A web-based toolkit for Android and iOS penetration testing and mobile application security analysis, Frida Script Runner simplifies interaction with Frida. It targets security researchers and penetration testers, offering a user-friendly interface for executing custom scripts, managing applications, and leveraging AI for script generation, thereby enhancing efficiency in mobile security assessments.

How It Works

The project provides a Flask-based web interface that acts as a central hub for interacting with Frida on connected mobile devices. Core functionality includes executing user-defined Frida scripts, displaying real-time output, and managing application packages. A key differentiator is its AI-powered script generation, integrating with Codex CLI and MCP (Model Context Protocol) servers like Ghidra and JADX. This allows for advanced binary analysis and the creation of context-aware Frida scripts optimized for ARM Android devices, using only compatible Frida JavaScript APIs.

Quick Start & Requirements

• Installation:
  • Native: Clone the repository (git clone https://github.com/z3n70/Frida-Script-Runner.git), navigate to the directory, install dependencies (pip3 install -r requirements.txt), and run the application (python3.11 frida_script.py).
  • Docker: Use docker-compose up --build.
• Prerequisites: Python 3.11.x, Flask, Frida, ADB (for Android), ideviceinfo (for iOS). Optional AI features require Codex CLI, Ghidra MCP Server, and JADX MCP Server.
• Device Requirements: Android devices require root access for Frida server installation. iOS devices must be jailbroken with Frida installed via a package manager.
• Access: Web Interface at http://127.0.0.1:5000. Codex Bridge Tester at http://localhost:8091 (when running).

Highlighted Details

• AI-Powered Script Generation: Integrates Codex CLI with prompt engineering and MCP servers (Ghidra/JADX) for advanced binary analysis and automated Frida script creation.
• Application Management: Features include dumping APK/IPA files from devices, installing APKs onto Android devices, and a searchable list of installed packages.
• Real-time Output: Provides immediate feedback on Frida script execution directly within the web interface.
• Cross-Platform Support: Compatible with Windows, Linux, and macOS.
• ARM Android Optimization: Generated scripts are specifically optimized for stability and performance on ARM Android architectures.

Maintenance & Community

The project lists a Core Team including Karjok Hasyim, Irvan W, Yudha Alfan, and Revan. No specific community channels (like Discord or Slack) or roadmap links are provided in the README.

Licensing & Compatibility

The license type is not explicitly stated in the provided README, which is a significant omission for potential adopters. The tool is designed for authorized penetration testing and security research purposes.

Limitations & Caveats

A major adoption blocker is the requirement for root access on Android devices and a jailbroken state on iOS devices to run the Frida server. The setup for optional AI features, involving Codex CLI and MCP servers, is complex. The absence of a clear software license poses compatibility concerns for many use cases.