Scanning APK file for URIs, endpoints & secrets. Installation: - From PyPi: $ pip3 install apkleaks - From Source: $ git clone https://github.com/dwisiswant0/apkleaks $ cd apkleaks/ $ pip3 install -r requirements.txt - From Docker: $ docker pull dwisiswant0/apkleaks:latest Dependencies: APKLeaks utilizes the jadx disassembler to decompile APK files. If jadx is not present in your system, it will prompt you to download it. Usage: Simply, $ apkleaks -f ~/path/to/file.apk # from Source $ python3 apkleaks.py -f ~/path/to/file.apk # or with Docker $ docker run -it --rm -v /tmp:/tmp dwisiswant0/apkleaks:latest -f /tmp/file.apk Options: Here are all the options it supports. - -f, --file: APK file to scanning - -o, --output: Write to file results (random if not set) - -p, --pattern: Path to custom patterns JSON - -a, --args: Disassembler arguments
FEATURES
ALTERNATIVES
A Burp extension for scanning JavaScript files for endpoint links
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.
A deliberately vulnerable modern day app with lots of DOM related bugs
Protect your Fastify server against CSRF attacks with a series of utilities and recommendations for secure application development.
A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.
ConDroid performs concolic execution of Android apps to observe 'interesting' behavior in dynamic analysis.
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.