APKSEC

Tool which gathers basic info from apk, which can be used for Android penetration testing.

REQUIREMENTS AND INSTALLATION

Build APKSEC:

git clone https://github.com/jayateertha043/apksec.git
cd apksec
go build apksec.go

or

Install using go install:

go install github.com/jayateertha043/[email protected]

Run apksec:

apksec -h

Usage

apksec -apk "path to apk"

Incase you want to grab results from virustotal:

apksec -apk "path to apk" -vt "virustotal_api_key"

Demo

Features

  • Extract general package information from apk
  • Find android permissions used by apk
  • Find apk certificate, signature, hashes
  • Find informations from meta-data
  • Find exported activities without permission
  • Find exported content provider without permission
  • Find exported broadcast receiver without permission
  • Find exported services without permission
  • Use VirusTotal to obtain summary of apk and detect malicious apk

Todo

  • Extract informations from deep links
  • Extract common api keys/secrets from strings

Credits

Notable 3rd party libraries used:

Author

👤 Jayateertha G

GitHub

View Github