Tool which gathers basic info from apk, which can be used for Android penetration testing.

APKSEC

Tool which gathers basic info from apk, which can be used for Android penetration testing.

REQUIREMENTS AND INSTALLATION

Build APKSEC:

git clone https://github.com/jayateertha043/apksec.git
cd apksec
go build apksec.go

or

Install using go install:

go install github.com/jayateertha043/apksec@latest

Run apksec:

apksec -h

Usage

apksec -apk "path to apk"

Incase you want to grab results from virustotal:

apksec -apk "path to apk" -vt "virustotal_api_key"

Demo

Features

  • Extract general package information from apk
  • Find android permissions used by apk
  • Find apk certificate, signature, hashes
  • Find informations from meta-data
  • Find exported activities without permission
  • Find exported content provider without permission
  • Find exported broadcast receiver without permission
  • Find exported services without permission
  • Use VirusTotal to obtain summary of apk and detect malicious apk

Todo

  • Extract informations from deep links
  • Extract common api keys/secrets from strings

Credits

Notable 3rd party libraries used:

Author

👤 Jayateertha G

Owner
Jayateertha Guruprasad
Developer by ☀️, Security Researcher by 🌑
Jayateertha Guruprasad
https://github.com/jayateertha043/apksec
Similar Resources

Создание библиотеки Go для Android

gomobile-simple-example Пример создания библиотеки для android Структура проекта: gomobile-simple-example/ --app/ ------libs/ --libmobile/ ----src/ --

Dec 4, 2021

Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.

Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.

sigstore-scaffolding This repository contains scaffolding to make standing up a full sigstore stack easier and automatable. Our focus is on running on

Dec 27, 2022

Igo Agent is the agent of Igo, a command-line tool, through which you can quickly start Igo

igo agent 英文 | 中文 Igo Agent is the agent of Igo, a command-line tool, through which you can quickly start Igo, and other capabilities may be added lat

Dec 22, 2021

Rename-pvc can rename PersistentVolumeClaims (PVCs) inside KubernetesRename-pvc can rename PersistentVolumeClaims (PVCs) inside Kubernetes

rename-pvc rename-pvc can rename PersistentVolumeClaims (PVCs) inside Kubernetes. ⚠️ Be sure to create a backup of your data in the PVC before using r

Oct 31, 2022

Output all versions of a local git repo, which could be used as test data for your ML program.

gitwalker Output all versions of a local git repo, which could be used as test data for your ML program. Notice This program is under development. Cur

Dec 27, 2021

An Alert notification service is an application which can receive alerts from certain alerting systems like System_X and System_Y and send these alerts to developers in the form of SMS and emails.

Alert-System An Alert notification service is an application which can receive alerts from certain alerting systems like System_X and System_Y and sen

Dec 10, 2021

A software which can manage and analysis your hands played on GGPoker and Natural8

PokerManager PokerManagr is a software which can manage and analysis your hands played on GGPoker and Natural8 Related Installation Web server : Nginx

Apr 20, 2022

ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)

ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run, exec, cp, logs, stop)

English / 日本語 ecsk ECS + Task = ecsk 😆 ecsk is a CLI tool to interactively use frequently used functions of docker command in Amazon ECS. (docker run

Dec 13, 2022

A tool used for developing using Kubernetes

A tool used for developing using Kubernetes

A tool used for developing using Kubernetes. It allows you to easily inject your own code in place of a running service.

Dec 10, 2022
Related tags
DevOps Tools apksec
APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.
 APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.

APKrash APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging. Features Able to analyze pu

Nov 8, 2022
Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers.

Cloud-Z Cloud-Z gathers information and perform benchmarks on cloud instances in multiple cloud providers. Cloud type, instance id, and type CPU infor

Jun 8, 2022
Apko: Build images for apk-based distributions declaratively

apko Build images for apk-based distributions declaratively! Why When maintainin

Jan 4, 2023
Basic Kubernetes operator that have multiple versions in CRD. This operator can be used to experiment and understand Operator/CRD behaviors.

add-operator Basic Kubernetes operator that have multiple versions in CRD. This operator can be used to experiment and understand Operator/CRD behavio

Dec 15, 2021
General Pod Autoscaler(GPA) is a extension for K8s HPA, which can be used not only for serving, also for game.
 General Pod Autoscaler(GPA) is a extension for K8s HPA, which can be used not only for serving, also for game.

Introduction General Pod Autoscaler(GPA) is a extension for K8s HPA, which can be used not only for serving, also for game. Features Compatible with a

Aug 19, 2022
This library provides a metrics package which can be used to instrument code, expose application metrics, and profile runtime performance in a flexible manner.

This library provides a metrics package which can be used to instrument code, expose application metrics, and profile runtime performance in a flexible manner.

Jan 18, 2022
A penetration toolkit for container environment

ctrsploit: A penetration toolkit for container environment 中文文档 Pre-Built Release https://github.com/ctrsploit/ctrsploit/releases Usage Quick-Start wg

Dec 6, 2022
CDK - Zero Dependency Container Penetration Toolkit
 CDK - Zero Dependency Container Penetration Toolkit

CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.

Dec 29, 2022
"go build" wrapper to add version info to Golang applications

govvv The simple Go binary versioning tool that wraps the go build command. Stop worrying about -ldflags and go get github.com/ahmetb/govvv now. Build

Dec 16, 2022
"go build" wrapper to add version info to Golang applications

govvv The simple Go binary versioning tool that wraps the go build command. Stop worrying about -ldflags and go get github.com/ahmetb/govvv now. Build

Dec 16, 2022