I built Exfault, agentic mobile app pentesting tool

Hi HN, I am the creator of Exfault. I am building autonomous AI agents that find vulnerabilities in Android apps.

I have noticed there are growing number of AI native pentesting tools for web apps but very few for mobile or Android. With more mobile apps being shipped quickly due to vibe coding, I wanted to build an AI native security tool specifically for Android apps.

Exfault combines static and dynamic analysis with AI agents using tools like adb,jadx, apktool for static analysis and reverse engineering, frida for dynamic analysis, hermes-dec for React native decompilation. The AI agents have access to real Android emulators to peform navigation, explore functionality and validate vulnerabilities before reporting them improving both the quality of reports and also the rate of false positives.

Instead of uploading an apk or aab, you can simply enter an Android package name (com.example.app), Our backend automatically acquires a compatible build, installs it in an emulator so the agents can test your app.

For authenticated testing, you can provide test credentials and the agent will automatically sign in and continue exploring the authenticated attack surface. I'm also working on a human-in-the-loop login helper for more complex authentication flows involving MFA, Email verification etc.

There's a free demo available if you'd like to try it on your own app.

I'd really appreciate your thoughts and feedback!

https://exfault.com