APkit is a powerful tool designed for analyzing security vulnerabilities and reversing Android APK files. Currently in Beta Phase, See Screenshots.
$ git clone https://github.com/System00-Security/Apkit
$ cd Apkit
$ chmod +x dependency.sh
$ python3 apkit.py --help
$ pip3 install colorama
$ sudo pip3 install frida
$ sudo pip3 install frida-tools
$ pip3 install androguard==3.4.0a1
$ sudo apt install openjdk8 # install jdk8
If you encounter any bugs or issues while using APkit, please help us improve by reporting them. You can create a new issue on our GitHub Issues page.
Your feedback is valuable to us as we work to enhance APkit and make it more effective for security analysis.
-
Frida CodeShare Cloner
- Clone frida script using
-fc pcipolloni/universal-android-ssl-pinning-bypass-with-frida/
- Clone frida script using
-
Dynamic Analysis Tools:
- SSL Unpinning: Bypass SSL Pinning mechanisms in APKs (
-sslp,-cert,-adboptions). - Certificate Pinning: Manage SSL certificates for testing (
-certoption). - Automated Actions: Automate Frida SSL unpinning actions with ADB (
-adboption).
- SSL Unpinning: Bypass SSL Pinning mechanisms in APKs (
-
Static Analysis Tools:
- APK Decompilation: Extract and decompile APKs for further analysis (
-anoption). - Generic Analysis: Perform generic analysis on decompiled APKs (
-an genericoption). - OWASP Mobile Top 10: Analyze APKs for OWASP Mobile Top 10 vulnerabilities (
-an owaspoption).
- APK Decompilation: Extract and decompile APKs for further analysis (
-
Security Checks:
- Dangerous Permissions: Check APKs for dangerous permissions (
-dpoption).
- Dangerous Permissions: Check APKs for dangerous permissions (
-
Data Extraction:
- API Key Extraction: Extract API keys embedded in APKs (
-ex api_keyoption). - URL Extraction: Extract URLs from decompiled APKs (
-ex urlsoption).
- API Key Extraction: Extract API keys embedded in APKs (
$ pip3 install colorama
$ sudo pip3 install frida
$ sudo pip3 install frida-tools
$ pip3 install androguard==3.4.0a1
$ sudo apt install openjdk8 # install jdk8
I extend my sincere gratitude to the following individuals and communities for their invaluable contributions, support, and inspiration:
- OWASP Mobile Security Testing Guide (MASTG): For their exceptional Android techniques cheatsheet.
- Frida: For creating this remarkable masterpiece.
And to all who have inspired this project.
We welcome contributions from anyone interested in improving this project. To contribute, simply create a pull request with your proposed changes.
Your contributions, whether they involve code improvements, bug fixes, documentation enhancements, or new features, are greatly appreciated and help make this project better for everyone.
Thank you for considering contributing to our project!