🔍 Scan React Native APKs for Vulnerable npm Dependencies in 2 Minutes!

📌 What is This Tool?
React Native Vulnerability Scanner is a Python tool that helps security researchers and developers analyze React Native APKs for vulnerable npm dependencies by scanning modules.json. It checks package versions against Snyk’s vulnerability database to find security risks in outdated libraries.

🛠️ How to Use This Tool?

1️⃣ Decompile the APK using apktool

To extract modules.json, decompile the APK:

apktool d myapp.apk -o myapp_decompiled

Look for the file inside:

myapp_decompiled/assets/modules.json

2️⃣ Scan for Vulnerabilities

Run the scanner to check for outdated dependencies:

python RNScanner.py -f myapp_decompiled/assets/modules.json

To save the results to a file:

python RNScanner.py -f myapp_decompiled/assets/modules.json -o

🔄 Recompile & Repackage the APK

3️⃣ Rebuild the APK

After modifications (if any), recompile the APK:

apktool b myapp_decompiled -o new_app.apk

4️⃣ Sign the APK

Unsigned APKs won’t install, so sign it:

jarsigner -keystore my-release-key.keystore -storepass password -keypass password -signedjar signed_app.apk new_app.apk alias_name

5️⃣ Install the APK

adb install signed_app.apk

📜 Example Output

If vulnerabilities are found:

react-native : 0.76.7
lodash : 4.17.21
axios : 0.21.4

Results saved to vulnerable_packages.txt
✅ Done!

If no vulnerabilities are found:

No vulnerabilities found! 🎉
✅ Done!

🚀 Why Use This Tool?

✅ Identify security flaws in React Native apps
✅ Quickly analyze npm dependencies inside APKs
✅ Helpful for bug bounty, security audits & pen testing

📌 GitHub Repo: BhattJayD/react-native-vulnerability-scanner

🔍 Try it now and secure your React Native apps! 🚀