LinuxCommandLibrary

androguard

Analyze and reverse engineer Android applications

TLDR

Display Android app manifest

$ androguard axml [path/to/app].apk
copy

Display app metadata (version and app ID)
$ androguard apkid [path/to/app].apk
copy

Decompile Java code from an app
$ androguard decompile [path/to/app].apk --output [path/to/directory]
copy

SYNOPSIS

androguard [OPTIONS] COMMAND [ARGS]...

PARAMETERS

-h, --help
    Show help message and exit

--version
    Show program's version number and exit

apkinfo
    Print APK information (manifest, permissions, components)

axml
    Print AndroidManifest.xml in readable format

decompile
    Decompile APK/DEX to smali code

disassemble
    Disassemble DEX bytecode

logcat
    Analyze logcat output from Android apps

modules
    List available analysis modules

shell
    Interactive Python shell for analysis

sign
    Sign APK with custom keystore

traceview
    Process traceview files for performance analysis

-i, --input FILE
    Input APK/DEX/ARSC file (used by most commands)

-o, --output DIR
    Output directory for decompiled files

-v, --verbose
    Increase verbosity level

DESCRIPTION

Androguard is an open-source Python-based suite of tools for static analysis and reverse engineering of Android applications. It supports dissecting APK files, decompiling Dalvik bytecode to Java-like smali code, disassembling bytecode, analyzing permissions, components, and resources. Key features include extracting AndroidManifest.xml, viewing DEX files, detecting obfuscation, and scripting custom analyses via Androlyze.

Primarily used by security researchers, malware analysts, and developers for auditing apps, identifying vulnerabilities, or understanding proprietary code. It processes APKs without needing an Android device or emulator. While powerful, it excels at bytecode-level analysis rather than native code (e.g., ARM binaries).

The tool integrates multiple subcommands for targeted tasks, from basic info dumps to advanced scripting, making it versatile for automation in CI/CD pipelines or forensic investigations.

CAVEATS

Python 2/3 compatible but original repo archived (use forks like androguard3); requires Java/JRE for some features; no GUI in CLI version; limited native code support; heavy memory use on large APKs.

INSTALLATION

pip install androguard or git clone https://github.com/androguard/androguard

EXAMPLE USAGE

androguard apkinfo -i app.apk
androguard decompile -i app.apk -o output/

HISTORY

Developed by Anthony Desnos starting 2010; widely used in Android security research; original GitHub repo archived in 2021, active forks maintain Python 3 support and new features.

SEE ALSO

apktool(1), jadx(1), dex2jar(1)

Copied to clipboard