Mobile Security & Offensive Threat Intelligence

nutcracker_

Fast. Modular. Brutal.

Nutcracker is a powerful, modular, and extensible framework designed for mobile security analysis and offensive threat intelligence. It detects and bypasses anti-root/RASP protections, analyzes insecure Manifest configurations, extracts hardcoded secrets, and performs automated OSINT reconnaissance—all in one tool. Fully aligned with OWASP MASVS for comprehensive security compliance.

View on GitHub >_ Quick Start
nutcracker — zsh
nutcracker terminal pixel art
NUTCRACKER
Mobile Security & Offensive Threat Intelligence
github.com/drneox/nutcracker
python nutcracker.py scan com.target.app
[+] Downloading APK from Google Play...
[+] Protection detected: anti-root / RASP protection
[+] Script generated:frida_scripts/bypass_com.target.app.js
[+] Launching Frida bypass...
[✓] Protection bypassed. Decompiling...
[✓] Leak scan: enabled
[✓] 32 vulnerabilities found(1 CRITICAL 7 HIGH 24 MEDIUM)
[✓] Report saved: reports/com.target.app.pdf
38+Regex Rules
5RASP Detectors
7+OSINT Sources
MITLicense

Features

Fast

Optimized for performance and efficiency. Parallel analysis pipelines with intelligent caching. Built with speed in mind.

Modular

Highly modular architecture with feature flags. Enable or disable any module via config.yaml. Easy extension and customization.

Security Focused

Designed with security at its core. Detects DexGuard, Arxan, Appdome, Promon Shield, RootBeer and more. Built for real-world security workflows.

OSINT Recon

Subdomain enumeration via crt.sh, public leaks on GitHub/Postman/FOFA/Wayback, false-positive filtering and optional web searches via DuckDuckGo.

PDF Reports

Complete PDF report with cover, executive summary, anti-root analysis, RASP bypass, misconfigurations, secrets and vulnerability findings.

Docker Ready

Hybrid Docker mode: run nutcracker inside a container while connecting to emulators/devices on the host. Ideal for Windows + WSL environments.

What nutcracker can do

  • Downloads APKs from Google Play, APKPure or direct URL
  • App Bundle (AAB) support with split detection
  • Static protection detection: DexGuard, Arxan, Appdome, RootBeer, Promon Shield
  • Smart analytics SDK filtering to avoid false positives
  • Dynamic deobfuscation via frida_server, gadget or fart
  • Vulnerability scanner: semgrep (OWASP MASTG) + 38 internal regex rules
  • Leak/secret search: HC rules + apkleaks + gitleaks
  • AndroidManifest.xml analysis: permissions, exported components
  • Batch mode to scan multiple apps in sequence
  • All modules controllable via feature flags in config.yaml

Installation

bash 
# Clone the repository
git clone https://github.com/drneox/nutcracker
cd nutcracker

# Create and activate virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install Python dependencies
pip install -r requirements.txt
bash · macOS (Homebrew) 
# Install system dependencies via Homebrew
brew install apkeep        # Download APKs from Google Play / APKPure
brew install jadx          # Decompile APKs to Java + XML
brew install apktool       # Unpack/repack APKs
brew install semgrep       # Static analysis (OWASP MASTG rules)
brew install android-platform-tools  # adb

# Java 11+ required
brew install openjdk@21
bash · Linux (Ubuntu/Debian) 
# Base tools
sudo apt update
sudo apt install -y openjdk-21-jre-headless jadx apktool adb

# apkeep (official binary)
APKEEP_VERSION="0.18.0"
curl -L -o /tmp/apkeep.tgz \
  "https://github.com/EFForg/apkeep/releases/download/v${APKEEP_VERSION}/apkeep-x86_64-unknown-linux-musl.tar.gz"
tar -xzf /tmp/apkeep.tgz -C /tmp
sudo install /tmp/apkeep /usr/local/bin/apkeep

# semgrep (via pipx)
pipx install semgrep
bash · Docker (hybrid mode) 
# Build and open a container shell
docker compose build
docker compose run --rm nutcracker

# Verify ADB connectivity from container
adb devices
frida-ls-devices

# Run analysis from the container
python nutcracker.py analyze downloads/app.apk

Usage

Basic Commands

bash 
# Activate virtual environment first
source .venv/bin/activate

# Show help
python nutcracker.py --help

# Analyze a local APK
python nutcracker.py analyze downloads/app.apk

# Download and analyze from Google Play
python nutcracker.py scan 'com.example.app'
python nutcracker.py analyze com.example.app

# Batch scan from a package list
python nutcracker.py batch packages.txt

Advanced Usage

bash 
# Setup Google Play AAS Token (interactive)
python nutcracker.py setup-token
python nutcracker.py setup-token --serial emulator-5554 --method auto

# Manual Frida bypass (launch command)
python nutcracker.py launch com.example.app
python nutcracker.py launch com.example.app --serial emulator-5554

# Specify a bypass script manually
python nutcracker.py launch com.example.app \
  --script frida_scripts/bypass_com.example.app_....js

Docs

Analysis Pipeline

APKInput: local file, Play Store URL or package ID
DETECTAnti-root / RASP protection detection
BYPASSfrida-dexdump → Frida Gadget → FART
SCAN38 regex rules + semgrep integration
Leakssecret/token detection in source code
OSINTcrt.sh, GitHub, Postman, FOFA, Wayback
PDFComplete technical report generation

Configuration

Copy config.yaml.example to config.yaml and adjust the values you need.

features:
  anti_root_analysis: true
  decompilation:      true
  manifest_scan:      true
  vuln_scan:          false
  leak_scan:          true
  osint_scan:         true
  report_pdf:         true
View full config example →

PDF Report Sections

CoverProtection verdict and APK metadata
SummaryExecutive summary with risk per module
RASPDetected vs bypassed protections
ConfigInsecure AndroidManifest.xml analysis
LeaksAPI keys, tokens, AWS/Firebase secrets
Vulnssemgrep + regex findings by severity

Ready to get started?

Check out the documentation and unleash the power of Nutcracker.

Read the Docs