Tool which gathers basic info from apk, which can be used for Android penetration testing.
REQUIREMENTS AND INSTALLATION
git clone https://github.com/jayateertha043/apksec.git cd apksec go build apksec.go
Install using go install:
go install github.com/jayateertha043/[email protected]
apksec -apk "path to apk"
Incase you want to grab results from virustotal:
apksec -apk "path to apk" -vt "virustotal_api_key"
- Extract general package information from apk
- Find android permissions used by apk
- Find apk certificate, signature, hashes
- Find informations from meta-data
- Find exported activities without permission
- Find exported content provider without permission
- Find exported broadcast receiver without permission
- Find exported services without permission
- Use VirusTotal to obtain summary of apk and detect malicious apk
- Extract informations from deep links
- Extract common api keys/secrets from strings
- Inspired from andpalmier/apkingo
Notable 3rd party libraries used:
- Twitter: @jayateerthaG
- Github: @jayateertha043