dwisiswant0 / apkleaks Goto Github PK

Scanning APK file for URIs, endpoints & secrets.

License: Apache License 2.0

Python 86.85% Dockerfile 3.13% Makefile 10.02%

mobile-security android-security reverse-engineering bugbounty static-analysis apk scanning-apk apk-parser

apkleaks's Introduction

🔐 PGP Fingerprint: 3EFE F626 BA6E A31D 037F 77AA D192 CC08 1616 30BD

-----BEGIN PGP PUBLIC KEY BLOCK-----
KeyID: D192CC08161630BD

mQINBGMXmXEBEACoxh0uhXJ/NA40iGiOYNob+IHU4/Ll1CBcNJHtDAjOiH7FaOzu
HMxkuEsS49KLojUX9jkHAMutdV2e7pI+HEwWnS4VwNsP0p80Da7sZP7yZ/GWHCeW
ft1tZ9HfP8oxtN4zliCsTejQElHQGfKJSOGxsDtGa8J9Oys8PBZETWVXrzIiYIdY
VRYEN3kVyO4xpIzo7OnyfNPUezIVReN4xnj6X7oo145c/Ocg0ON3hmMbB/QhbTSQ
3diDa5SpagtidLE/MCjnCDAdIlG+5ZSMIrglPs2oLvQ7iiiVyTOSZ3qq9bXiCV6C
sXs04S0AnnLPN+PvPIyy3PU/OM0TUMNS1Oo2I1cUZ6KlfmO0dYtpXPyiG8bsfdNT
fRDoP8TXtjIL51gUaL8wjw77EhsoZ8UTz5cVRWY2A3DO/K2l+htho2TRubso9Oez
daoXRpz3h1PKa2qbDL2iYD6KccXfM+AR2yEHI6cF34CEnHaemr3KAs+SaM38aXwx
aCkBMaZa96W4bvQJRCVUVIbwcO1etrOGja4LP3OS/FPjnlm1F2aOQchOPGBr3MM+
LjNJwvQOvdQ7uSnLJ/oHCGAiRPVZlwOnJWdcEk32izk92TljKIYVNwZG8rhWLNQk
R7QPPHqVQlj9c3yyqcOzj/1SUlJ7GzAgC0wHmOSiSRLWV1DKCWQMd/IDWwARAQAB
tB5Ed2kgU2lzd2FudG8gKGdpdCkgPG1lQGR3MS5pbz6JAk4EEwEKADgWIQQ+/vYm
um6jHQN/d6rRkswIFhYwvQUCYxeZcQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRDRkswIFhYwvUtBD/9PLtBzMaV7uoHaNannXyVgg8d6LzePTr+EpEHSYpqS
icU335rGs24kDOIQbVOl5l7dE/EnOPp7AYF5xHr/eGqgYrTuwBMuvwdBNFSBejJs
00raFRwZMd1PA3MTIhBfypg2lDdKrbkilsrZBjaWcLX0Es6NN62f15Ff0eyt1KSE
Gwkt2OTrKdYC+6Gj3LRm46jY5ACIgpoxxk9Y/HHALK4+wY/zn3LKf88Kj5iavidA
y8MhAV0bJBrZGPhPuNwvI98W1neNU9Gh2y0bvgxFbs/YizsOHl5K0wBxrPFQxUYy
QO+yeB3NpGUD0e66GsR3cWx7fmjNkq9syzOa5dYmwlr/7+R8KHzM76xdPbchuuYV
7HzhS2pRLyOKWPHaGypyEj5AmW3y6WovyPm+Ru/Fnlr2fS/zKvMuWIHOcmHLu8aK
AQ2SZ29Jb4YHE9oVW9wsMLeaFVd+0+b8gFpKMy2sh3CYujRzTVFG0IlgrPJxGy7O
6V5XaAqGI777JTwdcPzIsNgepMQN5OEqQlHWfFAyR7kw4Smqo6yN3O9kYqafCBE1
1wyOMhFY1CDbgrblQrFuLnSYjnGNeucHx6FX3jjEe4Wm6H/Ul/4MoPJpbgDolLcl
CICNMpTS36xyBwhETOqP0XjQG8yBra5ZG9zY3tIYz6mKESlEa2LlaRpnVOFi2fOY
frkCDQRjF5lxARAAobVmjg87F7JuJFVMN+Fm+4BVUb9XNsmbkBHlNoBsyKrSaGp2
gxi1eUsCVnarJ0fO6rFrz2tvBFic9hfU7pIaKNATs4bK8hO3reU18Z/xPUWlQU97
tYckMyGBv97HQ1Brb45p4g6aFCtQB48rW2E7XFI4CAm6GxfWD9sVKp4jypJHoZl1
5wilTsGK44bYOHnakQo4NVmynKbRt+1/4CsW2BxTwklWp4K9jtgSUigV8GE6yDIy
FAliSrLZAZUNkoMYTpMp3R6q9ECWBN4VRV2nQyUae+WyEUQOfvQ7jW9J6xGU1fOy
Y0HjSQt4t6OucZtrt4LyrAA7+Z0B4BAno69OgiY5NPf/BbfGs8WnLCMY36EK1FIy
LY/nWRIgf258fLo5Bbd/gzNNfoz7Bh3gQ/0mJfcRceyKIsEG9pHjbelxMZ2LmgsC
RTdAs5+NuEbKWujM+5CgSML72qQ2KEXJxCf2EyjwAHkGDiUAT44Y/zqGNfhZHJnO
V49uut+YCKB+MUdtAHE5viM5KgUgqznBj+7wwDX88BeWcJAPxVXEkrs2mIQXnCyS
vr8eW2aKuPPyYGB02AgLi1OLX9Xd75BVwCPoNgcR01nU9PHReAag0HDdzDl7kMag
3C9r3z8Q+JQJm1RYEmrwdI4CB+l4IaQEAbkgldJjfTbnKVV1nHiH9D+Vc2UAEQEA
AYkCNgQYAQoAIBYhBD7+9ia6bqMdA393qtGSzAgWFjC9BQJjF5lxAhsMAAoJENGS
zAgWFjC9160QAJbzlSCyIf0zfdjgnwZ9JqOon7oB0hKTJg9vqjAZtXDohWW2hDRC
b3vp/ij2nEmAFAbNn4Ut7nmkGIjBAcxXiWLfL4oavkLQ5bQbxQ0E3R7VBTUB2dga
Msd51NOVV+yWA/ueNNvkunZ0W9xsxJgOhQRILG2RjjCcQ2bFvHeOhN5U42lhqSJo
+CNdUfGMRBPggRtjsPP1hhMKICkjiezCqz7G4GvfoStM7fig0DU1cUV7jwdMMnSX
0yiYTwXjOCOh+KlDAiGyIcBtD+sj8S27rtONHTWyhr7AoNDplNtVwCtchDxflvkN
6ly6C3sgsZyKJW1hjLvQuUCnIJDIS9H0LpXOKd3QIATe4VyQtvZlZwefI3NDhqqG
O1lXkY91nLslmTTV45Yc5MhKydWRNv/DvJM+7GEiCQijrcahCLHLbPGJcZf/SIcH
aGvNjdsfWytVePcOORXU4JyWh1tbDF4p3D7Gc0OMvFFTYzOoAAxKdVzZomv5mGD5
/AeQs5IZoWad765WLEtIsBn5n+aR/HZirEIldyRSACEHwXn1hxs/0dBE2aCH4/Ry
0SgmNd+OLrhz0Vi4/j9jnU0IxCa44HH/58xgiIB52qxD2TkyC/NasWGHdlKlYANw
uDU6cbA4HflnGe2Zkt2PMXSitj4PsDUc8rUVNfyCBfj/mz/YjVMtVmcX
=ks+t

              .__....._             _.....__,
               .": o :':         ;': o :".
               `. `-' .'.       .'. `-' .'
                  `---'             `---'
   
       _...----...      ...   ...      ...----..._
    .-'__..-""'----    `.  `"`  .'    ----'""-..__`-.
   '.-'   _.--"""'       `-._.-'       '"""--._   `-.`
   '  .-"'                  :                  `"-.  `
     '   `.              _.'"'._              .'   `
           `.       ,.-'"       "'-.,       .'
             `.                           .'
               `-._                   _.-'
                   `"'--...___...--'"`

-----END PGP PUBLIC KEY BLOCK-----

Tip

_{Last played:}

Note

Check these hot repos 🥵‎️‍🔥

Important

If you've made some impact using my tools or just want to encourage me to continue creating stuff, please consider giving back or supporting my efforts and helping it grow by buy me a cup of coffee — but only if you're definitely able to! 😊🎉

apkleaks's People

Contributors

Stargazers

Watchers

Forkers

zakisu mmg1 slooppe crackercat hatchetxuexi ro9ueadmin gothack06 apurvt fuzz-security tamersp25 5l1v3r1 polling-repo-continua yalonso7 offsecin spwn3r49sd3r00 sasqwatch brukusec anon0ps hollow667 zeroc00i techris45 th3cyb3rc0p rassec element-92 fo0nikens jack51706 shahid1996 xiaoliangli1128 deepwebhacker j3rry-1729 athna wisdark aminu-muhammed karanpatel863 android-toolkits jermainlaforce xxa1e evilcry vedattascier rv0p111 zha0 michaelkoczwara anboo rajivraj datadrug h1d3r kakuye ethancck tomyang9 gitwk86 kernweak ipk1 3riatarka shadowce v4vr1n3c 9tail123 israelccarvalho ethan-1106 yashomer1994 ateeshrajak marciopocebon sageof6iixpaths effortlessdevsec wh014m n1f2c3 icodein xee5ch hunter0x8 secfb 3esawe y0d4a greenmind-sec stish834 chanpu9 swagkarna affilares karandpr tusharkeshav etech88 askmetoo saugatasil ricardojosueperezaltamirano chubbymaggie hvyarms betillogalvanfbc ninovalboskoni hoangtrongvu p0desta shalekesan hzj415909583 nevinhappy psnetworks hadryan ssahgal hittimes kalmndo mickius86 serg20202020 cprakashagr optionalg

apkleaks's Issues

Version from PyPi is broken (File not found error)

The error:

ERROR - Incorrect arguments: File not found /usr/share/jadx/bin/APKPure_v3.17.51_apkpure.com.apk

Here's the diff between the apkleaks.py and what's shipped from PyPi.

1c1,4
< #!/usr/bin/env python3
---
> #!/usr/bin/python3
> # -*- coding: utf-8 -*-
> import re
> import sys
3d5
<
5c7,8
<     main()
---
>     sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
>     sys.exit(main())

Passing user-supplied disassambler arguments

Looks like --args="-a b -c d".

Related #15.

missing some

not able to find sensitive data that is comment out in apk.

Giving decompilation method options

Either user want to use jadx or apktool.

Can you provide a web regular expression?

"LinkFinder": "(?:"|')(((?:[a-zA-Z]{1,10}://|//)[^\"'\/]{1,}\.[a-zA-Z]{2,}[^\"']{0,})|((?:/|\.\./|\./)[^\"'><,;| *()(%%$^\/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\?|#][^\"|']{0,}|)))(?:"|')"
I want to use this expression, but can I just match HTTP and HTTPS?

numpy missing in requirements.txt

Can't able to run apkleaks.py

Getting following Error first

Traceback (most recent call last):
  File "apkleaks.py", line 2, in <module>
    from apkleaks.apkleaks import APKLeaks
  File "/mnt/f/InfoSec/Tools/apkleaks/apkleaks/apkleaks.py", line 2, in <module>
    from apkleaks.colors import clr
ImportError: No module named colors

The filename, directory name, or volume label syntax is incorrect

I used the following command,

python apkleaks.py -f testapp.apk

but it gives error :

←[0m
←[94m** Decompiling APK...
←[0mThe filename, directory name, or volume label syntax is incorrect.

** Scanning against 'instagram.photo.video.downloader.repost.insta'

** Done with nothing. ¯_(ツ)_/¯

Add some sensitive key

Hello, I want to share some regex 😃

FCM Key:

AAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140}

Square app id/secret and auth token:

sq0[a-z]{3}-[0-9A-Za-z\-_]{22,43}
EAAA[a-zA-Z0-9]{60}

Microsoft azure tenant:

CLIENT_ID: [0-9a-z\-]{36}
CLIENT_SECRET: [0-9A-Za-z\+\=]{40,50}
TENANT_ID: [0-9a-z\-]{36}

Google Recaptcha key:

^6[0-9a-zA-Z_-]{39}$

Ref: https://github.com/streaak/keyhacks

pyaxmlparser installation is missing

pip install pyaxmlparser

Additional key patterns

Some good pointers here:
https://github.com/streaak/keyhacks

swig error

hello, everyone, i have this problem

building 'M2Crypto._m2crypto' extension
swigging SWIG/_m2crypto.i to SWIG/_m2crypto_wrap.c
C:\swigwin-3.0.12\swig.exe -python -Ic:\python27\include -Ic:\python27\PC -I/usr/include/openssl -includeall -modern -builtin -outdir c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\M2Crypto -o SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i
SWIG_m2crypto.i(62) : Error: Unable to find 'openssl\opensslv.h'
SWIG_m2crypto.i(68) : Error: Unable to find 'openssl\safestack.h'
SWIG_evp.i(12) : Error: Unable to find 'openssl\opensslconf.h'
SWIG_rc4.i(5) : Error: Unable to find 'openssl\opensslconf.h'
SWIG_ec.i(7) : Error: Unable to find 'openssl\opensslconf.h'
error: command 'C:\swigwin-3.0.12\swig.exe' failed with exit status 1

----------------------------------------

Command "c:\python27\python.exe -u -c "import setuptools, tokenize;file='c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record c:\users\public\documents\wondershare\creatortemp\pip-j9duqt-record\install-record.txt --single-version-externally-managed --compile" failed with error code 1 in c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\

however I have wig and openssl installed correctly

C:>openssl
OpenSSL>

please help me

It's possible to make apkleaks save output of jadx instead of create Temporary Dir

It's possible to make apkleaks save output of jadx , I tried using --output-dir-src and --output-dir-res with -a but apkleaks search only through -d dir and -d dir here is Temporary Dir so It's will be awesome if you make it not temporary dir so later we can use output of jadx

ERROR: No module named apk_parse.apk

Hi, i'm having this error while trying to run the script:

python2 apkleaks.py -h

Traceback (most recent call last):
File "apkleaks.py", line 2, in
from apk_parse.apk import APK
ImportError: No module named apk_parse.apk

Where can i find this "apk_parse.apk" file ?

Thanks

re.error: missing : at position 21.

when i use -p argement and specify pattern file it throws this error :

Traceback (most recent call last):
  File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks.py", line 5, in <module>
    main()
  File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\cli.py", line 36, in main
    init.scanning()
  File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\apkleaks.py", line 135, in scanning
    thread = threading.Thread(target = self.extract, args = (name, util.finder(pattern, self.tempdir)))
  File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\utils.py", line 18, in finder
    matcher = re.compile(pattern)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\re.py", line 252, in compile
    return _compile(pattern, flags)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\re.py", line 304, in _compile
    p = sre_compile.compile(pattern, flags)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_compile.py", line 764, in compile
    p = sre_parse.parse(p, flags)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 948, in parse
    p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 443, in _parse_sub
    itemsappend(_parse(source, state, verbose, nested + 1,
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 805, in _parse
    flags = _parse_flags(source, state, char)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 913, in _parse_flags
    raise source.error(msg, len(char))
re.error: missing : at position 21

pattern file i used :

{
	"Amazon_AWS_Access_Key_ID": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}",
	"Amazon_AWS_S3_Bucket": [
		"//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+",
		"//s3\\.amazonaws\\.com/[a-z0-9._-]+",
		"[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com",
		"[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)",
		"[a-z0-9.-]+\\.s3\\.amazonaws\\.com",
		"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
	],
	"AWS Client ID": "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}",
	"AWS Secret Key": "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z/+]{40}['\"]",
	"Google Drive API Key": "AIza[0-9A-Za-z\\-_]{35}",
	"Google Drive Oauth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
	"Gmail API key": "AIza[0-9A-Za-z\\-_]{35}",
	"Gmail Oauth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
	"Google Oauth Access Token": "ya29\\.[0-9A-Za-z\\-_]+",
	"Youtube API  key": "AIza[0-9A-Za-z\\-_]{35}",
	"LinkedIn Secret Key": "(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]",
	"Stripe API Key": "(?:r|s)k_live_[0-9a-zA-Z]{24}",
	"Vault Token": "[sb]\\.[a-zA-Z0-9]{24}",
	"Artifactory_API_Token": "(?:\\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}",
	"Artifactory_Password": "(?:\\s|=|:|\"|^)AP[\\dABCDEF][a-zA-Z0-9]{8,}",
	"Authorization_Basic": "basic\\s[a-zA-Z0-9_\\-:\\.=]+",
	"Authorization_Bearer": "bearer\\s[a-zA-Z0-9_\\-:\\.=]+",
	"AWS_API_Key": "AKIA[0-9A-Z]{16}",
	"Basic_Auth_Credentials": "(?<=:\/\/)[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+",
	"Cloudinary_Basic_Auth": "cloudinary:\/\/[0-9]{15}:[0-9A-Za-z]+@[a-z]+",
	"DEFCON_CTF_Flag": "O{3}\\{.*\\}",
	"Discord_BOT_Token": "((?:N|M|O)[a-zA-Z0-9]{23}\\.[a-zA-Z0-9-_]{6}\\.[a-zA-Z0-9-_]{27})$",
	"Facebook_Access_Token": "EAACEdEose0cBA[0-9A-Za-z]+",
	"Facebook_ClientID": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K](.{0,20})?['\"][0-9]{13,17}",
	"Facebook_OAuth": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]",
	"Facebook_Secret_Key": "([f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K]|[f|F][b|B])(.{0,20})?['\"][0-9a-f]{32}",
	"Firebase": "[a-z0-9.-]+\\.firebaseio\\.com",
	"Generic_API_Key": "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
	"Generic_Secret": "[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
	"GitHub": "[g|G][i|I][t|T][h|H][u|U][b|B].*['|\"][0-9a-zA-Z]{35,40}['|\"]",
	"GitHub_Access_Token": "([a-zA-Z0-9_-]*:[a-zA-Z0-9_-][email protected]*)$",
	"Google_API_Key": "AIza[0-9A-Za-z\\-_]{35}",
	"Google_Cloud_Platform_OAuth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
	"Google_Cloud_Platform_Service_Account": "\"type\": \"service_account\"",
	"Google_OAuth_Access_Token": "ya29\\.[0-9A-Za-z\\-_]+",
	"HackerOne_CTF_Flag": "[h|H]1(?:[c|C][t|T][f|F])?\\{.*\\}",
	"HackTheBox_CTF_Flag": "[h|H](?:[a|A][c|C][k|K][t|T][h|H][e|E][b|B][o|O][x|X]|[t|T][b|B])\\{.*\\}$",
	"Heroku_API_Key": "[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
	"IP_Address": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])",
	"JSON_Web_Token": "(?i)^((?=.*[a-z])(?=.*[0-9])(?:[a-z0-9_=]+\\.){2}(?:[a-z0-9_\\-\\+\/=]*))$",
	"LinkFinder": "(?:\"|')(((?:[a-zA-Z]{1,10}:\/\/|\/\/)[^\"'\/]{1,}\\.[a-zA-Z]{2,}[^\"']{0,})|((?:\/|\\.\\.\/|\\.\/)[^\"'><,;| *()(%%$^\/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{1,}\\.(?:[a-zA-Z]{1,4}|action)(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{3,}(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-]{1,}\\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\\?|#][^\"|']{0,}|)))(?:\"|')",
	"Mac_Address": "(([0-9A-Fa-f]{2}[:]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{2}[-]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{4}[\\.]){2}[0-9A-Fa-f]{4})$",
	"MailChimp_API_Key": "[0-9a-f]{32}-us[0-9]{1,2}",
	"Mailgun_API_Key": "key-[0-9a-zA-Z]{32}",
	"Mailto": "(?<=mailto:)[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9.-]+",
	"Password_in_URL": "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
	"PayPal_Braintree_Access_Token": "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}",
	"PGP_private_key_block": "-----BEGIN PGP PRIVATE KEY BLOCK-----",
	"Picatic_API_Key": "sk_live_[0-9a-z]{32}",
	"RSA_Private_Key": "-----BEGIN RSA PRIVATE KEY-----",
	"Slack_Token": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
	"Slack_Webhook": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
	"Square_Access_Token": "sq0atp-[0-9A-Za-z\\-_]{22}",
	"Square_OAuth_Secret": "sq0csp-[0-9A-Za-z\\-_]{43}",
	"SSH_DSA_Private_Key": "-----BEGIN DSA PRIVATE KEY-----",
	"SSH_EC_Private_Key": "-----BEGIN EC PRIVATE KEY-----",
	"Stripe_API_Key": "sk_live_[0-9a-zA-Z]{24}",
	"Stripe_Restricted_API_Key": "rk_live_[0-9a-zA-Z]{24}",
	"TryHackMe_CTF_Flag": "[t|T](?:[r|R][y|Y][h|H][a|A][c|C][k|K][m|M][e|E]|[h|H][m|M])\\{.*\\}$",
	"Twilio_API_Key": "SK[0-9a-fA-F]{32}",
	"Twitter_Access_Token": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}",
	"Twitter_ClientID": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{18,25}",
	"Twitter_OAuth": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*['|\"][0-9a-zA-Z]{35,44}['|\"]",
	"Twitter_Secret_Key": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{35,44}"
}

Entropies scan rules.

I saw some services here in Github that are based on entropy. I think you can add it, it is a good fit and a strong way to discover keys.

ps: I cannot work on this myself.

安装jadx或者启动时报错

Module Error

What's the apk_parse.apk module?I can't find this

Issue with requirements.txt (numpy) installation

I've been trying to install APKLeaks but having some run time installation error while installing the requirement.text. It seems there's some error with numpy cause it's failing to build and clean wheel again and again.

I even tried updating numpy to the latest version and re-installing too but there's no success. Please find the entire error here: https://ghostbin.co/paste/ojqknqs/raw

As per Android 7.0 . An Android APK is no longer zip file

Version 2 introduces a new APK signing mechanism, starting in Android 7.0 (Nougat). Since that version, the Android application package's format has changed, and now differs slightly from a normal ZIP file.

The modification consists in adding a special block in the ZIP file, called the APK Signing Block.

resulting in

File is not a zip file

** Done with nothing. ¯_(ツ)_/¯

Add JSON format for output report

Hi there,

I like this tool and I would like to integrate it as a library. Would it may be possible to create a json file as output instead of a text file? I think JSON would it make easier to parse the results and use the tool in combination with other tools.

Thx & Have a great day

Tom

ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.

Permissionerror: [winerror 32] this file is in use by another program and cannot be accessed by the process.: ' C:\\Users\\*****\\AppData\\Local\\Temp\\a pkleaks-oj1o08vu. txt'

Permissionerror: [winerror 32] this file is in use by another program and cannot be accessed by the process.: ' C:\Users\*****\AppData\Local\Temp\a

pkleaks-oj1o08vu. txt'

I use the latest version

Porting code to Python3

Empty results in Windows

I just called python apkleaks.py -f app.apk -o app.txt and got:

Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
←[0m
←[94m** Decompiling APK...
←[0mINFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 3

The app.txt file is completly empty. What could be the problem?

OS: Windows 10
Python: 3.8.0

re.error: missing : at position 31

i am running my kali linux on wsl i am getting this type of error

└─# apkleaks -f ../com.example.client.apk
_ ____ _ ___ _
/ \ | _ | |/ / | _ | | _____
/ _ \ | |) | ' /| | / _ / ` | |/ / |
/ _ | /| . | || / (| | <
// | ||____|_,||____/
v2.5.0

Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0

Can't find jadx binary.
Do you want to download jadx? (Y/n) y

** Downloading jadx...

** Decompiling APK...
INFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 17

** Scanning against 'com.example.client'

** Done with nothing. ¯_(ツ)_/¯
Traceback (most recent call last):
File "/usr/local/bin/apkleaks", line 33, in
sys.exit(load_entry_point('apkleaks==2.5.0', 'console_scripts', 'apkleaks')())
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/cli.py", line 36, in main
init.scanning()
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/apkleaks.py", line 132, in scanning
thread = threading.Thread(target = self.extract, args = (name, util.finder(pattern, self.tempdir)))
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/utils.py", line 18, in finder
matcher = re.compile(pattern)
File "/usr/lib/python3.9/re.py", line 252, in compile
return _compile(pattern, flags)
File "/usr/lib/python3.9/re.py", line 304, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib/python3.9/sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib/python3.9/sre_parse.py", line 948, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
File "/usr/lib/python3.9/sre_parse.py", line 443, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
File "/usr/lib/python3.9/sre_parse.py", line 805, in _parse
flags = _parse_flags(source, state, char)
File "/usr/lib/python3.9/sre_parse.py", line 913, in _parse_flags
raise source.error(msg, len(char))
re.error: missing : at position 31

Error when running python3 apkleaks.py -f...

ModuleNotFoundError: No module named 'pyaxmlparser'

Results should be shown on stdout

It always saves results to a file which makes it difficult to grep against and goes against the UX for virtually all *ix interfaces. The logic is sort of turned about - you should output to stdout unless a filename is supplied (using a --output option).

ApkLeaks does not decompile all DEX files

The code reveals that ApkLeaks only decompiles classes.dex, omitting any other DEX files: https://github.com/dwisiswant0/apkleaks/blob/master/apkleaks/apkleaks.py#L92

Since jadx is able to decompile an entire APK file, I suggest to pass the following arguments to jadx:

args = [self.jadx, self.file, "-d", self.tempdir, "--deobf"]

Can't create directory/permission denied

When i use --outpot, i get this error:
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\sezer\\Desktop\\folder'

When use just -f file.apk, i get this one:

ERROR - Error saving class: com.things.thing
jadx.core.utils.exceptions.JadxRuntimeException: 
Can't create directory C:\Users\sezer\AppData\Local\Temp\apkleaks-woqqyysy\sources\com\exampleapk\module\ui\main\api\data\aux
______________________________________________________________________________________________
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\sezer\\AppData\\Local\\Temp\\apkleaks-3hmqctov.txt'

I tried use on admin mode too but still same.

Add possibility to use apktool (error when decompile apk with jadx) or option to scan a given extracted folder

Thnak you for your tool.

Can you add the possibilty to specify apktool or jadx ?

Can you add possibilty to run only scan on a given folder contains files extracted from apk ?

Thanks

Error while decompiling APK

Hi,

Script is failing while decompiling apk. Tested with multiple apk's.

TypeError: expected string or bytes-like object

I was trying out apkleaks on an app that I had created using Flutter. But when I ran the command apkleaks -f app-arm64-v8a-release.apk, I got this error:

     _    ____  _  ___               _
    / \  |  _ \| |/ / |    ___  __ _| | _____
   / _ \ | |_) | ' /| |   / _ \/ _` | |/ / __|
  / ___ \|  __/| . \| |__|  __/ (_| |   <\__ \
 /_/   \_\_|   |_|\_\_____\___|\__,_|_|\_\___/
 v2.3.0
 --
 Scanning APK file for URIs, endpoints & secrets
 (c) 2020-2021, dwisiswant0

Traceback (most recent call last):
  File "C:\Python38\Scripts\apkleaks-script.py", line 11, in <module>
    load_entry_point('apkleaks==2.3.0', 'console_scripts', 'apkleaks')()
  File "c:\python38\lib\site-packages\apkleaks\cli.py", line 32, in main
    init = APKLeaks(args)
  File "c:\python38\lib\site-packages\apkleaks\apkleaks.py", line 29, in __init__
    self.disarg = re.split(r"\s|=", args.args)
  File "c:\python38\lib\re.py", line 231, in split
    return _compile(pattern, flags).split(string, maxsplit)
TypeError: expected string or bytes-like object

I ran this command in the same directory where my apk file is present. I am unable to figure out why I am getting this error.

Error Syntax

Command:
python apkleaks.py -f file_name.apk

OS version:
OSX High Sierra

Python version:
3.8.0

Screenshoot

PIP module

Any chance of packaging this into a PIP module?

ModuleNotFoundError: No module named 'pkg_resources'

Bug on Artifactory_Password

in running the lastest version of apkleaks
I ran apkleaks -f android_app.apk
I get the the following output
since the apps doesnt tell which file contains the artifactory password I decompile the apk
did a search for the string and It didnt find it anywhere.

[Question] I have a question about verbosity

is there a way to add more verbosity to the can of an apk.
for example the scan will tell me i found xyz but it doesnt tell me in which file and it would be benefitials to inspect the file to figure out what else might be hidding in there.

For example:

[Google_API_Key]

AAAAABBBBCCCDDDEEEEFFF
| --> /resources/some_folder/somefile.properties

Thanks

Get rid of the banner

Having an 11 line banner show up whenever the program is instance is silly and annoying - if you must have a banner, make it only show up when there's an error or when --help has been provided.

This will help with making the output more greppable.

PermissionError: [WinError 32] The process cannot access the file because it is being used by another process:

After issue #37 was fixed, I cloned the repo and tried testing it again.

Here's the command I entered: python .\apkleaks.py -f <path-to-apk>\app-armeabi-v7a-release.apk

Here's the output:

     _    ____  _  ___               _
    / \  |  _ \| |/ / |    ___  __ _| | _____
   / _ \ | |_) | ' /| |   / _ \/ _` | |/ / __|
  / ___ \|  __/| . \| |__|  __/ (_| |   <\__ \
 /_/   \_\_|   |_|\_\_____\___|\__,_|_|\_\___/
 v2.3.0
 --
 Scanning APK file for URIs, endpoints & secrets
 (c) 2020-2021, dwisiswant0

** Decompiling APK...
The filename, directory name, or volume label syntax is incorrect.

** Scanning against 'com.<package-name>'
Traceback (most recent call last):
  File ".\apkleaks.py", line 5, in <module>
    main()
  File "C:\Users\username\Documents\apkleaks\apkleaks\cli.py", line 38, in main
    init.cleanup()
  File "C:\Users\username\Documents\apkleaks\apkleaks\apkleaks.py", line 144, in cleanup
    os.remove(self.output)
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\username\\AppData\\Local\\Temp\\apkleaks-fimv9xye.txt'

Artifactory_Password PoC

can you provide a PoC for Artifactory_Password or how can i exploit it , thanks.

'C:/Program' is not recognized as an internal or external command, operable program or batch file.

Issue exists on Apkleaks v2.6.1, running on Windows 10, with python 3.9.0.

This is probably because of the space in name of the Program Files folder. The error message appears after ** Decompiling APK...

Doesn't get private key

It just gets the first line of a private key

[RSA_Private_Key]

-----BEGIN RSA PRIVATE KEY-----

.

Publish source tarball on pypi?

👋 it looks like there is no source tarball for pypi for the latest release, do you mind publishing one over there (it would help homebrew to parsing out the dependencies). Thanks!

relates to Homebrew/homebrew-core#153406

ERROR - finished with errors, count: 146

v2.6.1

Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
�[0m
�[94m** Decompiling APK...
�[0mINFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 146

urllib.error.URLError: <urlopen error [Errno 104] Connection reset by peer>

Hi :
when i operate this command: python apkleaks.py -f test.apk -o test.log

return this error:


     _    ____  _  ___               _        
    / \  |  _ \| |/ / |    ___  __ _| | _____ 
   / _ \ | |_) | ' /| |   / _ \/ _` | |/ / __|
  / ___ \|  __/| . \| |__|  __/ (_| |   <\__ \
 /_/   \_\_|   |_|\_\_____\___|\__,_|_|\_\___/
 v2.0.3
 --
 Scanning APK file for URIs, endpoints & secrets
 (c) 2020-2021, dwisiswant0

Can't find jadx binary.
Do you want to download jadx? (Y/n) Y
** Downloading jadx...

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/urllib/request.py", line 1317, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/local/lib/python3.7/http/client.py", line 1229, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/local/lib/python3.7/http/client.py", line 1275, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.7/http/client.py", line 1224, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.7/http/client.py", line 1016, in _send_output
    self.send(msg)
  File "/usr/local/lib/python3.7/http/client.py", line 956, in send
    self.connect()
  File "/usr/local/lib/python3.7/http/client.py", line 1392, in connect
    server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "apkleaks.py", line 24, in <module>
    apk = init.integrity()
  File "/botoo/testAPK/apkleaks-master/apkleaks/apkleaks.py", line 66, in integrity
    self.dependencies()
  File "/botoo/testAPK/apkleaks-master/apkleaks/apkleaks.py", line 37, in dependencies
    with closing(urlopen(exter)) as jadx:
  File "/usr/local/lib/python3.7/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/local/lib/python3.7/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/local/lib/python3.7/urllib/request.py", line 543, in _open
    '_open', req)
  File "/usr/local/lib/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/local/lib/python3.7/urllib/request.py", line 1360, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/local/lib/python3.7/urllib/request.py", line 1319, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 104] Connection reset by peer>

How can I solve this error？

thank you!

json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 62 column 1 (char 4619)

I ran apkleaks with this command:
sudo python3 apkleaks.py -f ../myapp.apk
but I got this error:

`
** Decompiling APK...
ERROR - Incorrect arguments: File not found /usr/share/jadx/bin/../myapp.apk

** Scanning against 'com.flightio.app'

** Done with nothing. ¯_(ツ)_/¯
Traceback (most recent call last):
File "/home/majidmc2/Desktop/apkleaks/apkleaks.py", line 5, in
main()
File "/home/majidmc2/Desktop/apkleaks/apkleaks/cli.py", line 36, in main
init.scanning()
File "/home/majidmc2/Desktop/apkleaks/apkleaks/apkleaks.py", line 124, in scanning
regex = json.load(regexes)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 62 column 1 (char 4619)
`

Update the docker (latest) to have 2.6.1

dwisiswant0/apkleaks:latest

is 2.6.0, not the latest version

I do not think I can PR this,

If possible please update the docker file to run from 2.6.1 ❤️

No module named apk_parse.apk

When i run: python apkleaks.py -f a.apk

An error occurred：

Traceback (most recent call last):
  File "apkleaks.py", line 2, in <module>
    from apkleaks.apkleaks import apkleaks
  File "/git/apkleaks/apkleaks/apkleaks.py", line 2, in <module>
    from apk_parse.apk import APK
ImportError: No module named apk_parse.apk

dwisiswant0 / apkleaks Goto Github PK

apkleaks's Introduction

apkleaks's People

Contributors

Stargazers

Watchers

Forkers

apkleaks's Issues

python2 apkleaks.py -h

└─# apkleaks -f ../com.example.client.apk _ ____ _ ___ _ / \ | _ | |/ / | ___ __ | | _____ / _ \ | |) | ' /| | / _ / ` | |/ / __| / ___ | /| . | || __/ (| | <__ // __| ||______|_,||____/ v2.5.0

v2.6.1

Recommend Projects

Recommend Topics

Recommend Org

└─# apkleaks -f ../com.example.client.apk
_ ____ _ ___ _
/ \ | _ | |/ / | _ | | _____
/ _ \ | |) | ' /| | / _ / ` | |/ / |
/ _ | /| . | || / (| | <
// | ||____|_,||____/
v2.5.0