APKLab - Android Reverse Engineering WorkBench For VS Code

APKLab seamlessly integrates the best open-source tools: Apktool, Jadx, uber-apk-signer and more to the excellent VS Code so you can focus on app analysis and get it done without leaving the IDE. Features Decode all the resources from an APK Disassemble the APK to Dalvik bytecode aka Smali...

RapidPayload - Metasploit Payload Generator

Framework RapidPayload - Metasploit Payload Generator Requirements OpenJDK 8 JAVA, or superiors versions. Metasploit Apktool Python3 Execution: git clone https://github.com/AngelSecurityTeam/RapidPayload cd RapidPayload bash install.sh python3 RapidPayload.py AngelSecurityTeam Download RapidPaylo...

Obfuscapk - A Black-Box Obfuscation Tool For Android Apps

Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscat...

Apk-Mitm - A CLI Application That Prepares Android APK Files For HTTPS Inspection

A CLI application that automatically prepares Android APK files for HTTPS inspection Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to...

EVABS - Extremely Vulnerable Android Labs

An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application...

Keyfinder - A Tool For Finding And Analyzing Private (And Public) Key Files, Including Support For Android APK Files

CERT Keyfinder is a utility for finding and analyzing key files on a filesystem as well as contained within Android APK files. CERT Keyfinder development was sponsored by the United States Department of Homeland Security DHS. Installation requirements: 1. Python 3.x recommended androguard...

Diggy - Extract Enpoints From APK Files

Diggy can extract endpoints/URLs from apk files. It saves the result into a txt file for further processing. Dependencies apktool Usage ./diggy.sh /path/to/apk/file.apk You can also install it for easier access by running install.sh After that, you will be able to run Diggy as follows: diggy...

MDX Toolkit - error when wrapping android app - APKTool Error

MDX Toolkit version: 10.8.5 on-prem and cloud. -This article explains how to fix the issue on the on-prem version- When MDX Toolkit is trying to re-compile it shows the following error: "Re-compile the app using APKTool 2.3.1 and it fails" Complete log of the error is shown below: De-Compiling th...

Reverse Engineering Android apk Files: Apktool

ApkTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like fil...

AndroTickler - Penetration Testing and Auditing Toolkit for Android Apps

A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during the...

Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers

Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to stea...

Developers Targeted in ‘ParseDroid’ PoC Attack

Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was...

Evil-Droid - Framework to Create, Generate & Embed APK Payloads

Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platforms. Screenshot: Dependencies : 1 - metasploit-framework 2 - xterm 3 - Zenity 4 - Aapt 5 - Apktool 6 - Zipalign Download/Config/Usage: 1 - Download the tool from github git clone...

kwetza - Python script to inject existing Android applications with a Meterpreter payload

Kwetza is a tool that allows you to infect an existing Android application with a Meterpreter payload. What does it do? Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications...

Infect Android Application With Meterpreter Payload: kwetza

Infect Android Application With Meterpreter Payload Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications using the target application’s default permissions or inject...

backdoor-apk - shell script that simplifies the process of adding a backdoor to any Android APK file

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and ...

Backdooring Android APK: backdoor-apk

Backdooring Android APK backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without...

Backdoor Android APK: backdoor-apk

backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without warranty of any kind and ...

Lobotomy - Android Reverse Engineering Framework & Toolkit

Lobotomy is an Android security toolkit that will automate different Android assessments and reverse engineering tasks. The goal of the Lobotomy toolkit is to provide a console environment, which would allow a user to load their target Android APK once, then have all the necessary tools without...

Android Pentesting Portable Integrated Environment: Appie

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual MachineVM or dualboot. It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android...