APKEnum: A Python Utility For APK Enumeration
A Simple Python Utility To Perform Passive Enumeration On Android Binaries
Reconnaissance is indeed the most critical and time-consuming phase of a penetration test. In this phase, we collect as much information as possible about the target. The more information we have, the more are the chances of successful exploitation.
Over the past few years, I have had multiple experiences where the mobile front of applications are missing the fundamental security practices whereas corresponding web applications are far more robust. This is definitely an area of opportunity for red teamers, penetration tester and bug bounty hunters wherein they could identify some cool security issues.
With all that in mind and COVID-19 lockdown, I thought of brushing up my scripting skills to come up with a passive enumeration utility for Android applications. The script takes APK file as an input, performs reverse engineering and gathers information from the decompiled binary. As of now, the script provides the following information by searching the decompiled code:
- List of domains in the application
- List of S3 buckets referenced in the code
- List of S3 websites referenced in the code
- List of IP addresses referenced in the. code
I wrote this story to walk you through the script. It is open source and can be easily downloaded from here.
The script is open source and is available on Github. You can download it from here.
- Support For Python 2.7
- APKTool JAR
Note: The latest APKTool(v2.4.1) JAR file is already shipped with the package. In case you face decompilation issues, you can download the latest version from here and place it in the Dependency directory with name apktool.jar
Once downloaded, we just need to provide the pathname of the APK file. Optionally, we can also provide a list of keywords related to the target, the script would then create an additional list of in-scope domains based on the input keyword list apart from the aforementioned lists by performing String match.
To test this out, I created a sample application with the following test data and executed APKEnum on the sample app.
The following screenshots show the results for the sample application
Note: In case you observe any bug, please feel free to raise an issue, we can together fix it!
Would appreciate your suggestions, bug reports, pull requests and other collaborations! Let’s save the world from hackers!