APK analysis
# Analyze URLs in apk:
# https://github.com/shivsahni/APKEnum
python APKEnum.py -p ~/Downloads/app-debug.apk
# Get endpoints from apk:
# https://github.com/s0md3v/Diggy
./diggy.sh ~/any.apk | grep -oP '(?<=:)[^ ]*'
# Get url from apk:
apktool d app.apk -o folder; grep -Phro "(https?://)[\w\.-/]+[\"'\`]" folder/ | sed 's#"##g' | anew | grep -v "w3\|android\|github\|http://schemas.android\|google\|http://goo.gl"
# Urls and secrets
# https://github.com/dwisiswant0/apkleaks
python apkleaks.py -f ~/path/to/file.apk
# Quick wins tool
# https://github.com/mzfr/slicer
slicer -d path/to/extact/apk
# Unpack apk and find interesting strings
apktool d app_name.apk
grep -EHirn "accesskey|admin|aes|api_key|apikey|checkClientTrusted|crypt|http:|https:|password|pinning|secret|SHA256|SharedPreferences|superuser|token|X509TrustManager|insert into" APKfolder/
https://six2dez.gitbook.io/pentest-book/Last updated