README.md

NSdeepLink

Not So deepLink is a python script allowing to list, verify and exploit deeplinks and universal links from Android and iOS apps using an ADB access or an APK/IPA file.

Prerequisites

• Python3
• Apktool
• argparse
• re
• tabulate
• colorama
• requests
• adb

Install

$ git clone https://github.com/mathis2001/NSdeepLink
$ cd NSdeepLink
$ chmod +x NSdeepLink.py

Usage

$ ./NSdeepLink.py [-h] (--adb | --apk APK | --ipa IPA | -l LAUNCH | -c CODE_SEARCH) [-p PACKAGE] [-s SERIAL] [-v] [-o]

List Deeplinks using ADB

$ ./NSdeepLink.py --adb -p com.example.xyz [--verify]

List Deeplinks from an APK

$ ./NSdeepLink.py --apk /path/to/app.apk [--verify]

List Universal Links from an IPA

$ ./NSdeepLink.py --ipa /path/to/app.ipa [--verify]

Open a specific deeplink (Android Only)

$ ./NSdeepLink.py -l app://deeplink.xyz

Search for potential deeplinks handling in Java / Kotlin code (Android Only)

$ ./NSdeepLink.py -c /path/to/project

Options

options:
  -h, --help            show this help message and exit
  --adb                 ADB Analyze
  --apk APK             APK Analyze
  --ipa IPA             IPA Analyze
  -l LAUNCH, --launch LAUNCH
                        Launch a deeplink
  -c CODE_SEARCH, --code-search CODE_SEARCH
                        Search for potential deeplink handling in JAVA / Kotlin code
  -p PACKAGE, --package PACKAGE
                        Package Name (ex: com.example.xyz)
  -s SERIAL, --serial SERIAL
                        Device/Emulator to use
  -v, --verify          Verify Assets Links
  -o OUTPUT, --output OUTPUT
                        Save results in an output file

Screenshots

PoC Scenarios

BugBazaar

Insecure Deeplink handling leads to CSRF

Insecure Deeplink handling leads to WebView Hijacking

Realistic Vulnerability Chaining

Insecure Deeplink handling + WebView Hijacking + JavaScript Bridge leads to Command Injection