Tool which gathers basic info from apk, which can be used for Android penetration testing.

Related tags

DevOps Tools apksec
Overview

APKSEC

Tool which gathers basic info from apk, which can be used for Android penetration testing.

REQUIREMENTS AND INSTALLATION

Build APKSEC:

git clone https://github.com/jayateertha043/apksec.git
cd apksec
go build apksec.go

or

Install using go install:

go install github.com/jayateertha043/[email protected]

Run apksec:

apksec -h

Usage

apksec -apk "path to apk"

Incase you want to grab results from virustotal:

apksec -apk "path to apk" -vt "virustotal_api_key"

Demo

Features

  • Extract general package information from apk
  • Find android permissions used by apk
  • Find apk certificate, signature, hashes
  • Find informations from meta-data
  • Find exported activities without permission
  • Find exported content provider without permission
  • Find exported broadcast receiver without permission
  • Find exported services without permission
  • Use VirusTotal to obtain summary of apk and detect malicious apk

Todo

  • Extract informations from deep links
  • Extract common api keys/secrets from strings

Credits

Notable 3rd party libraries used:

Author

👤 Jayateertha G

You might also like...
Создание библиотеки Go для Android

gomobile-simple-example Пример создания библиотеки для android Структура проекта: gomobile-simple-example/ --app/ ------libs/ --libmobile/ ----src/ --

Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.

sigstore-scaffolding This repository contains scaffolding to make standing up a full sigstore stack easier and automatable. Our focus is on running on

Igo Agent is the agent of Igo, a command-line tool, through which you can quickly start Igo

igo agent 英文 | 中文 Igo Agent is the agent of Igo, a command-line tool, through which you can quickly start Igo, and other capabilities may be added lat

Rename-pvc can rename PersistentVolumeClaims (PVCs) inside KubernetesRename-pvc can rename PersistentVolumeClaims (PVCs) inside Kubernetes

rename-pvc rename-pvc can rename PersistentVolumeClaims (PVCs) inside Kubernetes. ⚠️ Be sure to create a backup of your data in the PVC before using r

Output all versions of a local git repo, which could be used as test data for your ML program.

gitwalker Output all versions of a local git repo, which could be used as test data for your ML program. Notice This program is under development. Cur

An Alert notification service is an application which can receive alerts from certain alerting systems like System_X and System_Y and send these alerts to developers in the form of SMS and emails.

Alert-System An Alert notification service is an application which can receive alerts from certain alerting systems like System_X and System_Y and sen

A software which can manage and analysis your hands played on GGPoker and Natural8

PokerManager PokerManagr is a software which can manage and analysis your hands played on GGPoker and Natural8 Related Installation Web server : Nginx

ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)
ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)

English / 日本語 ecsk ECS + Task = ecsk 😆 ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run

A tool used for developing using Kubernetes
A tool used for developing using Kubernetes

A tool used for developing using Kubernetes. It allows you to easily inject your own code in place of a running service.

Owner
Jayateertha Guruprasad
Developer by ☀️, Security Researcher by 🌑
Jayateertha Guruprasad
APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.

APKrash APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging. Features Able to analyze pu

Henrique Goncalves 11 Nov 8, 2022
Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers.

Cloud-Z Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers. Cloud type, instance id, and type CPU infor

CloudSnorkel 16 Jun 8, 2022
Apko: Build images for apk-based distributions declaratively

apko Build images for apk-based distributions declaratively! Why When maintainin

Chainguard 645 Jan 4, 2023
Basic Kubernetes operator that have multiple versions in CRD. This operator can be used to experiment and understand Operator/CRD behaviors.

add-operator Basic Kubernetes operator that have multiple versions in CRD. This operator can be used to experiment and understand Operator/CRD behavio

Dinesh Parvathaneni 0 Dec 15, 2021
General Pod Autoscaler(GPA) is a extension for K8s HPA, which can be used not only for serving, also for game.

Introduction General Pod Autoscaler(GPA) is a extension for K8s HPA, which can be used not only for serving, also for game. Features Compatible with a

Open Cloud-native Game-application Initiative 15 Aug 19, 2022
This library provides a metrics package which can be used to instrument code, expose application metrics, and profile runtime performance in a flexible manner.

This library provides a metrics package which can be used to instrument code, expose application metrics, and profile runtime performance in a flexible manner.

null 0 Jan 18, 2022
A penetration toolkit for container environment

ctrsploit: A penetration toolkit for container environment 中文文档 Pre-Built Release https://github.com/ctrsploit/ctrsploit/releases Usage Quick-Start wg

null 44 Dec 6, 2022
CDK - Zero Dependency Container Penetration Toolkit

CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.

null 2.7k Dec 29, 2022
"go build" wrapper to add version info to Golang applications

govvv The simple Go binary versioning tool that wraps the go build command. Stop worrying about -ldflags and go get github.com/ahmetb/govvv now. Build

Ahmet Alp Balkan 529 Dec 16, 2022
"go build" wrapper to add version info to Golang applications

govvv The simple Go binary versioning tool that wraps the go build command. Stop worrying about -ldflags and go get github.com/ahmetb/govvv now. Build

Ahmet Alp Balkan 529 Dec 16, 2022