Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null
permissions and can be externally provoked.
Note: The APK has to be extracted via jadx
or apktool
.
android:allowbackup
to true
android:debuggable
to true
.android:exporte=true
is present in any of the component and have no permission set.Intent-filters
are defined for that component, if yes that means that component is exported by default(This is the rule given in android documentation.).json
trick.myapp.firebaseio.com
then it will check if https://myapp.firebaseio.com/.json
returns something or gives permission denied.Duplicate
.not applicable
and will claim that the KEY has a usage cap
– r/suspiciouslyspecific strings.xml
and in AndroidManifest.xml
/res/raw
and res/xml
directory.git clone https://github.com/mzfr/slicer
cd slicer
python3 slicer.py -h
It’s very simple to use. Following options are available:
Extract information from Manifest and strings of an APK
Usage:
slicer [OPTION] [Extracted APK directory]
Options:
d, –dir path to jadx output directory
o, –output Name of the output file(not implemented)
I have not implemented the output
flag yet because I think if you can redirect slicer output to a yaml file it will a proper format.
python3 slicer.py -d path/to/extact/apk -c config.json
If you’re learning Bash scripting, one of the most useful features you’ll come across is…
If you are new to Bash scripting or Linux shell scripting, one of the most…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…