From 02f67a5361dd8240bfad06e9973b5cbaecd63e79 Mon Sep 17 00:00:00 2001 From: Appknox Date: Thu, 7 Nov 2024 16:42:50 +0530 Subject: [PATCH] Added tool Apkleaks --- techniques/android/MASTG-TECH-0022.md | 2 +- tools/android/MASTG-TOOL-0121.md | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 tools/android/MASTG-TOOL-0121.md diff --git a/techniques/android/MASTG-TECH-0022.md b/techniques/android/MASTG-TECH-0022.md index 41e82ee3ef..fbdb2ed020 100644 --- a/techniques/android/MASTG-TECH-0022.md +++ b/techniques/android/MASTG-TECH-0022.md @@ -5,7 +5,7 @@ platform: android Most of the apps you might encounter connect to remote endpoints. Even before you perform any dynamic analysis (e.g. traffic capture and analysis), you can obtain some initial inputs or entry points by enumerating the domains to which the application is supposed to communicate to. -Typically these domains will be present as strings within the binary of the application. One way to achieve this is by using automated tools such as [APKEnum](https://github.com/shivsahni/APKEnum "APKEnum: A Python Utility For APK Enumeration") or @MASTG-TOOL-0035. Alternatively, you can _grep_ for the domain names by using regular expressions. For this you can target the app binary directly or reverse engineer it and target the disassembled or decompiled code. The latter option has a clear advantage: it can provide you with **context**, as you'll be able to see in which context each domain is being used (e.g. class and method). +Typically these domains will be present as strings within the binary of the application. One way to achieve this is by using automated tools such as @MASTG-TOOL-0121 or @MASTG-TOOL-0035. Alternatively, you can _grep_ for the domain names by using regular expressions. For this you can target the app binary directly or reverse engineer it and target the disassembled or decompiled code. The latter option has a clear advantage: it can provide you with **context**, as you'll be able to see in which context each domain is being used (e.g. class and method). From here on you can use this information to derive more insights which might be of use later during your analysis, e.g. you could match the domains to the pinned certificates or the [Network Security Configuration](../../Document/0x05g-Testing-Network-Communication.md#android-network-security-configuration) file or perform further reconnaissance on domain names to know more about the target environment. When evaluating an application it is important to check the Network Security Configuration file, as often (less secure) debug configurations might be pushed into final release builds by mistake. diff --git a/tools/android/MASTG-TOOL-0121.md b/tools/android/MASTG-TOOL-0121.md new file mode 100644 index 0000000000..e71fafa6df --- /dev/null +++ b/tools/android/MASTG-TOOL-0121.md @@ -0,0 +1,9 @@ +--- +title: Apkleaks +platform: android +source: https://github.com/dwisiswant0/apkleaks +--- + +Apkleaks [https://github.com/dwisiswant0/apkleaks] is an open-source utility designed for static analysis of Android APK files, with a primary focus on identifying sensitive data such as API keys, URLs, AWS S3 buckets, and Firebase URLs. This tool automates the process of string analysis, facilitating the detection of hardcoded secrets and potential security vulnerabilities within Android applications. + +It offers support for custom regular expression rules, enabling users to specify additional search criteria through a JSON configuration file [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json). This adaptability allows for a customized analysis, thereby increasing its effectiveness in various security testing contexts. The tool integrates smoothly into testing workflows and provides clear, actionable insights to support efficient vulnerability management.