SSLPinDetect
SSLPinDetect is a tool for analyzing Android APKs to detect SSL pinning implementations by scanning for known patterns in decompiled code. It helps security researchers and penetration testers identify SSL pinning mechanisms used in mobile applications.
Install / Use
/learn @aancw/SSLPinDetectREADME
🔒 SSL Pinning Detector
SSLPinDetect is a tool for analyzing Android APKs to detect SSL pinning implementations by scanning for known patterns in decompiled smali code. It helps security researchers and penetration testers identify SSL pinning mechanisms used in mobile applications efficiently.
🚀 Features
- Fast Scanning: Utilizes multi-threading and memory-mapped file reading for efficient and rapid file scanning.
- Accurate Detection: Pre-compiled regex patterns for precise SSL pinning detection, with line number and code preview.
- Real-time Progress: Interactive progress bars for both scanning and match counting, ensuring better monitoring.
- Flexible Output: Supports verbose mode for detailed logs or minimal output for efficiency.
⚙️ Requirements
- Python 3.8+
- Java (Ensure it's in system PATH)
- Apktool (Download and specify the path)
🛠 Installation
- Clone the repository:
git clone https://github.com/aancw/SSLPinDetect
cd SSLPinDetect
- Install required Python packages:
pip install -r requirements.txt
- Ensure Java and Apktool are installed and accessible.
🚦 Usage
python sslpindetect.py -f <apk_path> -a <apktool_path> -p <pattern_file> [-v]
Arguments:
-f,--file(required): Path to the APK file.-a,--apktool(required): Path to the apktool jar file.-p,--pattern(optional): Path to the JSON file containing SSL pinning patterns (default:patterns.json).-v,--verbose(optional): Enable detailed logging.
🧪 Examples
✅ 1. Basic Usage (without verbose mode and custom patterns):
python sslpindetect.py -f app.apk -a apktool.jar
🔍 2. Enable Verbose Mode (for detailed output):
python sslpindetect.py -a apktool_2.11.0.jar -f sample/app-release.apk -v
Processing APK...
APK successfully decompiled.
Scanning Smali Files: 100%|█████████████████████| 100/100 [00:05<00:00, 19.76it/s]
Pattern Matched: 5
Total Patterns Matched: 5
Pattern detected: OkHttp Certificate Pinning
- smali/com/example/app/MainActivity.smali
[Line 45]: invoke-static {v0}, Lcom/squareup/okhttp/CertificatePinner;->check(Ljava/lang/String;)V
🛠️ 3. Use Custom SSL Pinning Patterns:
python sslpindetect.py -f app.apk -a apktool.jar -p custom_patterns.json
📂 Patterns File (patterns.json)
Download the latest pattern file: smali-sslpin-patterns
Example of patterns.json file
{
"OkHttp Certificate Pinning": [
"Lcom/squareup/okhttp/CertificatePinner;",
"Lokhttp3/CertificatePinner;",
"setCertificatePinner"
],
"TrustManager Override": [
"Ljavax/net/ssl/X509TrustManager;",
"checkServerTrusted"
]
}
✅ License
This project is licensed under the MIT License.
✅ Contibute
🚀 Ready to take SSLPinDetect to the next level? Contribute your ideas, improvements, or raise issues to make this tool even more powerful! Let's build something amazing together!
PoC
Related Skills
YC-Killer
2.7kA library of enterprise-grade AI agents designed to democratize artificial intelligence and provide free, open-source alternatives to overvalued Y Combinator startups. If you are excited about democratizing AI access & AI agents, please star ⭐️ this repository and use the link in the readme to join our open source AI research team.
best-practices-researcher
The most comprehensive Claude Code skills registry | Web Search: https://skills-registry-web.vercel.app
groundhog
398Groundhog's primary purpose is to teach people how Cursor and all these other coding agents work under the hood. If you understand how these coding assistants work from first principles, then you can drive these tools harder (or perhaps make your own!).
isf-agent
a repo for an agent that helps researchers apply for isf funding
