MCPcopy Index your code
hub / github.com/devkekops/checkkarlmarx

github.com/devkekops/checkkarlmarx @v1.0.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.0.2 ↗ · + Follow
46 symbols 125 edges 1 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

CheckKarlMarx

report

Automated tool for security checking mobile app release binaries (apk, ipa). CheckKarlMarx good at finding several things: * network misconfigurations * insecure, test and basic auth URLs * various keys, tokens, credentials * exported components (android) * insecure webview settings (android)

Usage

Pull from docker hub and run:

$ docker pull devkekops/checkkarlmarx
$ docker run -v <path_to_apk_or_ipa>:/mount devkekops/checkkarlmarx /mount

It will generate report.html in <path_to_apk_or_ipa> folder.

Run with options:

usage: checkkarlmarx.py [-h] [--html | --sarif] [--file | --stdout] [-o [OUTPUT]] [-d [DOMAINS [DOMAINS ...]]] [-q [QATAGS [QATAGS ...]]] [-p [PACKAGES [PACKAGES ...]]] path

positional arguments:
  path                  path to apk/ipa

optional arguments:
  -h, --help            show this help message and exit
  --html                set report format as html
  --sarif               set report format as sarif
  --file                print report to file
  --stdout              print report to stdout
  -o [OUTPUT], --output [OUTPUT]
                        report filename
  -d [DOMAINS [DOMAINS ...]], --domains [DOMAINS [DOMAINS ...]]
                        domain list (e.g. example.com)
  -q [QATAGS [QATAGS ...]], --qatags [QATAGS [QATAGS ...]]
                        test domain tags list
  -p [PACKAGES [PACKAGES ...]], --packages [PACKAGES [PACKAGES ...]]
                        package names (android only, e.g. com.example)
  • report format html or sarif (html by default): --html or --sarif
  • print report to file or stdout (file by default): --file or --stdout
  • report filename (report.html or report.sarif by default): -o --output
  • filter found URLs by domain list: -d --domains
  • filter test domain URLs by tag list: -q --qatags
  • filter found webview settings by package list (android only): -p --packages

Example:

$ docker run -v $(pwd):/mount devkekops/checkkarlmarx /mount -- sarif --stdout -d mycompany.com -q qa test dev stage -p com.mycompany com.example

Exit codes: * 0 - binary have no vulnerabilities * 1 - binary have some vulnerabilities * 2 - something went wrong

For build from sources:

$ docker build -t my_app .

Core symbols most depended-on inside this repo

setFoundForName
called by 16
checkkarlmarx.py
setProofsForName
called by 16
checkkarlmarx.py
grepBinary
called by 8
checkkarlmarx.py
grep
called by 6
checkkarlmarx.py
setFound
called by 4
checkkarlmarx.py
setProofs
called by 4
checkkarlmarx.py
addFoundToDictBinary
called by 3
checkkarlmarx.py
create_result
called by 3
checkkarlmarx.py

Shape

Function 30
Method 14
Class 2

Languages

Python100%

Modules by API surface

checkkarlmarx.py46 symbols

For agents

$ claude mcp add checkkarlmarx \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page