APKLeaks
APKLeaks is a command-line tool designed to analyze Android APK files for security-sensitive information. The tool scans APK files to identify URIs, endpoints, and secrets that may be embedded within the application code. The tool utilizes the jadx disassembler to decompile APK files and extract readable code for analysis. It supports installation through multiple methods including PyPi, source code compilation, and Docker containers. APKLeaks offers several configuration options including custom pattern files for targeted scanning, output file specification, and disassembler argument customization. The tool can process APK files from local file paths and generates results that can be saved to specified output files. The scanning process focuses on identifying potentially sensitive data such as API endpoints, authentication tokens, database connection strings, and other secrets that developers may have inadvertently included in their applications. This makes it useful for security assessments of Android applications during development or security auditing processes.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
A comprehensive cheatsheet for XSS filter evasion techniques.
Deliberately vulnerable web application for educational purposes.
Automatic tool for pentesting XSS attacks against different applications
Real-time, eBPF-based Security Observability and Runtime Enforcement component
Integrates static APK analysis with Yara and requires re-compilation of Yara with the androguard module.
A series of levels teaching about common mistakes and gotchas when using Amazon Web Services (AWS).
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
Curiefense is an application security platform that protects against various threats and offers community involvement.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.