you can find here. Download the installer, run it, and follow the instructions. Create a new instance with Ubuntu Linux as the operating system which is already in the setup options. You will then be able to use the command line terminal from Linux.



1. Install Python 3 on your system.

Linux

Check to see if Python 3 is already installed by running the following command:

$ python3 –version

If the latest version is not already installed, (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by InfoSec Resources. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/BoHIspeFk0g/