Kali Linux

Slicer : Automate The Boring Process Of APK Recon

Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null permissions and can be externally provoked.

Note: The APK has to be extracted via jadx or apktool.

Features

  • Check if the APK has set the android:allowbackup to true
  • Check if the APK has set the android:debuggable to true.
  • Return all the activities, services and broadcast receivers which are exported and have null permission set. This is decided on the basis of two things:
    • android:exporte=true is present in any of the component and have no permission set.
    • If exported is not mention then slicer check if any Intent-filters are defined for that component, if yes that means that component is exported by default(This is the rule given in android documentation.)
  • Check the Firebase URL of the APK by testing it for .json trick.
    • If the firebase URL is myapp.firebaseio.com then it will check if https://myapp.firebaseio.com/.json returns something or gives permission denied.
    • If this thing is open then that can be reported as high severity.
  • Check if the google API keys are publically accessible or not.
    • This can be reported on some bounty programs but have a low severity.
    • But most of the time reporting this kind of thing will bring out the pain of Duplicate.
    • Also sometimes the company can just close it as not applicable and will claim that the KEY has a usage cap – r/suspiciouslyspecific
  • Return other API keys that are present in strings.xml and in AndroidManifest.xml
  • List all the file names present in /res/raw and res/xml directory.
  • Extracts all the URLs and paths.
    • These can be used with tool like dirsearch or ffuf.

Installation

  • Clone this repository

git clone https://github.com/mzfr/slicer

  • cd slicer
  • Now you can run it: python3 slicer.py -h

Usage

It’s very simple to use. Following options are available:

Extract information from Manifest and strings of an APK
Usage:
slicer [OPTION] [Extracted APK directory]
Options:
d, –dir path to jadx output directory
o, –output Name of the output file(not implemented)

I have not implemented the output flag yet because I think if you can redirect slicer output to a yaml file it will a proper format.

Usage Example

  • Extract information from the APK and display it on the screen.

python3 slicer.py -d path/to/extact/apk -c config.json

Download
R K

Leave a Comment
Share
Published by
R K
Tags: APK ReconAutomateBoring ProcessSlicer
3 years ago

Recent Posts

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

2 weeks ago

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

2 weeks ago

What Does chmod 777 Mean in Linux

If you are a Linux user, you have probably seen commands like chmod 777 while…

2 weeks ago

How to Undo and Redo in Vim or Vi

Vim and Vi are among the most powerful text editors in the Linux world. They…

2 weeks ago

How to Unzip and Extract Files in Linux

Working with compressed files is a common task for any Linux user. Whether you are…

2 weeks ago

Free Email Lookup Tools and Reverse Email Search Resources

In the digital era, an email address can reveal much more than just a contact…

2 weeks ago