APKs (Android Package Kits) often leak secrets due to over-reliance on security through obscurity. Developers sometimes leave sensitive information such as API keys, tokens, and credentials hidden within the code, assuming that they won’t be found easily since the code has been compiled and obfuscated.
However, this approach is fundamentally flawed, and such secrets can be exposed, leading to potential security vulnerabilities.
APKscan can help quickly identify sensitive locations in the code, such as SSL pinning libraries, root detection functions, and other security mechanisms.
Identifying these functions can speed up reverse engineering and app manipulation by quickly revealing critical points where an app enforces its security policies, making it easier to bypass them with tools like Frida.
By pinpointing these areas, APKscan aids in understanding an app’s security mechanisms and potential weaknesses.
APKscan also helps identify the attack surface of the backend by uncovering forgotten endpoints, test data payloads, and other traces of backend interfaces that developers might have unintentionally exposed.
These endpoints can provide attackers with access to sensitive data or functionalities that are not meant for public use.
By scanning for such endpoints and test data, APKscan assists in ensuring that the backend is secure and that no unnecessary exposure is left in the deployed applications.
APKscan allows you to automate the process of scanning for secrets in any number of applications, saving you time and ensuring thorough coverage.
Utilize one or more decompilers and deobfuscators to increase the chances of finding hidden secrets.
JADX, APKTool, CFR, Procyon, Krakatau, and Fernflower, providing flexibility and robustness in your scanning process.enjarify-adapter to convert the Dalvik bytecode in .apk files into Java bytecode on the fly, so the resulting .jar can be processed by decompilers/deobfuscators that do not support .apks directly.Define your own secret locator rules or use the default ones provided. This flexibility allows you to tailor the scanning process to your specific needs and improve the detection accuracy of sensitive information.
SecretLocator JSON, secret-patterns-db YAML, gitleaks TOML, and simple key-value pairs.Choose from multiple output formats (JSON, YAML, or text) and organize the results by input file or locator. This makes it easier to integrate with other tools and workflows, and to analyze the findings effectively.
Decompile and scan a wide range of Android-related files, including .apk, .xapk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, and .jadx.kts files.
APKscan offers advanced options for concurrency, decompilation, and scanning, enabling you to optimize the performance and behavior of the tool to suit your environment and requirements.
For more information click here.
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…