Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null
permissions and can be externally provoked.
Note: The APK has to be extracted via jadx
or apktool
.
android:allowbackup
to true
android:debuggable
to true
.android:exporte=true
is present in any of the component and have no permission set.Intent-filters
are defined for that component, if yes that means that component is exported by default(This is the rule given in android documentation.).json
trick.myapp.firebaseio.com
then it will check if https://myapp.firebaseio.com/.json
returns something or gives permission denied.Duplicate
.not applicable
and will claim that the KEY has a usage cap
– r/suspiciouslyspecific strings.xml
and in AndroidManifest.xml
/res/raw
and res/xml
directory.git clone https://github.com/mzfr/slicer
cd slicer
python3 slicer.py -h
It’s very simple to use. Following options are available:
Extract information from Manifest and strings of an APK
Usage:
slicer [OPTION] [Extracted APK directory]
Options:
d, –dir path to jadx output directory
o, –output Name of the output file(not implemented)
I have not implemented the output
flag yet because I think if you can redirect slicer output to a yaml file it will a proper format.
python3 slicer.py -d path/to/extact/apk -c config.json
A tool crafted with simplicity in mind but harboring its own set of flaws. Despite…
CyberSentry is a robust automated scanning tool designed for web applications. It helps security professionals, ethical…
Delve into the world of DARKARMY, a potent arsenal of cybersecurity tools designed to empower…
Evade (Evasion) - this feature helps you to evade spells of enemies directed at you…
Step into the world of bug hunting with Cazador, a powerful toolkit designed to equip…
Prepare to take your Among Us gaming experience to the next level with the latest…