apkleaks - Scanning APK file for URIs, endpoints & secrets.

  •        48

Scanning APK file for URIs, endpoints & secrets. APKLeaks using jadx disassembler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download.

https://github.com/dwisiswant0/apkleaks

Tags
Implementation
License
Platform

   




Related Projects

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

apk-medit - memory search and patch tool on debuggable apk without root & ndk

  •    Go

Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile game security testing. Many mobile games have rooting detection, but apk-medit does not require root privileges, so memory modification can be done without bypassing the rooting detection. Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can be used casually like GameGuardian. However, there were no tools available for non-root device and CUI. So I made it as a security testing tool. The version that targets iOS apps is aktsk/ipa-medit.

PiracyChecker - An Android library that prevents your app from being pirated / cracked using Google Play Licensing (LVL), APK signature protection and more

  •    Java

An Android library that prevents your app from being pirated / cracked using Google Play Licensing (LVL), APK signature protection and more. This library applies some techniques to help protect your app's users and attempt to thwart reverse engineers and attackers. BUT, this isn't guaranteed to stop your app from getting pirated. There is no such thing as 100% security, and a determined and skilled attacker with enough time, could remove these checks from the code. The real objective here is to raise the bar out of reach of opportunist and automatic attackers.

Apktool - A tool for reverse engineering Android apk files

  •    Java

This is the repository for Apktool. If you are looking for the Apktool website. Click here. It is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc.

android-classyshark - Executables (apk, multi-dex, jar) browser for Android, Java and Kotlin

  •    Java

ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and show important info such as class interfaces and members, dex counts and dependencies. ClassyShark supports multiple formats including libraries (.dex, .aar, .so), executables (.apk, .jar, .class) and all Android binary XMLs: AndroidManifest, resources, layouts etc.To run, grab the latest JAR and run java -jar ClassyShark.jar.


StaCoAn - StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications

  •    Javascript

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications*. This tool was created with a big focus on usability and graphical guidance in the user interface.

Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

  •    

AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

bytecode-viewer - A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

  •    Java

A Java 8 Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

apk-parser - Apk parser for java

  •    Java

Apk parser lib, for decoding binary xml file, getting apk meta info. From version 2.0, apk-parser requires java7. The last version support java6 is 1.7.4.

APKParser - APK parser for Android

  •    Java

The easiest way is to use the ApkParser class, which contains convenient methods to get AndroidManifest.xml, apk meta infos, etc. #####1. Apk meta info ApkMeta contains name(label), packageName, version, sdk, used features, etc. The PreferredLocale parameter work for getApkMeta, getManifestXml, and other binary xmls. Apk parser will find best match languages with locale you specified.

backdoor-apk - backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file

  •    Shell

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and is intended for educational purposes only.

ReverseAPK - Quickly analyze and reverse engineer Android packages

  •    Shell

Quickly analyze and reverse engineer Android applications. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

MARA_Framework - MARA is a Mobile Application Reverse engineering and Analysis Framework

  •    Python

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals. MARA is developed and maintained by @xtian_kisutsa and @iamckn. It is in its very early stages of development and there is a lot more to come, in line with our roadmap. Any contributions and suggestions to the tool will be highly appreciated.

onekey-decompile-apk - 一步到位反编译apk工具(onekey decompile apk)

  •    Batchfile

一步到位反编译apk工具(onekey decompile apk)

ApkGolf - The smallest Android APK in the world

  •    Shell

This repository hosts the smallest Android APK in the world. The current size of the APK is 678 bytes. To learn more about how this was achieved, please read the blog post.

ThinRPlugin - 去除android中的R.class

  •    Groovy

This tool will remove all the class in R.java except the styleable class and replace the referance into the constant value. So you can reduce the dex files number and apk size. The plugin has been used on the mogujie app, the apk size is reduced by 1MB (the original apk size of 40MB), the number of DEX reduced by 3.

jsprime - a javascript static security analysis tool

  •    Javascript

Today, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side. JavaScript flexibility and its loose typing is friendly to developers to create rich applications at an unbelievable speed. Major advancements in the performance of JavaScript interpreters, in recent days, have almost eliminated the question of scalability and throughput from many organizations. So the point is JavaScript is now a really important and powerful language we have today and it's usage growing everyday. From client-side code in web applications it grew to server-side through Node.JS and it's now supported as proper language to write applications on major mobile operating system platforms like Windows 8 apps and the upcoming Firefox OS apps. But the problem is, many developers practice insecure coding which leads to many client side attacks, out of which DOM XSS is the most infamous. We tried to understand the root cause of this problem and figured out is that there are not enough practically usable tools that can solve real-world problems. Hence as our first attempt towards solving this problem, we want to talk about JSPrime: A JavaScript static analysis tool for the rest of us. It's a very light-weight and very easy to use point-and-click tool! The static analysis tool is based on the very popular Esprima ECMAScript parser by Aria Hidayat.

barf-project - BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

  •    Python

The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual binary analysis is a difficult and time-consuming task and there are software tools that seek to automate or assist human analysts. However, most of these tools have several technical and commercial restrictions that limit access and use by a large portion of the academic and practitioner communities. BARF is an open source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline. It is a scriptable platform that supports instruction lifting from multiple architectures, binary translation to an intermediate representation, an extensible framework for code analysis plugins and interoperation with external tools such as debuggers, SMT solvers and instrumentation tools. The framework is designed primarily for human-assisted analysis but it can be fully automated. All packages were tested on Ubuntu 16.04 (x86_64).

apk-dependency-graph - Android dependency visualizer

  •    Javascript

Android dependency visualizer. It's a tool that helps to visualize current state of your project. It's really easy to see how tight your classes are coupled. You need at least Java 7 to run apktool and apk-dependency-graph jar files.

owasp-mstg - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering

  •    HTML

This is the official GitHub Repository of the OWASP Mobile Security Testing Guide (MSTG). The MSTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). You can also read the MSTG on Gitbook or download it as an e-book. The MSTG is not complete yet. You can however get intermediate builds in multiple formats.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.