Droidstat-x is a static and dynamic analysis framework for Android applications, developed to create a consistent methodology for security assessments, debuted at BSides Lisbon in 2015. The tool generates an XMind map with information on vulnerabilities identified through static analysis, assisting pentesters in covering critical areas during an assessment. Future enhancements include integration with the Play Store for APK downloads and advanced checks for security features like certificate pinning and SQL injection.

1. Droidstat-X
Android Applications Security Analyser Xmind Generator
Cláudio André

2. whoami
- Security Consultant at Integrity S.A.
- Web, Android and Infrastructure
- OSCP,eMAPT,eWPTX

3. Droidstat
The development of Droidstat started mid 2015 and it was presented in
July in Bsides Lisbon 2015.

4. Droidstat
The development of Droidstat started mid 2015 and it was presented in
July in Bsides Lisbon 2015.
Droidstat aims to be a static and dynamic analysis framework,
which does more than just flag issues (there are already several ones
which do that and well, like Androbugs or MobSF), it allows to create a
methodology and a workflow to achieve consistency.

5. Droidstat-X

6. Droidstat-X
Python tool that generates an Xmind map with all the information
gathered and any evidence of possible vulnerabilities identified via
static analysis.

7. Droidstat-X
The map itself is an Android Application Pentesting Methodology
component, which assists Pentesters to cover all important areas during
an assessment.
This was the main goal driving the tool development.

8. Droidstat-X
The tool allows to add custom checks in a simple way, to confirm the
existence of those patterns in the dalvik bytecode instructions.

9. Xmind Organization

10. Methodology
Mobile Top 10 2017

11. Methodology

12. Methodology
“The MSTG is a comprehensive manual for
mobile app security testing and reverse
engineering. It describes technical
processes for verifying the controls listed in
the OWASP Mobile Application Verification
Standard (MASVS).”
https://github.com/OWASP/owasp-mstg

14. Under The Hood
Androguard (Properties,Components, Files)

15. Under The Hood
Androguard (Properties,Components, Files)
Xmind SDK for Python *

16. Under The Hood
Androguard (Properties,Components, Files)
Xmind SDK for Python *
Apktool

17. Under The Hood
Androguard (Properties,Components, Files)
Xmind SDK for Python *
Apktool
Patented Advanced Search Algorithm based on Neural Networks and
Blockchains...

18. Under The Hood
Androguard (Properties,Components, Files)
Xmind SDK for Python *
Apktool
Patented Advanced Search Algorithm based on Neural Networks and
Blockchains…
grep and sed

19. Next Steps
- Integration with Play Store / Android Device to download APKs *
- Automatic extraction of bundled DLL’s in Xamarin
- Determine usage of Certificate Pinning (Native, Cordova, Xamarin)
- Determine usage of Android Keystore
- SQL Injection / Path Traversal Evidences for Content Providers
….. Web Interface

20. Get it.
https://github.com/integrity-sa/droidstatx

21. Install it.
Manual Install (needs pip and Java JRE)
● git clone https://github.com/integrity-sa/droidstatx.git
● cd droidstatx
● python install.py
Docker
● git clone https://github.com/integrity-sa/droidstatx.git
● cd droidstatx
● docker build -t droidstatx .