AppInfoScanner: Mobile and Web Information Gathering Tool

AppInfoScanner

A mobile (Android, iOS, WEB, H5, static websites) information gathering tool suitable for red teams, penetration testing, and attack scenarios. It helps penetration testers and red team members quickly collect key asset information from mobile or static web sites and provides basic output such as Title, Domain, CDN, fingerprint information, status information, etc.

Disclaimer

Do not use the project's technology or code for malicious software development, software copyright infringement, or improper profit-making purposes. Implementing these actions or using this project to sniff data from programs not owned by you may violate the "Criminal Law of the People's Republic of China" Article 217, Article 286, "Cybersecurity Law of the People's Republic of China," and "Regulations on the Protection of Computer Software." The technologies mentioned in this project are only applicable for legal scenarios such as private learning and testing. Any criminal or civil liability arising from the improper use of this technology is unrelated to the project author.

Applicable Scenarios

  • Collect key asset information from an app during daily penetration testing, such as URL addresses, IP addresses, keywords, etc.
  • Collect key asset information from an app during large-scale cyber defense exercises, such as URL addresses, IP addresses, keywords, etc.
  • Collect URL addresses, IP addresses, keywords, etc., from the source code of a web site (can be open-source code or saved via right-clicking the web page source).
  • Collect URL addresses, IP addresses, keywords, etc., from H5 pages.
  • Conduct targeted information collection for a specific app.

Features:

  • Supports batch scanning at the directory level
  • Supports information collection from DEX, APK, IPA, MACH-O, HTML, JS, Smali, ELF files
  • Supports automatic download of APK, IPA, H5 files and one-click information collection
  • Supports custom request headers, request messages, and request methods
  • Supports custom rules for flexible scanning rules
  • Supports custom ignoring of resource files
  • Supports custom configuration of Android shell rules
  • Supports custom configuration of middleware rules
  • Supports detection of Android protection shells and official iOS shells
  • Supports collection of IP addresses, URL addresses, middlewares (JSON components and XML components)
  • Supports collection of content under an Android package name
  • Supports network sniffing functionality that provides basic information output
  • Supports Windows, macOS, and *nix systems
  • Includes simple AI recognition to quickly filter third-party URLs
  • Fingerprint identification module
  • Adds internationalization language packages
  • One-click auto-repair of APK files
  • Automatically decompiles when a shell is detected

Some Screenshots

Environment Requirements

  • Java environment required for Apk file parsing, Java version 1.8 and below
  • Python3 runtime environment

Directory Structure

AppInfoScanner
   |-- libs  Core program code
       |-- core
           |-- __init__.py Global configuration information
           |-- parses.py Used to parse static information in files
           |-- download.py Used to automatically download apps or H5 pages
           |-- net.py Used for network sniffing and obtaining basic information
       |-- task
           |-- __init__.py Directory initialization file
           |-- base_task.py Unified task scheduling center
			|-- android_task.py Handles tasks related to Android
           |-- download_task.py Handles automatic download of apps or H5 tasks            
			|-- ios_task.py Handles tasks related to iOS
           |-- net_task.py Handles network sniffing related tasks
			|-- web_task.py Handles web-related tasks, such as source code from right-clicking a web page or static information related to H5
   |-- tools Program dependencies
       |-- apktool.jar Used to decompile APK files, different platforms may need self-switching
       |-- baksmali.jar Used to decompile DEX files, different platforms may need self-switching
       |-- strings.exe Used to get string information from IPA on Windows 32
       |-- strings64.exe Used to get string information from IPA on Windows 64 systems
   |-- __init__.py Directory initialization file 
   |-- app.py Main running program
	|-- config.py Entire program configuration file
	|-- README.md Program usage instructions
	|-- requirements.txt Dependencies required for the program
	|-- update.md Program historical version information

Usage Instructions

  1. Download
    git clone https://github.com/kelvinBen/AppInfoScanner.git
    
    Or copy the following link into the browser to download the latest official version
    
    https://github.com/kelvinBen/AppInfoScanner/releases/latest

    Domestic fast download channel:

    git clone https://gitee.com/kelvin_ben/AppInfoScanner.git
  1. Install dependencies
    cd AppInfoScanner
    python -m pip install -r requirements.txt
  1. Run (Basic Version)
  • Scan Android application APK files, DEX files, APK download addresses, or directories where files are saved
    python app.py android -i <Your APK File or DEX File or APK Download Url or Save File Dir>
  • Scan iOS application IPA files, Mach-o files, IPA download addresses, or directories where files are saved
    python app.py ios -i <Your IPA file or Mach-o File or IPA Download Url or Save File Dir>
  • Scan web site files, directories, or cached site URLs
    python app.py web -i <Your Web file or Save Web Dir or Web Cache Url>

Advanced Operation Guide

Basic Command Format

python app.py [TYPE] [OPTIONS] <The URL or directory to scan>

Symbol Information Explanation

<> Represents the file or directory or URL address to be scanned
| or relationship, only one can be selected
[] Represents the parameters to be entered

TYPE Parameter Details

This parameter type correesponds to [TYPE] in the basic command format, currently only supports [android/ios/web] three types, and one must be specified.

android: used to scan content of Android application related files
ios: used to scan content of iOS application related files
web: used to scan content of web sites or H5 related files

Supports automatic correction based on file suffix names. Even if the input is 'ios', if the file name provided in -i is XXX.apk, the Android related scan will be executed.

OPTIONS Parameter Details

This parameter type corresponds to [OPTIONS] in the basic command format, and multiple parameters can be used together.

-i or --inputs: Enter the file, directory, or URL address to be scanned. If the path is long, wrap it with quotes. This parameter is required.
-r or --rules: Enter the temporary scanning rules for the file content.
-s or --sniffer: Enable network sniffing function, default is enabled.
-n or --no-resource: Ignore all resource files, including resource files in the network sniffing function (need to configure sniffer_filter rules in config.py first), default is not to ignore resources.
-a or --all: Output all results that match the scanning rules, default is enabled.
-t or --threads: Set the number of concurrent threads, default is 10 threads.
-o or --output: Specify the output directory for scanning results and temporary files generated during scanning, default is the script directory.
-p or --package: Specify the Java package name information of the Android APK file or DEX file to be scanned. This parameter is only available in the android type.

Specific Usage Methods

Basic Operations for Android
  • Scan a local APK file
python app.py android -i <Your apk file>  

Example:

python app.py android -i C:\Users\Administrator\Desktop\Demo.apk
  • Scan a local DEX file
python app.py android -i <Your DEX file>  

Example:

python app.py android -i C:\Users\Administrator\Desktop\Demo.dex
  • Scan an APK file located at a URL address
python app.py android -i <APK Download Url>  

Example:

python app.py android -i "https://127.0.0.1/Demo.apk"

Note that if the URL address is too long, use double quotes (")

Basic Operations for iOS
  • Scan a local IPA file
python app.py ios -i <Your ipa file>

Example:

python app.py ios -i "C:\Users\Administrator\Desktop\Demo.ipa"
  • Scan a local Macho file
python app.py ios -i <Your Mach-o file>

Example:

python app.py ios -i "C:\Users\Administrator\Desktop\Demo\Payload\Demo.app\Demo"
  • Scan an IPA file located at a URL address
python app.py ios -i <IPA Download Url>  

Example:

python app.py ios -i "https://127.0.0.1/Demo.ipa"

Note that if the URL address is too long, use double quotes ("), currently does not support scanning IPA files from Apple Store

Basic Operations for Web
  • Scan a local web site
python app.py web -i <Your web file>

Example:

python app.py web -i "C:\Users\Administrator\Desktop\Demo.html"
  • Scan a web site file located at a URL address
python app.py web -i <Web Download Url>  

Example:

python app.py web -i "https://127.0.0.1/Demo.html"
Common Operations

The following operations are examples using the android type:

  • Scan a local directory
python app.py android -i <Your Dir>

Example:

python app.py android -i C:\Users\Administrator\Desktop\Demo
  • Add temporary rules or keywords
python app.py android -i <Your apk> -r <the keyword | the rules>

Example:
Scan for Baidu domain

python app.py android -i C:\Users\Administrator\Desktop\Demo.apk -r ".*baidu.com.*"
  • Disable network sniffing function
python app.py android -i <Your apk> -s

Example:
python app.py android -i C:\Users\Administrator\Desktop\Demo.apk -s
  • Ignore all resource files
python app.py android -i <Your apk> -n

Example:
python app.py android -i C:\Users\Administrator\Desktop\Demo.apk -n
  • Disable outputting all matching scanning rule contents
python app.py android -i <Your apk> -a

Example:

python app.py android -i C:\Users\Administrator\Desktop\Demo.apk -a
  • Set the number of concurrent threads
python app.py android -i <Your apk> -t 20

Example:
Set 20 concurrent threads
python app.py android -i C:\Users\Administrator\Desktop\Demo.apk -t 20
  • Specify the output directory for the result set and cache files
python app.py android -i <Your apk> -o <output path>

Example:
For example, output to the Temp directory on the desktop
python app.py android -i C:\Users\Administrator\Desktop\Demo.apk -o C:\Users\Administrator\Desktop\Temp
  • Scan the contents of files under a specified package name, this feature is only supported for android type
python app.py android -i <Your apk> -p <Java package name>

Example:
If you want to filter content under com.baidu package name

python app.py android -i C:\Users\Administrator\Desktop\Demo.apk -p "com.baidu"

Advanced Version Usage Instructions

The program in this project serves only as a basic framework and includes some built-in rules. Not every input can complete the relevant scanning work. Therefore, you can configure according to your needs. Excellent configurations can achieve significant effects.

  • Configuration file path is the config.py file in the root directory, which is in the same directory as README.md

Configuration Item Description

filter_components: This configuration item is used to configure related component content, including JSON components or XML components, etc.
filter_strs: Used to configure the content of files to be scanned, such as configuring to scan port numbers: "r'.*://([\d{1,3}\.]{3}\d{1,3}).*'"
filter_no: Used to ignore unwanted content in scanned files
shell_list: Used to configure Android shell features
web_file_suffix: Configure the file suffix names of web files to be scanned here
sniffer_filter: Used to configure the file suffix names to be ignored in network sniffing
headers: Used to configure the request header information needed during automatic download
data: Used to configure the request body needed during automatic download
method: Used to configure the request method needed during automatic download

Common Issues

1. Too much garbage data in information retrieval?

Method 1: Adjust the rules in config.py according to actual conditions
Method 2: Ignore resource files

2. Error occurred: Error: This application has shell, the retrieval results may not be accurate, Please remove the shell and try again!

It indicates that the application to be scanned has a shell, and it needs to be decompiled/cracked before scanning. Currently, you can combine the following tools for decompilation/cracking.

   
   Android:
       xposed module: dexdump
       frida module: FRIDA-DEXDump
       Rootless cracking: blackdex
   iOS:
       firda module:
           Windows system use: frida-ipa-dump
           MacOS system use: frida-ios-dump

3. Error occurred: File download failed! Please download the file manually and try again.

File download failed.

1) Please check if the input URL is correct
2) Please check if there is a network problem or configure the request header (headers), request body (data), and request method (method) in the config.py file, save and then re-execute.

4. Error occurred: Decompile failed, please submit error information at Issues · kelvinBen/AppInfoScanner · GitHub"

File decompilation failed.

Please submit the error screenshot and the corresponding APK file to https://github.com/kelvinBen/AppInfoScanner/issues, and the author will handle it promptly after seeing it.

Adding Custom Rules

Custom rule submission path:

Add Custom Rule

Submission format:

1. APP custom component addition

For example, the rule for fastjson is:
APP component: fastjson com.alibaba.fastjson

2. String to search for

For example, the rule for Alibaba AK is:
String: 
Aliyun AK .*accessKeyId.*".*"

3. Web file suffix to search for

For example, the rule for jsp files is:
Website: Java language jsp

4. Android shell rule
For example, the shell rule of a certain digital company is:
Shell: A certain digital company com.stub.StubApp

Original article from: https://github.com/kelvinBen/AppInfoScanner

Posted on Thu, 11 Jun 2026 18:19:05 +0000 by John Cartwright

Hot Tags

©2026 Freaks City