Claude Code pro - a major use - app vulnerability analysis

JackKirk

Well-Known Member
Licensed User
Longtime User
I thought this deserved a new thread...

As documented here, I have really been pounding Claude Code pro, auditing customer facing sister B4A/i apps.

Once I finished these audits I got to thinking "I wonder if it could do a vulnerability analysis".

Could it ever, the B4i version was the most interesting...

After doing a Tools -> Build Server -> Build Release App then Tools -> Build Server -> Build Release App -> Download Last Build to build the release .ipa

An initial prompt was similar to:

"there is an iOS .ipa at D:\xxx\xxx\xxx\xxx\xxx\Objects\xxx.ipa --- analyse for vulnerabilities"

It did a fairly superficial analysis, initial report included:

of particular interest: NO Objective-C decompilation - that needs macOS tooling (otool/class-dump) or Ghidra/Hopper

I don't have Ghidra (a free,open source software reverse engineering tool framework developed by the US Defence Dept/National Security Agency).

Spooky - and baulked at what looked like an arduous install process - including prerequisite of JDK 21.

I had JDK 19 installed so i prompted Claude Code with something like:

"set up Ghidra headless here against my JDK 19 and run its decompiler on xxx.ipa"

Churn churn churn - it went away and downloaded Ghidra and tried to run it with JDK 19.

It eventually decided JDK 19 was not going to work - so with my blessing - it installed JDK 21 ant then successfully decompiled my ipa.

After at least 45 minutes of decompiling - into D:\xxx\xxx_decompiled - including a 9MB objective c file and a few other bits.

So I then prompted:

"do a vulnerability analysis using files in D:\xxx\xxx_decompiled"

And after more to and fro during which I gave some details of related security measures I have taken I prompted.

"give a document level vulnerability assessment"

SORRY - I edited out all the juicy stuff
 
Last edited:
Cookies are required to use this site. You must accept them to continue using the site. Learn more…