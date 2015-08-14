

MARA is a mobile application reverse engineering and analysis framework. It is a collection of commonly used mobile application reverse engineering and analysis tools integrated together to assist in testing mobile applications against the OWASP mobile security threats. Its primary objective is to make this task easier and friendlier to mobile application developers and security professionals.

MARA is developed and maintained by @xtian_kisutsa and @iamckn .





Features:

APK Reverse Engineering

Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool .

Disassembling Dalvik bytecode to java bytecode via enjarify .

Decompiling APK to Java source code via jadx .

APK Deobfuscation

APK deobfuscation via [ apk-deguard.com ].

APK Analysis

Parsing smali files for analysis via smalisca .

Dump apk assets,libraries and resources.



Extracting certificate data via openssl .

Extract strings and app permissions via aapt.



Identify methods and classes via ClassyShark .

Scan for apk vulnerabilities via androbugs .

Analyze apk for potential malicious behaviour via androwarn .

Identify compilers, packers and obfuscators via APKiD .

Extract execution paths, IP addresses, URL, URI, emails via regex.

APK Manifest Analysis

Extract Intents.



Extract exported activities.



Extract receivers.



Extract exported receivers.



Extract Services.



Extract exported services.



Check if apk is debuggable.



Check if apk allows backups.



Check if apk allows sending of secret codes.



Check if apk can receive binary SMS.

Domain Analysis

Domain SSL scan via pyssltest and testssl

Website fingerprinting via whatweb

Security Analysis

Source code static analysis based on OWASP Top Mobile Top 10 and the OWASP Mobile Apps Checklist

MARA is capable of performing either single or mass analysis of apk, dex or jar files.

Installing MARA on Linux/Nethunter

Download MARA:

git clone --recursive https://github.com/xtiankisutsa/MARA_Framework

Installing Dependencies:

MARA ships with a script that assists in downloading and installing the dependencies for each of the tools and components it ships with. Simply run the setup.sh script with sudo privileges and it will install them. If you are using a Mac, simply run the setup_mac.sh script instead.



Watch the MARA install guide video:



Updating MARA:

In order to make updating MARA easier, it now ships with an update script that once executed, will pull the most recent version from github and replace the files the ones stored locally. The script will not interfere with the data folder where the analysis files reside. Simply execute ./update.sh and you are good to go. The update script will also run the new setup file that's been downloaded to ensure that the dependencies for the new tools are met.

After meeting all the requirements. If you run ./mara.sh --help you should see the MARA help menu as shown below.

All the analysis data and file conversions are stored in the data folder i.e.. All the tools included in the Framework can be used standalone, they are all available in the tools folder i.e.