apkleaks

Name	apkleaks JSON
Version	2.6.3 JSON
	download
home_page	None
Summary	Scanning APK file for URIs, endpoints & secrets.
upload_time	2024-10-21 01:50:22
maintainer	None
docs_url	None
author	None
requires_python	>=3.8
license	Apache License 2.0
keywords
VCS
bugtrack_url
requirements	pyaxmlparser
Travis-CI	No Travis.
coveralls test coverage	No coveralls.

            # APKLeaks
[![version](https://badge.fury.io/gh/dwisiswant0%2fapkleaks.svg)](https://badge.fury.io/gh/dwisiswant0%2fapkleaks.svg)
[![contributions](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwisiswant0/apkleaks/issues)

Scanning APK file for URIs, endpoints & secrets.

<img src="https://user-images.githubusercontent.com/25837540/111927529-a4ade080-8ae3-11eb-800a-b764ab1242e1.jpg" alt="APKLeaks">

- [Installation](#installation)
  - [from Pypi](#from-pypi)
  - [from Source](#from-source)
  - [from Docker](#from-docker)
- [Usage](#usage)
  - [Options](#options)
    - [Output](#output)
    - [Pattern](#pattern)
    - [Arguments (for disassembler)](#arguments-for-disassembler)
- [License](#license)
- [Acknowledments](#acknowledments)

---

## Installation

It's fairly simple to install **APKLeaks**:

### from PyPi

```bash
$ pip3 install apkleaks
```

### from Source

Clone repository and install requirements:

```bash
$ git clone https://github.com/dwisiswant0/apkleaks
$ cd apkleaks/
$ pip3 install -r requirements.txt
```

### from Docker

Pull the Docker image by running:

```bash
$ docker pull dwisiswant0/apkleaks:latest
```

### Dependencies

The APKLeaks utilizes the [jadx](https://github.com/skylot/jadx) disassembler to decompile APK files. If jadx is not present in your system, it will prompt you to download it.

## Usage

Simply,

```bash
$ apkleaks -f ~/path/to/file.apk
# from Source
$ python3 apkleaks.py -f ~/path/to/file.apk
# or with Docker
$ docker run -it --rm -v /tmp:/tmp dwisiswant0/apkleaks:latest -f /tmp/file.apk
```

## Options

Here are all the options it supports.

| **Argument**  	| **Description**                             	| **Example**                                                   |
|---------------	|---------------------------------------------	|-------------------------------------------------------------  |
| -f, --file    	| APK file to scanning                        	| `apkleaks -f file.apk`                                        |
| -o, --output  	| Write to file results _(random if not set)_ 	| `apkleaks -f file.apk -o results.txt`                         |
| -p, --pattern 	| Path to custom patterns JSON                	| `apkleaks -f file.apk -p custom-rules.json`                   |
| -a, --args    	| Disassembler arguments                      	| `apkleaks -f file.apk --args="--deobf --log-level DEBUG"`     |
|     --json      | Save as JSON format                         	| `apkleaks -f file.apk -o results.json --json`                 |

### Output

In general, if you don't provide `-o` argument, then it will generate results file automatically.

> [!TIP]
> By default it will also save the results in text format, use `--json` argument if you want JSON output format.

### Pattern

Custom patterns can be added with the following argument to provide sensitive _search rules_ in the JSON file format: `--pattern /path/to/custom-rules.json`. If no file is set, the tool will use the default patterns found in [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json) file.

Here's an example of what a custom pattern file could look like:

```json
// custom-rules.json
{
  "Amazon AWS Access Key ID": "AKIA[0-9A-Z]{16}",
  // ...
}
```

To run the tool using these custom rules, use the following command:

```bash
$ apkleaks -f /path/to/file.apk -p rules.json -o ~/Documents/apkleaks-results.txt
```

### Arguments (disassembler)

We give user complete discretion to pass the disassembler arguments. For example, if you want to activate threads in `jadx` decompilation process, you can add it with `-a/--args` argument, example: `--args="--threads-count 5"`.

```
$ apkleaks -f /path/to/file.apk -a "--deobf --log-level DEBUG"
```

> [!WARNING]
> Please pay attention to the default disassembler arguments we use to prevent collisions.

## License

`apkleaks` is distributed under Apache 2.

## Acknowledments

Since this tool includes some contributions, and I'm not an asshole, I'll publically thank the following users for their helps and resources:

- [@ndelphit](https://github.com/ndelphit) - for his inspiring `apkurlgrep`, that's why this tool was made.
- [@dxa4481](https://github.com/dxa4481) and y'all who contribute to `truffleHogRegexes`.
- [@GerbenJavado](https://github.com/GerbenJavado) & [@Bankde](https://github.com/Bankde) - for awesome pattern to discover URLs, endpoints & their parameters from `LinkFinder`.
- [@tomnomnom](https://github.com/tomnomnom/gf) - a `gf` patterns.
- [@pxb1988](https://github.com/pxb1988) - for awesome APK dissambler `dex2jar`.
- [@subho007](https://github.com/ph4r05) for standalone APK parser.
- `SHA2048#4361` _(Discord user)_ that help me porting code to Python3.
- [@Ry0taK](https://github.com/Ry0taK) because he had reported an [OS command injection bug](https://github.com/dwisiswant0/apkleaks/security/advisories/GHSA-8434-v7xw-8m9x).
- [@dee__see](https://twitter.com/dee__see) - for curated potentially sensitive tokens, `NotKeyHacks`.
- [All contributors](https://github.com/dwisiswant0/apkleaks/graphs/contributors).

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "apkleaks",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.8",
    "maintainer_email": null,
    "keywords": null,
    "author": null,
    "author_email": "dwisiswant0 <me@dw1.io>",
    "download_url": "https://files.pythonhosted.org/packages/1e/e6/203661abe151dbc59096de65d6f0cf392d1aad3acba32f4e9f3f389acad0/apkleaks-2.6.3.tar.gz",
    "platform": null,
    "description": "# APKLeaks\n[![version](https://badge.fury.io/gh/dwisiswant0%2fapkleaks.svg)](https://badge.fury.io/gh/dwisiswant0%2fapkleaks.svg)\n[![contributions](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwisiswant0/apkleaks/issues)\n\nScanning APK file for URIs, endpoints & secrets.\n\n<img src=\"https://user-images.githubusercontent.com/25837540/111927529-a4ade080-8ae3-11eb-800a-b764ab1242e1.jpg\" alt=\"APKLeaks\">\n\n- [Installation](#installation)\n  - [from Pypi](#from-pypi)\n  - [from Source](#from-source)\n  - [from Docker](#from-docker)\n- [Usage](#usage)\n  - [Options](#options)\n    - [Output](#output)\n    - [Pattern](#pattern)\n    - [Arguments (for disassembler)](#arguments-for-disassembler)\n- [License](#license)\n- [Acknowledments](#acknowledments)\n\n---\n\n## Installation\n\nIt's fairly simple to install **APKLeaks**:\n\n### from PyPi\n\n```bash\n$ pip3 install apkleaks\n```\n\n### from Source\n\nClone repository and install requirements:\n\n```bash\n$ git clone https://github.com/dwisiswant0/apkleaks\n$ cd apkleaks/\n$ pip3 install -r requirements.txt\n```\n\n### from Docker\n\nPull the Docker image by running:\n\n```bash\n$ docker pull dwisiswant0/apkleaks:latest\n```\n\n### Dependencies\n\nThe APKLeaks utilizes the [jadx](https://github.com/skylot/jadx) disassembler to decompile APK files. If jadx is not present in your system, it will prompt you to download it.\n\n## Usage\n\nSimply,\n\n```bash\n$ apkleaks -f ~/path/to/file.apk\n# from Source\n$ python3 apkleaks.py -f ~/path/to/file.apk\n# or with Docker\n$ docker run -it --rm -v /tmp:/tmp dwisiswant0/apkleaks:latest -f /tmp/file.apk\n```\n\n## Options\n\nHere are all the options it supports.\n\n| **Argument**  \t| **Description**                             \t| **Example**                                                   |\n|---------------\t|---------------------------------------------\t|-------------------------------------------------------------  |\n| -f, --file    \t| APK file to scanning                        \t| `apkleaks -f file.apk`                                        |\n| -o, --output  \t| Write to file results _(random if not set)_ \t| `apkleaks -f file.apk -o results.txt`                         |\n| -p, --pattern \t| Path to custom patterns JSON                \t| `apkleaks -f file.apk -p custom-rules.json`                   |\n| -a, --args    \t| Disassembler arguments                      \t| `apkleaks -f file.apk --args=\"--deobf --log-level DEBUG\"`     |\n|     --json      | Save as JSON format                         \t| `apkleaks -f file.apk -o results.json --json`                 |\n\n### Output\n\nIn general, if you don't provide `-o` argument, then it will generate results file automatically.\n\n> [!TIP]\n> By default it will also save the results in text format, use `--json` argument if you want JSON output format.\n\n### Pattern\n\nCustom patterns can be added with the following argument to provide sensitive _search rules_ in the JSON file format: `--pattern /path/to/custom-rules.json`. If no file is set, the tool will use the default patterns found in [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json) file.\n\nHere's an example of what a custom pattern file could look like:\n\n```json\n// custom-rules.json\n{\n  \"Amazon AWS Access Key ID\": \"AKIA[0-9A-Z]{16}\",\n  // ...\n}\n```\n\nTo run the tool using these custom rules, use the following command:\n\n```bash\n$ apkleaks -f /path/to/file.apk -p rules.json -o ~/Documents/apkleaks-results.txt\n```\n\n### Arguments (disassembler)\n\nWe give user complete discretion to pass the disassembler arguments. For example, if you want to activate threads in `jadx` decompilation process, you can add it with `-a/--args` argument, example: `--args=\"--threads-count 5\"`.\n\n```\n$ apkleaks -f /path/to/file.apk -a \"--deobf --log-level DEBUG\"\n```\n\n> [!WARNING]\n> Please pay attention to the default disassembler arguments we use to prevent collisions.\n\n## License\n\n`apkleaks` is distributed under Apache 2.\n\n## Acknowledments\n\nSince this tool includes some contributions, and I'm not an asshole, I'll publically thank the following users for their helps and resources:\n\n- [@ndelphit](https://github.com/ndelphit) - for his inspiring `apkurlgrep`, that's why this tool was made.\n- [@dxa4481](https://github.com/dxa4481) and y'all who contribute to `truffleHogRegexes`.\n- [@GerbenJavado](https://github.com/GerbenJavado) & [@Bankde](https://github.com/Bankde) - for awesome pattern to discover URLs, endpoints & their parameters from `LinkFinder`.\n- [@tomnomnom](https://github.com/tomnomnom/gf) - a `gf` patterns.\n- [@pxb1988](https://github.com/pxb1988) - for awesome APK dissambler `dex2jar`.\n- [@subho007](https://github.com/ph4r05) for standalone APK parser.\n- `SHA2048#4361` _(Discord user)_ that help me porting code to Python3.\n- [@Ry0taK](https://github.com/Ry0taK) because he had reported an [OS command injection bug](https://github.com/dwisiswant0/apkleaks/security/advisories/GHSA-8434-v7xw-8m9x).\n- [@dee__see](https://twitter.com/dee__see) - for curated potentially sensitive tokens, `NotKeyHacks`.\n- [All contributors](https://github.com/dwisiswant0/apkleaks/graphs/contributors).\n",
    "bugtrack_url": null,
    "license": "Apache License 2.0",
    "summary": "Scanning APK file for URIs, endpoints & secrets.",
    "version": "2.6.3",
    "project_urls": {
        "Homepage": "https://github.com/dwisiswant0/apkleaks/"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "0c200eb37ed2d4adab6eaff10ab0a531112fc3bf3e49efb29a3db310d6b01737",
                "md5": "79bdf177d5d1863288cb037b3b402e60",
                "sha256": "7bdc02e65f98ca13a17c8fc83709d7f78dc451e36b7895e581d0254bb9c6f17d"
            },
            "downloads": -1,
            "filename": "apkleaks-2.6.3-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "79bdf177d5d1863288cb037b3b402e60",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.8",
            "size": 14141,
            "upload_time": "2024-10-21T01:50:20",
            "upload_time_iso_8601": "2024-10-21T01:50:20.901706Z",
            "url": "https://files.pythonhosted.org/packages/0c/20/0eb37ed2d4adab6eaff10ab0a531112fc3bf3e49efb29a3db310d6b01737/apkleaks-2.6.3-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "1ee6203661abe151dbc59096de65d6f0cf392d1aad3acba32f4e9f3f389acad0",
                "md5": "29d3e85e1016369b5edc3f21b68fddd0",
                "sha256": "e247b59acf4448f3c2e45449bc7564bc5b7a216ebfb166236baf602d625b1df5"
            },
            "downloads": -1,
            "filename": "apkleaks-2.6.3.tar.gz",
            "has_sig": false,
            "md5_digest": "29d3e85e1016369b5edc3f21b68fddd0",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.8",
            "size": 12977,
            "upload_time": "2024-10-21T01:50:22",
            "upload_time_iso_8601": "2024-10-21T01:50:22.949514Z",
            "url": "https://files.pythonhosted.org/packages/1e/e6/203661abe151dbc59096de65d6f0cf392d1aad3acba32f4e9f3f389acad0/apkleaks-2.6.3.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-10-21 01:50:22",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "dwisiswant0",
    "github_project": "apkleaks",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "requirements": [
        {
            "name": "pyaxmlparser",
            "specs": [
                [
                    ">=",
                    "0.3.24"
                ]
            ]
        }
    ],
    "lcname": "apkleaks"
}

None