A comprehensive security analysis toolkit for Android APKs and native binaries. Combines static analysis, dynamic instrumentation, and vulnerability detection to identify security issues in mobile applications and compiled code.
- Binary Analysis: Ghidra-based decompilation and analysis of native executables
- APK Analysis: Android package inspection including DEX, Smali, and manifest
- Vulnerability Detection: 40+ detection modules covering common security flaws
- Constraint Solving: Z3-based path feasibility checking
- ROP Gadget Finding: Automatic gadget identification for exploitation research
- Android Emulator: Automated emulator setup and management
- Frida Instrumentation: Runtime hooking and monitoring
- MITM Proxy: Network traffic interception and analysis
- Runtime Secrets: Detection of credentials exposed at runtime
Memory Safety
- Buffer overflows (stack/heap)
- Use-after-free
- Double free
- Null pointer dereference
- Uninitialized memory
- Memory leaks
- Out-of-bounds read/write
Input Validation
- Format string vulnerabilities
- Command injection
- Path traversal
- SQL injection
- XSS (Cross-Site Scripting)
- XXE (XML External Entity)
- SSRF (Server-Side Request Forgery)
- LDAP injection
- NoSQL injection
- SSTI (Server-Side Template Injection)
Android-Specific
- Hardcoded secrets/credentials
- Insecure data storage
- Insecure communication (HTTP)
- Weak cryptography
- Exported components without permissions
- WebView vulnerabilities
Advanced
- Integer overflows
- Type confusion
- Race conditions (TOCTOU)
- Function pointer overwrites
- VTable hijacking
- Deserialization vulnerabilities
- JWT vulnerabilities
- Authentication bypass
- Missing authorization
- CSRF (Cross-Site Request Forgery)
- Python 3.9+
- Ghidra 11.3+ (for binary analysis)
- Android SDK (for APK dynamic analysis)
- Linux/Unix environment
# Clone repository
git clone https://github.com/yourusername/neutron.git
cd neutron
# Install with development dependencies
pip install -e ".[dev]"
# Or use Make
make install-dev# Ubuntu/Debian
sudo apt update
sudo apt install unzip apktool dex2jar clang-format
sudo apt install clang-18 libclang-18-dev python3-pip
# For constraint solving
sudo apt install cmake libclang-dev z3 libz3-dev python3-dev# Download Ghidra
wget https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_11.3.1_build/ghidra_11.3.1_PUBLIC_20250219.zip
# Install
sudo mkdir -p /opt/ghidra
sudo unzip ghidra_11.3.1_PUBLIC_*.zip -d /opt/ghidra# Install Android SDK
sudo apt-get install android-sdk
# Download command-line tools from:
# https://developer.android.com/studio#command-tools
# Set up environment
export ANDROID_SDK_ROOT=~/Android
export PATH=$ANDROID_SDK_ROOT/cmdline-tools/latest/bin:$ANDROID_SDK_ROOT/platform-tools:$ANDROID_SDK_ROOT/emulator:$PATH
# Install required packages
sdkmanager "system-images;android-30;google_apis;x86_64"
sdkmanager "platform-tools"
sdkmanager --install "emulator"
# Create AVD
avdmanager create avd -n test_avd -k "system-images;android-30;google_apis;x86_64"# Create configuration file
cp neutron.yaml.example neutron.yaml
# Edit for your environment
vi neutron.yamlKey settings:
ghidra.install_path: Path to Ghidra installationandroid.sdk_root: Android SDK locationanalysis.output_dir: Where to save results
# Scan a binary
neutron scan binary /path/to/executable
# Scan with severity filter
neutron scan binary ./app --severity HIGH
# Save results to session
neutron scan binary ./app --save-session my_scan
# Export to JSON
neutron scan binary ./app --output report.json
# View results
neutron results show
# Filter results
neutron results show --severity CRITICAL
neutron results show --type buffer_overflow
# Export reports
neutron results export html --output report.html
neutron results export json --output findings.json
neutron results export sarif --output results.sarif# Interactive mode
python main.pyneutron/
├── neutron/ # Main package
│ ├── core/ # Configuration, logging
│ ├── analysis/ # Ghidra integration
│ ├── detection/ # Detection modules
│ ├── dynamic/ # Dynamic analysis
│ ├── reporting/ # Report generation
│ └── cli/ # Command-line interface
├── detection_modules/ # 40+ vulnerability detectors
├── ghidra_scripts/ # Ghidra analysis scripts
├── tests/ # Test suite
├── custom_rules/ # User-defined rules
├── pyproject.toml # Package configuration
├── Makefile # Development commands
└── neutron.yaml.example # Configuration template
make install-dev# Run all tests
make test
# Run with coverage
make test-cov
# Run specific test
pytest tests/test_config.py -v# Check code quality
make lint
# Auto-format code
make format
# Pre-commit hooks
pre-commit install
pre-commit run --all-filesInteractive report with vulnerability details, code snippets, and remediation guidance.
Machine-readable format for integration with other tools.
GitHub Code Scanning compatible format for CI/CD integration.
Spreadsheet-friendly format for tracking and reporting.
# Scan in CI pipeline
neutron scan binary $BUILD_ARTIFACT --severity CRITICAL --output findings.json
# Export to SARIF for GitHub
neutron results export sarif --output results.sarif
# Upload to GitHub Security
gh api /repos/{owner}/{repo}/code-scanning/sarifs --input results.sarif- libclang
- ghidra_bridge
- graphviz
- rich
- pybind11
- z3-solver
- pycryptodome
- mobsfscan
- Ghidra 11.3+
- Android SDK (optional, for dynamic analysis)
- Frida (optional, for runtime instrumentation)
- apktool
- dex2jar
MIT License - See LICENSE file for details.
This tool is designed for authorized security testing and research only. Always ensure you have proper authorization before analyzing applications you don't own. Use responsibly and ethically.
Built with: