Thursday, 15 February 2018



Mobile Application and Reverse Engineering and Analysis Framework and it’s a tool that contains some major reverse engineering and analysis tools for Mobile Application testing and using this framework we can decompile a particular APK file and analyze the major issues in OWASP Mobile Top and this tool is been mainly used by the Penetration testers, security researchers, and application developers.
We can also use the various features of the APK file like
  • APK Reverse Engineering
  • APK DE obfuscation
  • APK Analysis
  • APK Manifest Analysis
  • Domain Analysis
  • Security Analysis etc.


  • Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
  • Disassembling Dalvik bytecode to java bytecode via enjarify
  • Decompiling APK to Java source code via jadxgui


We can extract the APK and analyze the code using Jadx-gui and it shows the codes that has been available for a selected APK File


  • Parsing smali files for analysis via smalisca
  • Dump all assets, libraries and resources
  • Extracting certificate data via openssl
  • Identify methods and classes via classyshark
  • It Extracts the Manifest File in XML format
  • Scan for apk vulnerabilities via androbug framework
  • Analyse the APK for Potential malicious behavior like androwarn


  • It Extracts the Intent and exported activities
  • It Extracts the Manifest Files and services
  • Extract exported services
  • Checks if the APK is debuggable
  • Checks if the APK allows Databackup
  • Check if the APK receives any binary SMS


Domain analysis is been fetched from the WhatsWeb and the security analysis is checked from the OWASP mobile TOP 10 Checklist


I have downloaded the MARA Framework from Github and listed the option in the framework
We need to launch MARA framework by using the command ./


Here In the particular folder of MARA Framework you can see the option by the command of ./
And I have downloaded a vulnerable app and configured in the Mara framework


And after the analysis of the APK it gets saved in the particular folder as given in the below screenshot
Particular Folder that has been saved on the PC is by the below screenshot
Here the decompiled files get saved on the MARA-Framework folders and by viewing this files you can check for the required issues by the vulnerable APK-file.


A multiple set of test tools will be necessary for a more thorough and comprehensive testing process .I have given an overview of the MARA Framework setup process and how it can expedite your android app reverse engineering and static analysis process.
BriskInfosec holds utmost experience in Mobile App Penetration Test to identify potential vulnerabilities and insure coding practises in android application
To know more get in touch with us


Security Researcher
BriskInfoSec Technology and Consulting PVT LTD

Wednesday, 7 February 2018

LYNIS- Open-Source Linux System Auditing Tool


Lynis is a system based auditing and open source tool. It supports with the auditing systems which is running UNIX-systems and providing controls for system hardening and comliance based testing.
By running ‘lynis’ the program is begun and will give the essential parameters accessible. If you are using it for first time Lynis (or utilized Git), at that point utilize “./lynis” to begin the program from the local directory.
The most common command to begin Lynis is utilizing review framework order. This still begin the security scan.
To run Lynis you should meet one essential: have compose access to/tmp (temporary documents).


Installing Lynis via a package manager is one option to get started with Lynis. For most operating systems and distributions, a port or package is available.
First add our software repository. This way the latest version will be available to your system.


This applies to systems running YUM, including CentOS, Fedora, Red Hat Enterprise Linux (RHEL).
$ yum install lynis


Systems running Debian, Linux Mint, Ubuntu, or are based on one of these.
$ apt-get install lynis


$ zypper install lynis
After the installation, it is time to run Lynis for the first time.


Clone project
The first step is cloning the project. Before doing so, select the parent directory. Git will create a ‘lynis’ subdirectory with the full program in it.
$ cd /Desktop

$ git clone
Cloning into ‘lynis’…
remote: Counting objects: 1733, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 1733 (delta 3), reused 0 (delta 0), pack-reused 1725
Receiving objects: 100% (1733/1733), 886.18 KiB | 378.00 KiB/s, done.
Resolving deltas: 100% (1204/1204), done.
Checking connectivity... done.
$ cd lynis
That is it. Time to run your first security audit:
$ lynis audit system
Although no configuration is required, there are a few useful commands to learn.


The Lynis tool requires a minimum amount of parameters to run. If you are using it for the first time, just run lynis and see what output it provides.


The audit command tells Lynis to perform an audit.
Targets include:
  • system - audit the host system
  • docker file - audit a docker file


The show command informs Lynis to share information, like help or the value of something.
  • help – show help and tips
  • profiles – show discovered audit profiles
  • settings – show active settings
  • version – show Lynis version
  • Here you can see the commands which are all given in the Lynis auditing tool,There are more options which are given below, some of them are layout options, misc options and Enterprise options too.
  • Lynis scans the system and performs the tests, results should be displayed on the screen. The log files should be displayed on the screen during the system scan. To check that log database to saved here var/log/lynis.log. The log file should store once the backup before the process of running Lynis again and again. During the audit process, Lynis will gather some findings and data points should use where we can find that storage process using varlog/lynis-report.dat.Benefits:
    • Perform audits within a few minutes
    • System hardening can be done
    • Central management
    • Powerful reporting
    • Compliance checks (e.g. PCI DSS)
    • Additional plugins and more tests
    Comparison between Lynis and other tools:
    Hardening process are easily exposed when compared to other auditing tools such as Bastille, TOD (Touch of Death). It conserves time when compared to other auditing tools.
    It helps to track your compliance needs, IT audits, better security defences.
    Operating system Finding:
    It detects the operating system name, operating system version, host name and hardware platform for the Lynis tool.
    Lynis runs almost all UNIX-based systems and versions including,
  • FreeBSD
  • Linux
  • macOS, Solaris etc…
  • It even runs on the storage devices like Raspberry Pi, or QNAP
  • System Tools:It find out the Binaries, scanning the tools which are all currently updated or not and used some plugins also in this system tools.
  • Boot configuration:In this boot configuration level issues to be find whether the password is encrypted, booting method like legacy boot or UEFI boot method, Grub checking possibilities, and how many services are running in the system, to check the start-up files also.
Security need to be reliable. Lynis can remind us to stay consistent. Lynis will scan your system and warn you for any security holes. This blogs gives an idea about Lynis server hardening tool to harden server and also discussed about where the exact location of hardening. BriskInfosec offers end to end server hardening solutions where ever the industry requires to know more get in touch with us.


Security Engineer
BriskInfosec Technology and consulting PVT LTD
Find me @