Grapefruit is an open-source mobile security testing suite designed for runtime instrumentation of iOS and Android applications. It empowers security researchers and developers to inspect, hook, and modify mobile apps through a user-friendly web interface, offering deep insights into application behavior.

How It Works

Leveraging the power of Frida, Grapefruit acts as a dynamic instrumentation toolkit. It allows users to intercept native and managed functions, monitor cryptographic operations, browse filesystems, inspect SQLite databases, and stream logs in real-time. Its architecture enables granular control and visibility into application processes without requiring source code access or recompilation, facilitating efficient security analysis and debugging.

Quick Start & Requirements

• Installation: Install globally via npm: npm install -g igf or run directly using npx igf. Prebuilt binaries are available on GitHub Releases.
• Prerequisites: A Frida server must be running on the target iOS or Android device. Refer to official Frida setup guides for device-specific instructions.
• Note: The npm package is not compatible with bunx.

Highlighted Details

• Runtime Method Hooking with structured logging.
• Cryptographic API Interception with data capture.
• Filesystem Browser, SQLite Database Inspection, Syslog Streaming.
• Support for Flutter and React Native applications.
• Privacy Monitor for sensitive API access (camera, microphone, location).
• AI assistance for generating hook scripts.
• iOS Keychain access, NSURL session traffic capture (HTTP/HTTPS/WebSocket).
• Android Keystore inspection and JNI call tracing.

Maintenance & Community

No specific community links (e.g., Discord, Slack) or notable contributors/sponsorships are detailed in the provided README.

Licensing & Compatibility

The project is licensed under the MIT license, which is permissive for commercial use and integration into closed-source projects.

Limitations & Caveats

Grapefruit explicitly does not include built-in bypasses for common anti-tampering protections such as Frida detection, SSL/TLS certificate pinning, or jailbreak/root detection. For remote access or multi-user scenarios, Grapefruit must be secured behind a reverse proxy (e.g., Caddy) with authentication, as it binds to 127.0.0.1 by default and lacks built-in authentication mechanisms.