apkleaks: Scanning APK file for URIs, endpoints & secrets

by ddos ·

apkLeaks

apkleaks

Scanning APK file for URIs, endpoints & secrets.

Installation

Linux

$ sudo apt-get install libssl-dev swig -y

OSX

$ brew install openssl swig

Windows

You need to install:

To install apkLeaks, simply:

$ git clone https://github.com/dwisiswant0/apkleaks
$ cd apkleaks/
$ pip install -r requirements.txt

Use

$ python apkleaks.py -f ~/path/to/file.apk

In general, if you don’t provide -o argument, then it will generate the results file automatically.

Custom patterns can be added with the following flag –pattern /path/to/rules.json to provide sensitive search rules in the JSON file format. For example,

// rules.json
{
  "Amazon AWS Access Key ID": "AKIA[0-9A-Z]{16}",
  ...
}
$ python apkleaks.py -f /path/to/file.apk -c rules.json -o ~/Documents/apkleaks-resuts.txt

Copyright (C) 2020 dwisiswant0

Source: https://github.com/dwisiswant0/

Tags: apkleaks