APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.

Overview

APKrash

License: MIT

APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.


Features

  • Able to analyze pure Android Manifests, APKs, AABs and JARs.
  • Downloads APKs from Google Play Store to perform analysis.
  • Analyzes and detects differences on permissions, activities, services, receivers, providers, features and source code.
  • With optional dependencies, supports APK extraction, decompiling and conversion to JAR.
  • Outputs results as plain text, tables and JSON.

Install

You can download a pre-compiled binary from the Releases page.

Alternatively, you can install APKrash using the following commands:

git clone https://github.com/kamushadenes/apkrash.git
cd apkrash/cmd
go build -o apkrash

Dependencies

Those are optional non-Go dependencies that enable certain features.

apktool

For the extract command

bundletool

To support .aab files

dex2jar

For the jar command

jadx

For the decompile command and for using the -l flag to compare source code files

Usage

apkrash help
Android APK security analysis toolkit

Usage:
  apkrash [command]

Available Commands:
  analyze     Analyze an APK or Manifest
  compare     Compares two APKs or Manifests
  completion  Generate the autocompletion script for the specified shell
  decompile   Decompile APK into Java code using jadx
  extract     Extract APK using apktool
  help        Help about any command
  jar         Convert APK to JAR using dex2jar

Flags:
  -c, --color             Output with color (only valid for text mode)
  -e, --email string      Email to use for downloading APKs from Google Play
  -o, --format string     Output format, one of text, json, json_pretty, table (default "text")
  -h, --help              help for apkrash
  -d, --onlyDiffs         Output only diffs (only valid for text mode)
  -w, --password string   Password to use for downloading APKs from Google Play

Use "apkrash [command] --help" for more information about a command.

Analyze an APK or Manifest

apkrash analyze <file.apk or AndroidManifest.xml>

Compare two APKs

apkrash compare <file1.apk or AndroidManifest1.xml> <file2.apk or AndroidManifest2.xml>

Decompile an APK using jadx

apkrash decompile <file.apk> [output_dir]

Extract an APK using apktool

apkrash extract <file.apk> [output_dir]

Convert APK to JAR using dex2jar

apkrash jar <file.apk> [output_dir]

Examples

Compare two APKs showing only diffs with colored output

apkrash compare -c -d apk1.apk apk2.apk

Analyze an APK and output to JSON (pretty), including files and statistics

apkrash analyze -o json_pretty -f apk.apk

Compare two APKs and their source code, outputting to JSON

Note: this may take a few minutes as the APK needs to be decompiled using jadx

apkrash compare -o json -f -l apk1.apk apk2.apk

Roadmap

  • Add support for AndroidManifest.xml
  • Add support for APKs
  • Add support for JARs
  • Add support for AABs
  • Add support for downloading APKs from Play Store
  • Add support for downloading APKs from other stores

Credits

Show your support

Give a ⭐️ if this project helped you!

You might also like...
Go package that aids in binary analysis and exploitation

sploit Sploit is a Go package that aids in binary analysis and exploitation. The motivating factor behind the development of sploit is to be able to h

k6-to-honeycomb is a program that sends k6 results into Honeycomb for visualization and analysis.
k6-to-honeycomb is a program that sends k6 results into Honeycomb for visualization and analysis.

k6-to-honeycomb k6-to-honeycomb is a program that sends k6 results into Honeycomb for visualization and analysis. Getting Started k6-to-honeycomb is a

Metrics go: CudgX indicator management tool, which integrates monitoring and data analysis indicator capabilities

Metrics-Go metrics-go 是cudgx指标打点工具,它集成了监控和数据分析指标能力。 数据流程 指标数据流程为: 用户代码调用打点 SDK指标

The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials. Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification
Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification

OpenShift-Ordeal Scan your Openshift cluster !! OpenShift-Ordeal is an open source audit scanner who perform audit check on OpenShift Cluster and outp

GitHub App to set and enforce security policies

Allstar Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuousl

A golang CTF competition platform with high-performance, security and low hardware requirements.
A golang CTF competition platform with high-performance, security and low hardware requirements.

CTFgo - CTF Platform written in Golang A golang CTF competition platform with high-performance, security and low hardware requirements. Live Demo • Di

🔥 🔥   Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥
🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥

CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper. Live demo of Log4J Vulnerability her

Vulnerability Static Analysis for Containers
Vulnerability Static Analysis for Containers

Clair Note: The main branch may be in an unstable or even broken state during development. Please use releases instead of the main branch in order to

Owner
Henrique Goncalves
Security Specialist and Entrepreneur
Henrique Goncalves
Apko: Build images for apk-based distributions declaratively

apko Build images for apk-based distributions declaratively! Why When maintainin

Chainguard 616 Nov 30, 2022
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Ederson Brilhante 79 Nov 17, 2022
A golang package for comparing and working with k0s version numbers

version A go-language package for managing k0s version numbers. It is based on hashicorp/go-version but adds sorting and comparison capabilities for t

k0s - The Zero Friction Kubernetes by Team Lens 0 Feb 7, 2022
Tpf2-tpnetmap-toolkit - A toolkit to create svg map images from TransportFever2 world data

tpf2-tpnetmap-toolkit TransportFever2 のワールドデータから svg のマップ画像を作成するツールキットです。 1. 導入方

Nosrith 1 Feb 17, 2022
🥑 Language focused docker images, minus the operating system.

"Distroless" Docker Images "Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shell

null 14.3k Dec 5, 2022
Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

Kube-Knark Project Trace your kubernetes runtime !! Kube-Knark is an open source tracer uses pcap & ebpf technology to perform runtime tracing on a de

Chen Keinan 32 Sep 19, 2022
Создание библиотеки Go для Android

gomobile-simple-example Пример создания библиотеки для android Структура проекта: gomobile-simple-example/ --app/ ------libs/ --libmobile/ ----src/ --

Alexei 0 Dec 4, 2021
:paw_prints: Detect if a file is binary or text

Binary Go module and command line utility for checking if the given file or data is likely to be binary or text. It does so by reading the first, midd

Alexander F. Rødseth 4 Jul 27, 2022
A software which can manage and analysis your hands played on GGPoker and Natural8

PokerManager PokerManagr is a software which can manage and analysis your hands played on GGPoker and Natural8 Related Installation Web server : Nginx

null 1 Apr 20, 2022