dwisiswant0 / apkleaks
- суббота, 6 марта 2021 г. в 00:29:05
Scanning APK file for URIs, endpoints & secrets.
Scanning APK file for URIs, endpoints & secrets.
To install APKLeaks, simply:
$ git clone https://github.com/dwisiswant0/apkleaks
$ cd apkleaks/
$ pip3 install -r requirements.txt
APKLeaks using jadx dissambler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download or nah.
It's fairly simple,
$ python3 apkleaks.py -f ~/path/to/file.apk
$ python3 apkleaks.py -h
usage: apkleaks [-h] -f FILE [-o OUTPUT] [-p PATTERN]
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE APK file to scanning
-o OUTPUT, --output OUTPUT
Write to file results (NULL will be saved into random
file)
-p PATTERN, --pattern PATTERN
Path to custom patterns JSON
In general, if you don't provide -o
argument, then it will generate results file automatically.
Custom patterns can be added with the following flag --pattern /path/to/rules.json
to provide sensitive search rules in the JSON file format. If not set, it'll use default patterns from regexes.json file.
Example patterns file:
// rules.json
{
"Amazon AWS Access Key ID": "AKIA[0-9A-Z]{16}",
...
}
$ python apkleaks.py -f /path/to/file.apk -p rules.json -o ~/Documents/apkleaks-results.txt
Current version is v2.0.3
, and still development.
apkleaks
is distributed under Apache 2.
Since this tool includes some contributions, and I'm not an asshole, I'll publically thank the following users for their helps and resources:
apkurlgrep
, that's why this tool was made.truffleHogRegexes
.LinkFinder
.gf
patterns.dex2jar
.SHA2048#4361
(Discord user) that help me porting code to Python3.