APKLeaks
Apache-2.0馃摫 Mobile Security 路 Python
APKLeaks is a Python tool for scanning Android APK files to extract URLs, API endpoints, and hardcoded secrets from decompiled source code. It uses JADX for decompilation and applies a comprehensive set of regex patterns to identify API keys, OAuth tokens, AWS credentials, Firebase URLs, database connection strings, and other sensitive data that developers accidentally leave in production builds. APKLeaks is particularly useful during mobile app security assessments where you need a quick initial triage of what backend services an app communicates with and whether any credentials are exposed. The tool outputs findings in JSON format and supports custom regex pattern files for organization-specific secret formats. With over 6,000 GitHub stars, APKLeaks has become a standard first step in Android application security testing, often used alongside MobSF for comprehensive static analysis.
Installation
$ pip install apkleaksUse Cases
- Finding hardcoded API keys and secrets in APKs
- Extracting backend endpoints from mobile apps
- Android app security assessments
Tags
Details
- Category
- 馃摫 Mobile Security
- Language
- Python
- Repository
- dwisiswant0/apkleaks
- License
- Apache-2.0
- Platforms
- 馃惂linux馃崕macos馃獰windows
Links
Used in 1 Workflow
Community Reviews
Alternatives & Comparisons
More in Mobile Security
Frida
CDynamic instrumentation toolkit for developers and security researchers to inject scripts into native apps.
Objection
PythonRuntime mobile exploration toolkit powered by Frida for iOS and Android security testing without jailbreak.
APKTool
JavaReverse engineer Android APK files - decode resources, rebuild, and step-through debug smali code.
MobSF
PythonAutomated mobile security framework for static and dynamic analysis of Android, iOS, and Windows apps.
Drozer
PythonAndroid security testing framework for identifying vulnerabilities in apps and devices.
JADX
JavaDEX to Java decompiler producing readable Java source from Android APK and DEX files.