dwisiswant0 / Apkleaks

Licence: apache-2.0

Scanning APK file for URIs, endpoints & secrets.

Programming Languages

python

139335 projects - #7 most used programming language

Dockerfile

14818 projects

Projects that are alternatives of or similar to Apkleaks

Dexcalibur

[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.

Stars: ✭ 512 (-81.09%)

Mutual labels: apk, mobile-security, reverse-engineering, android-security

Mobile Security Framework Mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Stars: ✭ 10,212 (+277.24%)

Mutual labels: apk, static-analysis, mobile-security, android-security

Awesome Mobile Security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

Stars: ✭ 1,837 (-32.14%)

Mutual labels: mobile-security, reverse-engineering, bugbounty, android-security

Rms Runtime Mobile Security

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

Stars: ✭ 1,194 (-55.89%)

Mutual labels: mobile-security, reverse-engineering, android-security

Andromeda

Andromeda - Interactive Reverse Engineering Tool for Android Applications

Stars: ✭ 627 (-76.84%)

Mutual labels: apk, static-analysis, reverse-engineering

mobileAudit

Django application that performs SAST and Malware Analysis for Android APKs

Stars: ✭ 140 (-94.83%)

Mutual labels: apk, android-security, mobile-security

Adhrit

Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.

Stars: ✭ 399 (-85.26%)

Mutual labels: apk, mobile-security, android-security

Androl4b

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Stars: ✭ 908 (-66.46%)

Mutual labels: mobile-security, reverse-engineering

Frida Snippets

Hand-crafted Frida examples

Stars: ✭ 1,081 (-60.07%)

Mutual labels: mobile-security, reverse-engineering

Appmon

Documentation:

Stars: ✭ 1,157 (-57.26%)

Mutual labels: mobile-security, reverse-engineering

Amdh

Android Mobile Device Hardening

Stars: ✭ 95 (-96.49%)

Mutual labels: static-analysis, android-security

Panopticon

A libre cross-platform disassembler.

Stars: ✭ 1,376 (-49.17%)

Mutual labels: static-analysis, reverse-engineering

Bap

Binary Analysis Platform

Stars: ✭ 1,385 (-48.84%)

Mutual labels: static-analysis, reverse-engineering

Android Classyshark

Android and Java bytecode viewer

Stars: ✭ 6,930 (+156%)

Mutual labels: apk, apk-parser

Apk Mitm

🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection

Stars: ✭ 893 (-67.01%)

Mutual labels: apk, reverse-engineering

Stacoan

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

Stars: ✭ 707 (-73.88%)

Mutual labels: mobile-security, bugbounty

Java Disassembler

The Java Disassembler

Stars: ✭ 114 (-95.79%)

Mutual labels: static-analysis, reverse-engineering

Malwarelab vm Setup

Setup scripts for my Malware Analysis VMs

Stars: ✭ 126 (-95.35%)

Mutual labels: static-analysis, reverse-engineering

Apk Utilities

🛠 Tools and scripts to manipulate Android APKs

Stars: ✭ 134 (-95.05%)

Mutual labels: apk, reverse-engineering

Android Reports And Resources

A big list of Android Hackerone disclosed reports and other resources.

Stars: ✭ 590 (-78.2%)

Mutual labels: bugbounty, android-security

View All Similar Projects ➔

APKLeaks

Scanning APK file for URIs, endpoints & secrets.

Installation
Usage
- Options
License
Acknowledments

Installation

It's fairly simple to install APKLeaks:

from PyPi

$ pip3 install apkleaks

from Source

Clone repository and install requirements:

$ git clone https://github.com/dwisiswant0/apkleaks
$ cd apkleaks/
$ pip3 install -r requirements.txt

from Docker

Pull the Docker image by running:

$ docker pull dwisiswant0/apkleaks:latest

Dependencies

APKLeaks using jadx disassembler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download.

Usage

Simply,

$ apkleaks -f ~/path/to/file.apk
# from Source
$ python3 apkleaks.py -f ~/path/to/file.apk
# or with Docker
$ docker run -it --rm -v /tmp:/tmp dwisiswant0/apkleaks:latest -f /tmp/file.apk

Options

Here are all the options it supports.

Argument	Description	Example
-f, --file	APK file to scanning	`apkleaks -f file.apk`
-o, --output	Write to file results (random if not set)	`apkleaks -f file.apk -o results.txt`
-p, --pattern	Path to custom patterns JSON	`apkleaks -f file.apk -p custom-rules.json`
-a, --args	Disassembler arguments	`apkleaks -f file.apk --args="--deobf --log-level DEBUG"`
--json	Save as JSON format	`apkleaks -f file.apk -o results.json --json`

Output

In general, if you don't provide -o argument, then it will generate results file automatically.

NOTE: By default it will also save the results in text format, use --json argument if you want JSON output format.

Pattern

Custom patterns can be added with the following argument to provide sensitive search rules in the JSON file format: --pattern /path/to/custom-rules.json. If not set, it'll use default patterns from regexes.json file.

Example patterns file:

// custom-rules.json
{
  "Amazon AWS Access Key ID": "AKIA[0-9A-Z]{16}",
  ...
}

$ apkleaks -f /path/to/file.apk -p rules.json -o ~/Documents/apkleaks-results.txt

Arguments (disassembler)

We give user complete discretion to pass the disassembler arguments. For example, if you want to activate threads in jadx decompilation process, you can add it with -a/--args argument, example: --args="--threads-count 5".

$ apkleaks -f /path/to/file.apk -a "--deobf --log-level DEBUG"

NOTE: Please pay attention to the default disassembler arguments we use to prevent collisions.

License

apkleaks is distributed under Apache 2.

Acknowledments

Since this tool includes some contributions, and I'm not an asshole, I'll publically thank the following users for their helps and resources:

@ndelphit - for his inspiring apkurlgrep, that's why this tool was made.
@dxa4481 and y'all who contribute to truffleHogRegexes.
@GerbenJavado & @Bankde - for awesome pattern to discover URLs, endpoints & their parameters from LinkFinder.
@tomnomnom - a gf patterns.
@pxb1988 - for awesome APK dissambler dex2jar.
@subho007 for standalone APK parser.
SHA2048#4361 (Discord user) that help me porting code to Python3.
@Ry0taK because he had reported an OS command injection bug.
@dee__see - for curated potentially sensitive tokens, NotKeyHacks.
All contributors.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

dwisiswant0 / Apkleaks

Programming Languages

Labels

Projects that are alternatives of or similar to Apkleaks

APKLeaks

Installation

from PyPi

from Source

from Docker

Dependencies

Usage

Options

Output

Pattern

Arguments (disassembler)

License

Acknowledments