APKEnum: A Python Utility For APK Enumeration

A Simple Python Utility To Perform Passive Enumeration On Android Binaries

Shiv Sahni
May 5 · 3 min read
Image for post
Image for post

Reconnaissance is indeed the most critical and time-consuming phase of a penetration test. In this phase, we collect as much information as possible about the target. The more information we have, the more are the chances of successful exploitation.

Over the past few years, I have had multiple experiences where the mobile front of applications are missing the fundamental security practices whereas corresponding web applications are far more robust. This is definitely an area of opportunity for red teamers, penetration tester and bug bounty hunters wherein they could identify some cool security issues.

With all that in mind and COVID-19 lockdown, I thought of brushing up my scripting skills to come up with a passive enumeration utility for Android applications. The script takes APK file as an input, performs reverse engineering and gathers information from the decompiled binary. As of now, the script provides the following information by searching the decompiled code:

  • List of domains in the application
  • List of S3 buckets referenced in the code
  • List of S3 websites referenced in the code
  • List of IP addresses referenced in the. code

I wrote this story to walk you through the script. It is open source and can be easily downloaded from here.

APKEnum

The script is open source and is available on Github. You can download it from here.

Prerequisites

  • Support For Python 2.7
  • APKTool JAR

Note: The latest APKTool(v2.4.1) JAR file is already shipped with the package. In case you face decompilation issues, you can download the latest version from here and place it in the Dependency directory with name apktool.jar

Usage

Once downloaded, we just need to provide the pathname of the APK file. Optionally, we can also provide a list of keywords related to the target, the script would then create an additional list of in-scope domains based on the input keyword list apart from the aforementioned lists by performing String match.

Image for post

To test this out, I created a sample application with the following test data and executed APKEnum on the sample app.

Image for post
Image for post

The following screenshots show the results for the sample application

Image for post
Image for post
Note: In case you observe any bug, please feel free to raise an issue, we can together fix it!

Would appreciate your suggestions, bug reports, pull requests and other collaborations! Let’s save the world from hackers!

If just like me, you are also a cloud-security enthusiast have a look at NSDetect and NSBrute utilities that I recently made to automatically detect and exploit AWS NS Takeover issues :)

Stay tuned for some upcoming cool stuff on Application and Cloud Security. Feel free to follow me on Medium and Twitter.

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

Sign up for Infosec Writeups

By InfoSec Write-ups

Newsletter from Infosec Writeups Take a look

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Shiv Sahni

Written by

Security Engineer |Security Consultant |Infosec Trainer | Author | Lecturer | Open Source Contributor | Learner https://www.linkedin.com/in/shivsahni/

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Shiv Sahni

Written by

Security Engineer |Security Consultant |Infosec Trainer | Author | Lecturer | Open Source Contributor | Learner https://www.linkedin.com/in/shivsahni/

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store