apkleaks

Scan an APK file for URIs, endpoints, and secrets

$ apkleaks [[-f|--file]] [path/to/file.apk]

$ apkleaks [[-f|--file]] [path/to/file.apk] [[-o|--output]] [path/to/output.txt]

$ apkleaks [[-f|--file]] [path/to/file.apk] [[-a|--args]] "[--threads-count 5 --deobf]"

apkleaks -f <APK_FILE> [OPTIONS]

-h, --help
    Displays the help message and exits.

-f FILE, --file FILE
    Specifies the path to the target APK file. This is a mandatory option.

-o FILE, --output FILE
    Specifies the path where the results should be saved.

-r REGEX_FILE, --regex REGEX_FILE
    Provides a path to a custom regex file containing additional patterns for detection.

-s, --silent
    Enables silent mode, suppressing most of the verbose output during the scan.

-x, --extract
    Instructs apkleaks to decompile and extract the contents of the APK. Note: This may require apktool to be installed and accessible in the system's PATH.

--json
    Outputs the scan results in JSON format, suitable for programmatic parsing.

-v, --version
    Displays the program's version number and exits.

apkleaks is an open-source static analysis tool written in Python that helps in finding sensitive information from compiled Android Package Kit (APK) files. It automatically extracts URIs, endpoints, API keys, URLs, and other potentially confidential data patterns by analyzing the bytecode and resources within the APK. This tool is widely used by security researchers, penetration testers, and developers to identify potential vulnerabilities before or during the deployment of Android applications.

It leverages a comprehensive set of predefined regex patterns to detect various types of sensitive data and can output results in different formats, including standard console output or JSON.

apkleaks primarily performs static analysis, which means it may produce false positives or false negatives as it does not analyze runtime behavior.
It requires Python 3 to run.
The -x (extract) option relies on external tools like apktool being present and configured correctly in the system's PATH.
Obfuscation techniques employed in Android applications can potentially hide sensitive information, making it undetectable by apkleaks.

apkleaks operates by first decompiling the target APK file (either internally or by requiring an external tool like apktool) to access its source code and resource files. It then scans these extracted files using a predefined set of regular expressions, designed to match common patterns of sensitive data such as API keys, URLs, endpoints, and credentials. Users can also provide custom regex patterns to tailor the search criteria to their specific needs. The detected patterns are then reported to the user, indicating potential vulnerabilities.

apkleaks is a Python package and can typically be installed using pip, the Python package installer. The common installation command is:
pip install apkleaks
It's recommended to install it in a virtual environment to manage dependencies properly.

apkleaks was developed by Shivam Kapoor (shivamkapoor007) and is an open-source project primarily hosted on GitHub. Since its initial release, it has gained significant traction within the cybersecurity community for its effectiveness and ease of use in identifying common sensitive data patterns in Android applications. Its development continues with contributions from the community, making it a continuously evolving tool for Android application security analysis.

apktool(1), jadx, strings(1), grep(1), MobSF