/apk

APK 硬编码敏感密钥获取

Primary LanguageShellGNU General Public License v3.0GPL-3.0

find-hardcoded

Find-Hardcoded

You can find hardcoded Api-Key,Secret,Token Etc..

Usage

┌──(root💀Hacker)-[~/mobile_pentesting]
└─# bash find-hardcoded.sh InsecureShop.apk

OutPut

if you found api-key,secret,token you can check here

!Note!

Some regex can give you huge output like (GitHub,MD5_Hash,Javascript_Variables,Base64,ipv6,LinkFinder,IP_Address)
if you don't want you can comment those line.

Prerequisites

regex credit

https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json
https://github.com/stevemcilwain/quiver/blob/master/payloads/secrets-content.json
https://github.com/hahwul/dalfox/blob/main/pkg/scanning/grep.go
https://github.com/BitTheByte/Eagle/blob/master/plugins/spider.py
https://github.com/firmianay/Vehicle-Security-Toolkit/blob/main/apk-leaks.py
https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json
https://github.com/stevemcilwain/quiver/blob/master/payloads/secrets-content.json