APK analysis

# Analyze URLs in apk:
# https://github.com/shivsahni/APKEnum
python APKEnum.py -p ~/Downloads/app-debug.apk

# Get endpoints from apk:
# https://github.com/s0md3v/Diggy
./diggy.sh ~/any.apk | grep -oP '(?<=:)[^ ]*'

# Get url from apk:
apktool d app.apk -o folder; grep -Phro "(https?://)[\w\.-/]+[\"'\`]" folder/ | sed 's#"##g' | anew | grep -v "w3\|android\|github\|http://schemas.android\|google\|http://goo.gl"

# Urls and secrets
# https://github.com/dwisiswant0/apkleaks
python apkleaks.py -f ~/path/to/file.apk

# Quick wins tool
# https://github.com/mzfr/slicer
slicer -d path/to/extact/apk

# Unpack apk and find interesting strings
apktool d app_name.apk
grep -EHirn "accesskey|admin|aes|api_key|apikey|checkClientTrusted|crypt|http:|https:|password|pinning|secret|SHA256|SharedPreferences|superuser|token|X509TrustManager|insert into" APKfolder/


https://six2dez.gitbook.io/pentest-book/

PreviousQuick Reference Commands and Code NextLinux Shell

Last updated 3 years ago

Was this helpful?