Powered by Claude Agent SDK

DEFYKT

Find every flaw. Before the attackers do.
Seven AI agents perform static and dynamic security analysis on iOS and Android apps. Every finding is independently verified. Strike goes further, tracing attack paths and generating working exploits.

Request Early Access See It Run
iOS / IPA
Android / APK
App Store & Play Store
BINARY DECOMPILATIONNETWORK INTERCEPTIONRUNTIME INSTRUMENTATIONSECRETS DETECTIONOWASP MOBILE TOP 10FRIDA HOOKSCERTIFICATE PINNINGDEEP EXPLOITATION ANALYSISATTACK PATH TRACINGPOC GENERATIONAUTO-STRIKE VALIDATIONFALSE POSITIVE ELIMINATIONBUG BOUNTY REPORTSAUTH FLOW TESTINGPRIVACY AUDITCVE CORRELATIONAPP STORE INGESTIONAI-POWERED TRIAGECVSS JUSTIFICATIONHACKERONE EXPORT75+ SECURITY CHECKS BINARY DECOMPILATIONNETWORK INTERCEPTIONRUNTIME INSTRUMENTATIONSECRETS DETECTIONOWASP MOBILE TOP 10FRIDA HOOKSCERTIFICATE PINNINGDEEP EXPLOITATION ANALYSISATTACK PATH TRACINGPOC GENERATIONAUTO-STRIKE VALIDATIONFALSE POSITIVE ELIMINATIONBUG BOUNTY REPORTSAUTH FLOW TESTINGPRIVACY AUDITCVE CORRELATIONAPP STORE INGESTIONAI-POWERED TRIAGECVSS JUSTIFICATIONHACKERONE EXPORT75+ SECURITY CHECKS
Capabilities

Every defect found. Every vulnerability exposed.

Three modes, seven specialized AI agents, and five instrumentation servers — purpose-built for mobile applications.

DEFYKT Core

Static binary analysis. Decompile APKs with JADX and APKtool, extract IPAs, inspect manifests, entitlements, hardcoded secrets, insecure crypto, and vulnerable dependencies — no device needed.

STATIC ANALYSIS

DEFYKT Live

Full runtime testing on emulators or physical devices. Intercept network traffic with mitmproxy, hook functions with Frida, inspect storage, test auth flows, and probe attack surfaces live.

DYNAMIC ANALYSIS

DEFYKT Strike

Targeted deep exploitation analysis. Trace full attack paths through decompiled source code, generate working Frida scripts and PoCs using real class names, and produce bug bounty-ready reports with CVSS justification.

DEEP ANALYSIS

Seven AI Agents

An orchestrator deploys seven specialized agents in parallel — binary, network, runtime, storage, authentication, privacy, and static deep-dive — each with dedicated MCP tools and OWASP focus areas.

CLAUDE AGENT SDK

App Store Ingestion

Search and download apps directly from the Apple App Store or Google Play Store. No developer account needed — pull any public application for analysis on demand.

IPATOOL + APKEEP

Device & Emulator Testing

Connect physical iOS and Android devices over USB or spin up emulators and simulators. DEFYKT auto-detects available targets and manages the full test lifecycle.

ADB + SIMCTL

Auto-Strike Validation

Every critical, high, and medium finding is automatically validated by an independent AI agent. Confirmed, adjusted, or rejected — false positives are eliminated before you ever see them.

AUTO-VALIDATE

Bug Bounty Exports

One-click export to HackerOne or Bugcrowd format. Each report includes Impact, Proof of Concept, Recommended Fix, and CVSS v3.1 justification — ready to submit.

HACKERONE + BUGCROWD

75+ Security Checks

Mandatory checklists with 75+ enumerated tests across all seven agent roles, covering every OWASP Mobile Top 10 (2024) category. Every test reports a finding, pass, or skip.

OWASP M1–M10
AI Architecture

Seven agents. Complete coverage.

Each agent is a specialized Claude instance with dedicated MCP tools and a focused mandate. The orchestrator deploys them in parallel to cover all ten OWASP Mobile categories.

binary-analyst
Binary Analysis
Decompiles binaries, inspects manifests, hunts hardcoded secrets, checks obfuscation, and catalogs third-party libraries for known CVEs.
M1M2M7M8
network-analyst
Network Security
Intercepts traffic via mitmproxy. Detects cleartext HTTP, weak TLS, missing certificate pinning, exposed API keys, and sensitive data in transit.
M5
runtime-analyst
Runtime Instrumentation
Hooks functions with Frida. Tests SSL pinning strength, root/jailbreak detection, anti-debug protections, crypto API usage, and memory exposure.
M7M8M10
storage-analyst
Data Storage
Inspects SharedPreferences, Keychain, SQLite databases, file permissions, backup exposure, log leakage, and cache content for plaintext secrets and PII.
M1M6M9
auth-analyst
Auth & Validation
Tests brute force protections, session token handling, JWT weaknesses, privilege escalation, and input validation flaws including injection and XSS.
M3M4
privacy-analyst
Privacy Audit
Tracks PII collection, third-party SDK data sharing, device fingerprinting, location access, consent mechanisms, and GDPR/CCPA compliance.
M6
static-binary-analyst
Static Binary Deep-Dive
SAST-specialized agent that performs deep code-level analysis of decompiled binaries — tracing data flows, checking obfuscation quality, and identifying logic flaws invisible to runtime testing.
M2M7M8M10
Deep Exploitation

DEFYKT Strike.
Prove it’s exploitable.

When a scan finding needs to become a bug bounty report, Strike traces the full attack chain through decompiled source and builds a working exploit — ready to submit.

  • Full Attack Path — Entry point to impact, traced through real source code
  • Working PoC — Frida scripts, curl commands, or Python exploits using actual class names
  • Impact Assessment — Specific data at risk, blast radius, business consequences
  • CVSS Justification — Per-metric scoring rationale for the vulnerability
  • CVE & Reference Links — Related CVEs, MITRE ATT&CK techniques, research
  • Auto-Strike Validation — Every finding auto-validated before you see it: confirmed, adjusted, or rejected

Attack Narrative

An attacker can intercept all payment transactions by exploiting the use of ECB mode in PaymentProcessor.encrypt(). The method at line 142 calls Cipher.getInstance("AES/ECB/PKCS5Padding"), which preserves plaintext block patterns. Combined with the missing certificate pinning, an attacker in a network position can intercept and decode payment payloads to extract credit card numbers, CVVs, and billing addresses for all users of the application.

Proof of Concept frida

// Hook ECB cipher to log plaintext blocks Java.perform(function() { var Cipher = Java.use("javax.crypto.Cipher"); Cipher.doFinal.overload("[B") .implementation = function(input) { console.log("[STRIKE] Plaintext: " + hexdump(input)); return this.doFinal(input); }; });
Process

Upload. Deploy. Validate. Strike.

From binary to validated exploit — the AI handles the rest.

01

Upload

Upload an APK or IPA, search the App Store or Play Store by name, or select an installed app from a connected device.

02

Configure

Choose Core (static) or Live (dynamic). Select a scan scope — full, quick, or custom OWASP categories.

03

Deploy

The orchestrator decompiles the binary, maps the attack surface, and deploys seven agents in parallel to probe every layer.

04

Validate

Auto-Strike validates every critical, high, and medium finding. An independent AI agent confirms, adjusts, or rejects each one — eliminating false positives.

05

Report

Validated findings are correlated and deduplicated. Each includes severity, CWE, CVSS, evidence, remediation, and export to HackerOne or Bugcrowd.

06

Strike

Select any finding and launch Strike. A dedicated AI agent traces the full attack path and builds a working PoC for bug bounty submission.

The Full Journey

From scan to exploit, live.

Watch the complete workflow: launch a DAST scan, discover vulnerabilities, then Strike to prove exploitation.

app.DEFYKT.io/scans/new
1. Device
2. App
3. Settings
4. Launch
Device
Pixel 7 Pro
emulator-5554
Application
BankApp v4.2.1
com.example.bankapp
Scan Mode
DEFYKT Live
Dynamic
BankApp
com.example.bankapp · v4.2.1
AndroidDEFYKT LiveRunning
Scan Progress0%
Initializing...
Findings0 findings
No findings yet...
Agent Activity

Waiting for agents...

Cost: $0.000s
BankApp
com.example.bankapp · v4.2.1 · 4m 15s
Complete$9.14
Critical3
High5
Medium8
Low6
Vulnerabilities
CRITECB mode in payment encryptionbinary-analyst✔ Confirmed
CRITSession token not invalidated on logoutauth-analyst✔ Confirmed
CRITCertificate pinning not implementednetwork-analyst✔ Confirmed
HIGHPII in cleartext SharedPreferencesstorage-analyst✔ Confirmed
HIGHHardcoded AWS access key in BuildConfigbinary-analyst▲ Adjusted
ECB Mode in Payment Encryption
Critical M10 CWE-327 CVSS 9.1 ✔ Validated
com.example.bankapp · PaymentProcessor.java:142 · Found by binary-analyst
Description

The application uses AES encryption in ECB (Electronic Codebook) mode for encrypting payment data in PaymentProcessor.encrypt(). ECB mode encrypts identical plaintext blocks to identical ciphertext blocks, revealing patterns in the encrypted data. This allows an attacker to analyze, manipulate, or reconstruct sensitive payment information.

Evidence
// PaymentProcessor.java:142
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encrypted = cipher.doFinal(paymentData.getBytes());
DEFYKT Strike
ECB Mode in Payment Encryption
Analyzing
DEFYKT Strike
ECB Mode in Payment Encryption
$0.84Complete

Attack Narrative

An attacker positioned on the network can intercept encrypted payment payloads via the missing certificate pinning. Because ECB mode preserves plaintext block structure, the attacker can identify recurring payment amounts, detect block-level patterns to reconstruct credit card numbers, and replay modified encrypted blocks to alter transaction amounts — affecting all 2.3M monthly active users.

Attack Path

1. Attacker intercepts TLS traffic (no certificate pinning)
2. Captures encrypted payment payload from POST /api/v2/payment
3. ECB block analysis reveals repeating 16-byte patterns
4. Block substitution attack modifies transaction amount

Proof of Concept frida

Java.perform(function() { var Cipher = Java.use("javax.crypto.Cipher"); Cipher.doFinal.overload("[B") .implementation = function(b) { console.log("[STRIKE] Input: " + hexdump(b)); return this.doFinal(b); }; });
Output

Results that matter. Noise eliminated.

AI-correlated findings with severity, OWASP mapping, agent attribution, and auto-validation verdicts. Every finding can be escalated to DEFYKT Strike for full exploitation analysis.

Severity Breakdown

Critical3
High5
Medium8
Low6
Info4

Top Findings

CRITECB mode in payment encryptionbinary-analyst✔ Confirmed
CRITSession token not invalidated on logoutauth-analyst✔ Confirmed
CRITCertificate pinning not implementednetwork-analyst✔ Confirmed
HIGHPII in cleartext SharedPreferencesstorage-analyst✔ Confirmed
HIGHHardcoded AWS access key in BuildConfigauth-analyst▲ Adjusted
HIGHNo brute force protection on login endpointauth-analyst✔ Confirmed
MEDDevice ID shared with third-party SDKsprivacy-analyst✔ Confirmed
LOWBackup flag enabled in manifestbinary-analyst✘ Rejected
Targets

Every platform. Every ingestion path.

Upload a binary, search an app store, or pull directly from a connected device.

Apple

iOS / iPadOS

Full IPA analysis including entitlements, Info.plist inspection, Objective-C and Swift decompilation. Runtime testing on iOS simulators or physical devices with Frida instrumentation and mitmproxy interception.

IPA UploadApp Store SearchiOS SimulatorPhysical Device
Android

Android

Deep APK analysis with JADX decompilation, APKtool extraction, manifest parsing, and smali inspection. Dynamic testing on Android emulators or physical hardware via ADB with full Frida and mitmproxy support.

APK UploadPlay Store SearchAndroid EmulatorPhysical Device

Zero tolerance for defects.

Early access is open. See what DEFYKT finds in your apps.

Request Early Access