Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

ApkLeaks - Scanning APK File For URIs, Endpoints And Secrets

$
0
0


Scanning APK file for URIs, endpoints& secrets.


Installation

To install apkLeaks, simply:

$ git clone https://github.com/dwisiswant0/apkleaks
$ cd apkleaks/
$ pip install -r requirements.txt

Or download at release tab.


Dependencies

This package works in Python2(not Python3).

Install global packages:


Linux
$ sudo apt-get install libssl-dev swig -y

OSX
$ brew install openssl swig

Windows

You need to install:


Usage

Basically,

$ python apkleaks.py -f ~/path/to/file.apk

Options
usage: apkleaks [-h] -f FILE [-o OUTPUT] [-p PATTERN]

optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE APK file to scanning
-o OUTPUT, --output OUTPUT
Write to file results (NULL will be saved into random
file)
-p PATTERN, --pattern PATTERN
Path to custom patterns JSON

In general, if you don't provide -o argument, then it will generate results file automatically.

Custom patterns can be added with the following flag --pattern /path/to/rules.json to provide sensitive search rules in the JSON file format. For example,

// rules.json
{
"Amazon AWS Access Key ID": "AKIA[0-9A-Z]{16}",
...
}
$ python apkleaks.py -f /path/to/file.apk -c rules.json -o ~/Documents/apkleaks-resuts.txt

Version

Current version is v1.0.2, and still development.


Credits and Thanks

Since this tool includes some contributions, and I'm not an asshole, I'll publically thank the following users for their help and resource:




Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>