APKSEC
Tool which gathers basic info from apk, which can be used for Android penetration testing.
REQUIREMENTS AND INSTALLATION
Build APKSEC:
git clone https://github.com/jayateertha043/apksec.git
cd apksec
go build apksec.go
or
Install using go install:
go install github.com/jayateertha043/[email protected]
Run apksec:
apksec -h
Usage
apksec -apk "path to apk"
Incase you want to grab results from virustotal:
apksec -apk "path to apk" -vt "virustotal_api_key"
Demo
Features
- Extract general package information from apk
- Find android permissions used by apk
- Find apk certificate, signature, hashes
- Find informations from meta-data
- Find exported activities without permission
- Find exported content provider without permission
- Find exported broadcast receiver without permission
- Find exported services without permission
- Use VirusTotal to obtain summary of apk and detect malicious apk
Todo
- Extract informations from deep links
- Extract common api keys/secrets from strings
Credits
- Inspired from andpalmier/apkingo
Notable 3rd party libraries used:
Author
- Twitter: @jayateerthaG
- Github: @jayateertha043