Device ID based detection
|
Emulator detection |
100 |
|
Encoding - Hashing
|
Web Application |
100 |
|
SSTI
|
Web Application |
100 |
|
International mobile subscriber identity (IMSI)
|
Device ID |
100 |
|
Old Backup Files
|
Web Application |
100 |
|
QR Code
|
Miscellaneous |
100 |
|
JavaScript - Info leak
|
Web Application |
100 |
|
KeyStore
|
Insecure Data Storage |
100 |
|
SQLite Databases (Encrypted)
|
Insecure Data Storage |
100 |
|
RPATH
|
Binary Protection |
100 |
|
Native Function Call
|
Binary Protection |
100 |
|
Hardcoded Secret
|
Binary Protection |
100 |
|
Backdoor7
|
Miscellaneous |
100 |
|
Backdoor6
|
Miscellaneous |
100 |
|
Dangerous Props
|
Root Detection |
100 |
|
Root Cloaking Apps
|
Root Detection |
100 |
|
QEmu Detection
|
Emulator detection |
100 |
|
Memory
|
Insecure Data Storage |
100 |
|
isDebugger Connected
|
Anti-Debugging |
100 |
|
Predictable Initialization Vector
|
Symmetric Encryption |
100 |
|
File System Expose
|
Content Providers |
100 |
|
Clipboard
|
Insecure Data Storage |
100 |
|
Check Package Name
|
Emulator detection |
100 |
|
Web Socket Secure (WSS)
|
WebSocket Traffic |
100 |
|
OTP Bruteforce
|
Web Application |
100 |
|
S3 bucket misconfiguration
|
Web Application |
100 |
|
Unrestricted File Upload
|
Web Application |
100 |
|
SSRF
|
Web Application |
100 |
|
Bruteforce
|
Web Application |
100 |
|
JSON to XXE (Blind)
|
Web Application |
100 |
|
XXE
|
Web Application |
100 |
|
XPATH Injection
|
Web Application |
100 |
|
REST API HTTP Methods
|
Web Application |
100 |
|
Caesar Cipher
|
Encryption |
100 |
|
SQL Injection
|
Content Providers |
100 |
|
Review comment and Metadata
|
Web Application |
100 |
|
User Password Enumeration
|
Web Application |
100 |
|
Server Fingerprint
|
Web Application |
100 |
|
RIA Cross Domain Policy
|
Web Application |
100 |
|
RFI
|
Web Application |
100 |
|
Metafiles - Info Leakage
|
Web Application |
100 |
|
Login bypass
|
Web Application |
100 |
|
JWT Misconfiguration
|
Web Application |
100 |
|
Insecure Direct Object Reference
|
Web Application |
100 |
|
HTML5 Controls
|
Web Application |
100 |
|
Guessable Session ID
|
Web Application |
100 |
|
Default Credentials
|
Web Application |
100 |
|
Client Side Validation Bypass
|
Web Application |
100 |
|
Web Socket (WS)
|
WebSocket Traffic |
100 |
|
TCP Traffic
|
Non-HTTP Traffic |
100 |
|
UDP Traffic
|
Non-HTTP Traffic |
100 |
|
2FA - OTP Brute-Force 2
|
Authentication |
100 |
|
2FA - OTP Brute-Force
|
Authentication |
100 |
|
2FA - Integrity Validation
|
Authentication |
100 |
|
2FA - Status Code Manipulation
|
Authentication |
100 |
|
2FA - Response Manipulation
|
Authentication |
100 |
|
2FA - OTP Leakage
|
Authentication |
100 |
|
AES
|
Symmetric Encryption |
100 |
|
Blowfish
|
Symmetric Encryption |
100 |
|
RC4
|
Symmetric Encryption |
100 |
|
3DES
|
Symmetric Encryption |
100 |
|
DES
|
Symmetric Encryption |
100 |
|
RSA
|
Asymmetric Encryption |
100 |
|
SHA1
|
Hashing |
100 |
|
MD5
|
Hashing |
100 |
|
MD4
|
Hashing |
100 |
|
Backdoor5
|
Miscellaneous |
100 |
|
Backdoor4
|
Miscellaneous |
100 |
|
Backdoor2
|
Miscellaneous |
100 |
|
Backdoor1
|
Miscellaneous |
100 |
|
Hardware Specifications
|
Emulator detection |
100 |
|
Virtual Phone Number
|
Emulator detection |
100 |
|
Network Operator Name
|
Emulator detection |
100 |
|
Debug Flag
|
Emulator detection |
100 |
|
Emulator Default IP Check
|
Emulator detection |
100 |
|
Emulator Files Check
|
Emulator detection |
100 |
|
Activity data
|
Insecure Data Storage |
100 |
|
Backdoor3
|
Miscellaneous |
100 |
|
SQLite Databases (Unencrypted)
|
Insecure Data Storage |
100 |
|
Internal Storage
|
Insecure Data Storage |
100 |
|
Shared Preferences
|
Insecure Data Storage |
100 |
|
External Storage
|
Insecure Data Storage |
100 |
|
Test Keys
|
Root Detection |
100 |
|
Potentially Dangerous Apps
|
Root Detection |
100 |
|
Root Management Apps
|
Root Detection |
100 |
|
RW System
|
Root Detection |
100 |
|
Su Exists
|
Root Detection |
100 |
|
BusyBox Binary
|
Root Detection |
100 |
|
GPS Location
|
Device ID |
100 |
|
Device Wi-Fi MAC
|
Device ID |
100 |
|
HTTPS Traffic
|
HTTP Traffic |
100 |
|
HTTP Traffic
|
HTTP Traffic |
100 |
|
IMEI/ESN
|
Device ID |
100 |
|
SSAID/ANDROID_ID
|
Device ID |
100 |
|
Su Binary
|
Root Detection |
100 |
|
WTF Logs
|
Logs |
100 |
|
Verbose Logs
|
Logs |
100 |
|
Debug Logs
|
Logs |
100 |
|
Warnings Logs
|
Logs |
100 |
|
Error Logs
|
Logs |
100 |
|
Informational Logs
|
Logs |
100 |
|