APKLeaks
APKLeaks is a command-line tool designed to analyze Android APK files for security-sensitive information. The tool scans APK files to identify URIs, endpoints, and secrets that may be embedded within the application code. The tool utilizes the jadx disassembler to decompile APK files and extract readable code for analysis. It supports installation through multiple methods including PyPi, source code compilation, and Docker containers. APKLeaks offers several configuration options including custom pattern files for targeted scanning, output file specification, and disassembler argument customization. The tool can process APK files from local file paths and generates results that can be saved to specified output files. The scanning process focuses on identifying potentially sensitive data such as API endpoints, authentication tokens, database connection strings, and other secrets that developers may have inadvertently included in their applications. This makes it useful for security assessments of Android applications during development or security auditing processes.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A Java API for searching and downloading Android applications from Google Play with additional check-in features for generating ANDROID-ID.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
PINNED
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.