Kali Linux

Slicer : Automate The Boring Process Of APK Recon

Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null permissions and can be externally provoked.

Note: The APK has to be extracted via jadx or apktool.

Features

  • Check if the APK has set the android:allowbackup to true
  • Check if the APK has set the android:debuggable to true.
  • Return all the activities, services and broadcast receivers which are exported and have null permission set. This is decided on the basis of two things:
    • android:exporte=true is present in any of the component and have no permission set.
    • If exported is not mention then slicer check if any Intent-filters are defined for that component, if yes that means that component is exported by default(This is the rule given in android documentation.)
  • Check the Firebase URL of the APK by testing it for .json trick.
    • If the firebase URL is myapp.firebaseio.com then it will check if https://myapp.firebaseio.com/.json returns something or gives permission denied.
    • If this thing is open then that can be reported as high severity.
  • Check if the google API keys are publically accessible or not.
    • This can be reported on some bounty programs but have a low severity.
    • But most of the time reporting this kind of thing will bring out the pain of Duplicate.
    • Also sometimes the company can just close it as not applicable and will claim that the KEY has a usage cap – r/suspiciouslyspecific
  • Return other API keys that are present in strings.xml and in AndroidManifest.xml
  • List all the file names present in /res/raw and res/xml directory.
  • Extracts all the URLs and paths.
    • These can be used with tool like dirsearch or ffuf.

Installation

  • Clone this repository

git clone https://github.com/mzfr/slicer

  • cd slicer
  • Now you can run it: python3 slicer.py -h

Usage

It’s very simple to use. Following options are available:

Extract information from Manifest and strings of an APK
Usage:
slicer [OPTION] [Extracted APK directory]
Options:
d, –dir path to jadx output directory
o, –output Name of the output file(not implemented)

I have not implemented the output flag yet because I think if you can redirect slicer output to a yaml file it will a proper format.

Usage Example

  • Extract information from the APK and display it on the screen.

python3 slicer.py -d path/to/extact/apk -c config.json

Download
R K

Leave a Comment
Share
Published by
R K
Tags: APK ReconAutomateBoring ProcessSlicer
2 years ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

1 day ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

1 day ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

1 day ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

1 day ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago