All Projects → dwisiswant0 → Apkleaks

dwisiswant0 / Apkleaks

Licence: apache-2.0
Scanning APK file for URIs, endpoints & secrets.

Programming Languages

python
103659 projects - #7 most used programming language
Dockerfile
9115 projects

Projects that are alternatives of or similar to Apkleaks

Dexcalibur
[Official] Android reverse engineering tool focused on dynamic instrumentation automation. Powered by Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Stars: ✭ 512 (-81.09%)
Mutual labels:  apk, mobile-security, reverse-engineering, android-security
Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+277.24%)
Mutual labels:  apk, static-analysis, mobile-security, android-security
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (-32.14%)
Mutual labels:  mobile-security, reverse-engineering, bugbounty, android-security
Rms Runtime Mobile Security
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Stars: ✭ 1,194 (-55.89%)
Mutual labels:  mobile-security, reverse-engineering, android-security
Andromeda
Andromeda - Interactive Reverse Engineering Tool for Android Applications
Stars: ✭ 627 (-76.84%)
Mutual labels:  apk, static-analysis, reverse-engineering
mobileAudit
Django application that performs SAST and Malware Analysis for Android APKs
Stars: ✭ 140 (-94.83%)
Mutual labels:  apk, android-security, mobile-security
Adhrit
Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Stars: ✭ 399 (-85.26%)
Mutual labels:  apk, mobile-security, android-security
Androl4b
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Stars: ✭ 908 (-66.46%)
Mutual labels:  mobile-security, reverse-engineering
Frida Snippets
Hand-crafted Frida examples
Stars: ✭ 1,081 (-60.07%)
Mutual labels:  mobile-security, reverse-engineering
Appmon
Documentation:
Stars: ✭ 1,157 (-57.26%)
Mutual labels:  mobile-security, reverse-engineering
Amdh
Android Mobile Device Hardening
Stars: ✭ 95 (-96.49%)
Mutual labels:  static-analysis, android-security
Panopticon
A libre cross-platform disassembler.
Stars: ✭ 1,376 (-49.17%)
Mutual labels:  static-analysis, reverse-engineering
Bap
Binary Analysis Platform
Stars: ✭ 1,385 (-48.84%)
Mutual labels:  static-analysis, reverse-engineering
Android Classyshark
Android and Java bytecode viewer
Stars: ✭ 6,930 (+156%)
Mutual labels:  apk, apk-parser
Apk Mitm
🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection
Stars: ✭ 893 (-67.01%)
Mutual labels:  apk, reverse-engineering
Stacoan
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (-73.88%)
Mutual labels:  mobile-security, bugbounty
Java Disassembler
The Java Disassembler
Stars: ✭ 114 (-95.79%)
Mutual labels:  static-analysis, reverse-engineering
Malwarelab vm Setup
Setup scripts for my Malware Analysis VMs
Stars: ✭ 126 (-95.35%)
Mutual labels:  static-analysis, reverse-engineering
Apk Utilities
🛠 Tools and scripts to manipulate Android APKs
Stars: ✭ 134 (-95.05%)
Mutual labels:  apk, reverse-engineering
Android Reports And Resources
A big list of Android Hackerone disclosed reports and other resources.
Stars: ✭ 590 (-78.2%)
Mutual labels:  bugbounty, android-security

APKLeaks

version contributions

Scanning APK file for URIs, endpoints & secrets.

APKLeaks


Installation

It's fairly simple to install APKLeaks:

from PyPi

$ pip3 install apkleaks

from Source

Clone repository and install requirements:

$ git clone https://github.com/dwisiswant0/apkleaks
$ cd apkleaks/
$ pip3 install -r requirements.txt

from Docker

Pull the Docker image by running:

$ docker pull dwisiswant0/apkleaks:latest

Dependencies

APKLeaks using jadx disassembler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download.

Usage

Simply,

$ apkleaks -f ~/path/to/file.apk
# from Source
$ python3 apkleaks.py -f ~/path/to/file.apk
# or with Docker
$ docker run -it --rm -v /tmp:/tmp dwisiswant0/apkleaks:latest -f /tmp/file.apk

Options

Here are all the options it supports.

Argument Description Example
-f, --file APK file to scanning apkleaks -f file.apk
-o, --output Write to file results (random if not set) apkleaks -f file.apk -o results.txt
-p, --pattern Path to custom patterns JSON apkleaks -f file.apk -p custom-rules.json
-a, --args Disassembler arguments apkleaks -f file.apk --args="--deobf --log-level DEBUG"
--json Save as JSON format apkleaks -f file.apk -o results.json --json

Output

In general, if you don't provide -o argument, then it will generate results file automatically.

NOTE: By default it will also save the results in text format, use --json argument if you want JSON output format.

Pattern

Custom patterns can be added with the following argument to provide sensitive search rules in the JSON file format: --pattern /path/to/custom-rules.json. If not set, it'll use default patterns from regexes.json file.

Example patterns file:

// custom-rules.json
{
  "Amazon AWS Access Key ID": "AKIA[0-9A-Z]{16}",
  ...
}
$ apkleaks -f /path/to/file.apk -p rules.json -o ~/Documents/apkleaks-results.txt

Arguments (disassembler)

We give user complete discretion to pass the disassembler arguments. For example, if you want to activate threads in jadx decompilation process, you can add it with -a/--args argument, example: --args="--threads-count 5".

$ apkleaks -f /path/to/file.apk -a "--deobf --log-level DEBUG"

NOTE: Please pay attention to the default disassembler arguments we use to prevent collisions.

License

apkleaks is distributed under Apache 2.

Acknowledments

Since this tool includes some contributions, and I'm not an asshole, I'll publically thank the following users for their helps and resources:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected]