___ ___
/ | \ ____ __ __ ______ ____
/ ~ \/ _ \| | \/ ___// __ \
\ Y ( <_> ) | /\___ \ ___/
\___|_ / \____/|____//____ >\___ >
\/ House \/ \/
Dynamic Mobile Analysis Tool
Contact: [email protected]
House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python. It is designed for helping assess mobile applications by implementing dynamic function hooking and intercepting and intended to make Frida script writing as simple as possible.
git clone https://github.com/nccgroup/house
cd house
pip3 install -r requirements.txt
pip3 install pipenv
pipenv --python=/usr/bin/python3 install
pipenv --python=/usr/bin/python3 shell
python3 app.py <PORT>
# or:
mkvirtualenv --python=/usr/local/bin/python3 house
workon house
pip install -r requirements.txt
python app.py <PORT>
# or: (only for Mac OS)
git clone https://github.com/nccgroup/house
cd house
pip3 install -r requirements.txt
pip3 install pipenv
pipenv --python=/usr/local/bin/python3 install
pipenv --python=/usr/local/bin/python3 shell
python3 app.py <PORT>
By default, House binds to https://127.0.0.1:8000.
To get an overview of House capabilities, you can visit user's manual for details.
- Added dynamic dex/jar hooking, House now can hook functions in dynamically loaded dex/jar files
- Added Mini Script option for Hooks
- ClassLoader Enum
Note: Make sure to update your Frida version to >= 12.8.3 for /dex/jar function hooking
In this section, a small example is provided to illustrate basic usage of
House. The demo case is performed against a small testing android application:
com.ha0k3.overloads.
-
Make sure an Android device is plugged in over USB and Frida server is running on the device. Check the Frida server is successfully spawned using the following command:
frida-ps -U. -
Start the House application by running app.py :
python app.py <PORT>. -
Open a browser and navigate to https://127.0.0.1:PORT.
-
Observe the device information is displayed on the page, if not, click the
Refreshbutton or restart the application and Frida server.
- Dynamically generating hook script from templates based on the config file, monitor key operations including FILEIO, IPC, etc.
- It is experimental at this point, If you find more functions needed to be hooked, feel free to let me know or file a PR.
- House now support
sideload. It supports stetho side loading at this point; which makes it easier for us to examine the UI; storage; etc.
- It is experimental at this point, but more functionalities such as SSLStrip will be added under this tab.
- Enumerate all loaded classes:
- Enumerate all classes in the Dex file:
- Enumerates all methods within a given class
- History Scripts management
