dwisiswant0 / apkleaks Goto Github PK

View Code? Open in Web Editor NEW

4.6K 76.0 455.0 99 KB

Scanning APK file for URIs, endpoints & secrets.

License: Apache License 2.0

Python 96.02% Dockerfile 3.98%

mobile-security android-security reverse-engineering bugbounty static-analysis apk scanning-apk apk-parser

apkleaks's Introduction

APKLeaks

Scanning APK file for URIs, endpoints & secrets.

Installation
Usage
- Options
License
Acknowledments

Installation

It's fairly simple to install APKLeaks:

from PyPi

$ pip3 install apkleaks

from Source

Clone repository and install requirements:

$ git clone https://github.com/dwisiswant0/apkleaks
$ cd apkleaks/
$ pip3 install -r requirements.txt

from Docker

Pull the Docker image by running:

$ docker pull dwisiswant0/apkleaks:latest

Dependencies

The APKLeaks utilizes the jadx disassembler to decompile APK files. If jadx is not present in your system, it will prompt you to download it.

Usage

Simply,

$ apkleaks -f ~/path/to/file.apk
# from Source
$ python3 apkleaks.py -f ~/path/to/file.apk
# or with Docker
$ docker run -it --rm -v /tmp:/tmp dwisiswant0/apkleaks:latest -f /tmp/file.apk

Options

Here are all the options it supports.

Argument	Description	Example
-f, --file	APK file to scanning	`apkleaks -f file.apk`
-o, --output	Write to file results (random if not set)	`apkleaks -f file.apk -o results.txt`
-p, --pattern	Path to custom patterns JSON	`apkleaks -f file.apk -p custom-rules.json`
-a, --args	Disassembler arguments	`apkleaks -f file.apk --args="--deobf --log-level DEBUG"`
--json	Save as JSON format	`apkleaks -f file.apk -o results.json --json`

Output

In general, if you don't provide -o argument, then it will generate results file automatically.

Tip

By default it will also save the results in text format, use --json argument if you want JSON output format.

Pattern

Custom patterns can be added with the following argument to provide sensitive search rules in the JSON file format: --pattern /path/to/custom-rules.json. If no file is set, the tool will use the default patterns found in regexes.json file.

Here's an example of what a custom pattern file could look like:

// custom-rules.json
{
  "Amazon AWS Access Key ID": "AKIA[0-9A-Z]{16}",
  // ...
}

To run the tool using these custom rules, use the following command:

$ apkleaks -f /path/to/file.apk -p rules.json -o ~/Documents/apkleaks-results.txt

Arguments (disassembler)

We give user complete discretion to pass the disassembler arguments. For example, if you want to activate threads in jadx decompilation process, you can add it with -a/--args argument, example: --args="--threads-count 5".

$ apkleaks -f /path/to/file.apk -a "--deobf --log-level DEBUG"

Warning

Please pay attention to the default disassembler arguments we use to prevent collisions.

License

apkleaks is distributed under Apache 2.

Acknowledments

Since this tool includes some contributions, and I'm not an asshole, I'll publically thank the following users for their helps and resources:

@ndelphit - for his inspiring apkurlgrep, that's why this tool was made.
@dxa4481 and y'all who contribute to truffleHogRegexes.
@GerbenJavado & @Bankde - for awesome pattern to discover URLs, endpoints & their parameters from LinkFinder.
@tomnomnom - a gf patterns.
@pxb1988 - for awesome APK dissambler dex2jar.
@subho007 for standalone APK parser.
SHA2048#4361 (Discord user) that help me porting code to Python3.
@Ry0taK because he had reported an OS command injection bug.
@dee__see - for curated potentially sensitive tokens, NotKeyHacks.
All contributors.

apkleaks's People

Contributors

Stargazers

Watchers

Forkers

zakisu mmg1 slooppe crackercat hatchetxuexi ro9ueadmin gothack06 apurvt fuzz-security tamersp25 5l1v3r1 polling-repo-continua yalonso7 offsecin spwn3r49sd3r00 sasqwatch brukusec anon0ps hollow667 zeroc00i techris45 th3cyb3rc0p rassec element-92 fo0nikens jack51706 shahid1996 xiaoliangli1128 deepwebhacker j3rry-1729 athna wisdark aminu-muhammed karanpatel863 android-toolkits jermainlaforce xxa1e evilcry vedattascier rv0p111 zha0 michaelkoczwara anboo rajivraj datadrug h1d3r kakuye ethancck tomyang9 gitwk86 kernweak ipk1 3riatarka shadowce v4vr1n3c 9tail123 israelccarvalho ethan-1106 yashomer1994 ateeshrajak marciopocebon sageof6iixpaths effortlessdevsec wh014m n1f2c3 icodein xee5ch hunter0x8 secfb 3esawe y0d4a greenmind-sec stish834 chanpu9 swagkarna affilares karandpr tusharkeshav etech88 askmetoo saugatasil chubbymaggie hvyarms betillogalvanfbc ninovalboskoni hoangtrongvu p0desta shalekesan hzj415909583 nevinhappy psnetworks hadryan ssahgal hittimes kalmndo mickius86 serg20202020 cprakashagr optionalg preventions

apkleaks's Issues

Add some sensitive key

Hello, I want to share some regex 😃

FCM Key:

AAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140}

Square app id/secret and auth token:

sq0[a-z]{3}-[0-9A-Za-z\-_]{22,43}
EAAA[a-zA-Z0-9]{60}

Microsoft azure tenant:

CLIENT_ID: [0-9a-z\-]{36}
CLIENT_SECRET: [0-9A-Za-z\+\=]{40,50}
TENANT_ID: [0-9a-z\-]{36}

Google Recaptcha key:

^6[0-9a-zA-Z_-]{39}$

Ref: https://github.com/streaak/keyhacks

Update the docker (latest) to have 2.6.1

dwisiswant0/apkleaks:latest

is 2.6.0, not the latest version

I do not think I can PR this,

If possible please update the docker file to run from 2.6.1 ❤️

Issue with requirements.txt (numpy) installation

I've been trying to install APKLeaks but having some run time installation error while installing the requirement.text. It seems there's some error with numpy cause it's failing to build and clean wheel again and again.

I even tried updating numpy to the latest version and re-installing too but there's no success. Please find the entire error here: https://ghostbin.co/paste/ojqknqs/raw

swig error

hello, everyone, i have this problem

building 'M2Crypto._m2crypto' extension
swigging SWIG/_m2crypto.i to SWIG/_m2crypto_wrap.c
C:\swigwin-3.0.12\swig.exe -python -Ic:\python27\include -Ic:\python27\PC -I/usr/include/openssl -includeall -modern -builtin -outdir c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\M2Crypto -o SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i
SWIG_m2crypto.i(62) : Error: Unable to find 'openssl\opensslv.h'
SWIG_m2crypto.i(68) : Error: Unable to find 'openssl\safestack.h'
SWIG_evp.i(12) : Error: Unable to find 'openssl\opensslconf.h'
SWIG_rc4.i(5) : Error: Unable to find 'openssl\opensslconf.h'
SWIG_ec.i(7) : Error: Unable to find 'openssl\opensslconf.h'
error: command 'C:\swigwin-3.0.12\swig.exe' failed with exit status 1

----------------------------------------

Command "c:\python27\python.exe -u -c "import setuptools, tokenize;file='c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record c:\users\public\documents\wondershare\creatortemp\pip-j9duqt-record\install-record.txt --single-version-externally-managed --compile" failed with error code 1 in c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\

however I have wig and openssl installed correctly

C:>openssl
OpenSSL>

please help me

ApkLeaks does not decompile all DEX files

The code reveals that ApkLeaks only decompiles classes.dex, omitting any other DEX files: https://github.com/dwisiswant0/apkleaks/blob/master/apkleaks/apkleaks.py#L92

Since jadx is able to decompile an entire APK file, I suggest to pass the following arguments to jadx:

args = [self.jadx, self.file, "-d", self.tempdir, "--deobf"]

As per Android 7.0 . An Android APK is no longer zip file

Version 2 introduces a new APK signing mechanism, starting in Android 7.0 (Nougat). Since that version, the Android application package's format has changed, and now differs slightly from a normal ZIP file.

The modification consists in adding a special block in the ZIP file, called the APK Signing Block.

resulting in

File is not a zip file

** Done with nothing. ¯_(ツ)_/¯

Artifactory_Password PoC

can you provide a PoC for Artifactory_Password or how can i exploit it , thanks.

Add possibility to use apktool (error when decompile apk with jadx) or option to scan a given extracted folder

Thnak you for your tool.

Can you add the possibilty to specify apktool or jadx ?

Can you add possibilty to run only scan on a given folder contains files extracted from apk ?

Thanks

TypeError: expected string or bytes-like object

I was trying out apkleaks on an app that I had created using Flutter. But when I ran the command apkleaks -f app-arm64-v8a-release.apk, I got this error:

     _    ____  _  ___               _
    / \  |  _ \| |/ / |    ___  __ _| | _____
   / _ \ | |_) | ' /| |   / _ \/ _` | |/ / __|
  / ___ \|  __/| . \| |__|  __/ (_| |   <\__ \
 /_/   \_\_|   |_|\_\_____\___|\__,_|_|\_\___/
 v2.3.0
 --
 Scanning APK file for URIs, endpoints & secrets
 (c) 2020-2021, dwisiswant0

Traceback (most recent call last):
  File "C:\Python38\Scripts\apkleaks-script.py", line 11, in <module>
    load_entry_point('apkleaks==2.3.0', 'console_scripts', 'apkleaks')()
  File "c:\python38\lib\site-packages\apkleaks\cli.py", line 32, in main
    init = APKLeaks(args)
  File "c:\python38\lib\site-packages\apkleaks\apkleaks.py", line 29, in __init__
    self.disarg = re.split(r"\s|=", args.args)
  File "c:\python38\lib\re.py", line 231, in split
    return _compile(pattern, flags).split(string, maxsplit)
TypeError: expected string or bytes-like object

I ran this command in the same directory where my apk file is present. I am unable to figure out why I am getting this error.

Error while decompiling APK

Hi,

Script is failing while decompiling apk. Tested with multiple apk's.

Results should be shown on stdout

It always saves results to a file which makes it difficult to grep against and goes against the UX for virtually all *ix interfaces. The logic is sort of turned about - you should output to stdout unless a filename is supplied (using a --output option).

PermissionError: [WinError 32] The process cannot access the file because it is being used by another process:

After issue #37 was fixed, I cloned the repo and tried testing it again.

Here's the command I entered: python .\apkleaks.py -f <path-to-apk>\app-armeabi-v7a-release.apk

Here's the output:

     _    ____  _  ___               _
    / \  |  _ \| |/ / |    ___  __ _| | _____
   / _ \ | |_) | ' /| |   / _ \/ _` | |/ / __|
  / ___ \|  __/| . \| |__|  __/ (_| |   <\__ \
 /_/   \_\_|   |_|\_\_____\___|\__,_|_|\_\___/
 v2.3.0
 --
 Scanning APK file for URIs, endpoints & secrets
 (c) 2020-2021, dwisiswant0

** Decompiling APK...
The filename, directory name, or volume label syntax is incorrect.

** Scanning against 'com.<package-name>'
Traceback (most recent call last):
  File ".\apkleaks.py", line 5, in <module>
    main()
  File "C:\Users\username\Documents\apkleaks\apkleaks\cli.py", line 38, in main
    init.cleanup()
  File "C:\Users\username\Documents\apkleaks\apkleaks\apkleaks.py", line 144, in cleanup
    os.remove(self.output)
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\username\\AppData\\Local\\Temp\\apkleaks-fimv9xye.txt'

Empty results in Windows

I just called python apkleaks.py -f app.apk -o app.txt and got:

Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
←[0m
←[94m** Decompiling APK...
←[0mINFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 3

The app.txt file is completly empty. What could be the problem?

OS: Windows 10
Python: 3.8.0

安装jadx或者启动时报错

Can't create directory/permission denied

When i use --outpot, i get this error:
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\sezer\\Desktop\\folder'

When use just -f file.apk, i get this one:

ERROR - Error saving class: com.things.thing
jadx.core.utils.exceptions.JadxRuntimeException: 
Can't create directory C:\Users\sezer\AppData\Local\Temp\apkleaks-woqqyysy\sources\com\exampleapk\module\ui\main\api\data\aux
______________________________________________________________________________________________
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\sezer\\AppData\\Local\\Temp\\apkleaks-3hmqctov.txt'

I tried use on admin mode too but still same.

ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.

Giving decompilation method options

Either user want to use jadx or apktool.

Doesn't get private key

It just gets the first line of a private key

[RSA_Private_Key]

-----BEGIN RSA PRIVATE KEY-----

Porting code to Python3

PIP module

Any chance of packaging this into a PIP module?

ModuleNotFoundError: No module named 'pkg_resources'

numpy missing in requirements.txt

json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 62 column 1 (char 4619)

I ran apkleaks with this command:
sudo python3 apkleaks.py -f ../myapp.apk
but I got this error:

`
** Decompiling APK...
ERROR - Incorrect arguments: File not found /usr/share/jadx/bin/../myapp.apk

** Scanning against 'com.flightio.app'

** Done with nothing. ¯_(ツ)_/¯
Traceback (most recent call last):
File "/home/majidmc2/Desktop/apkleaks/apkleaks.py", line 5, in
main()
File "/home/majidmc2/Desktop/apkleaks/apkleaks/cli.py", line 36, in main
init.scanning()
File "/home/majidmc2/Desktop/apkleaks/apkleaks/apkleaks.py", line 124, in scanning
regex = json.load(regexes)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 62 column 1 (char 4619)
`

No module named apk_parse.apk

When i run: python apkleaks.py -f a.apk

An error occurred：

Traceback (most recent call last):
  File "apkleaks.py", line 2, in <module>
    from apkleaks.apkleaks import apkleaks
  File "/git/apkleaks/apkleaks/apkleaks.py", line 2, in <module>
    from apk_parse.apk import APK
ImportError: No module named apk_parse.apk

urllib.error.URLError: <urlopen error [Errno 104] Connection reset by peer>

Hi :
when i operate this command: python apkleaks.py -f test.apk -o test.log

return this error:


     _    ____  _  ___               _        
    / \  |  _ \| |/ / |    ___  __ _| | _____ 
   / _ \ | |_) | ' /| |   / _ \/ _` | |/ / __|
  / ___ \|  __/| . \| |__|  __/ (_| |   <\__ \
 /_/   \_\_|   |_|\_\_____\___|\__,_|_|\_\___/
 v2.0.3
 --
 Scanning APK file for URIs, endpoints & secrets
 (c) 2020-2021, dwisiswant0

Can't find jadx binary.
Do you want to download jadx? (Y/n) Y
** Downloading jadx...

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/urllib/request.py", line 1317, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))
  File "/usr/local/lib/python3.7/http/client.py", line 1229, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/local/lib/python3.7/http/client.py", line 1275, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.7/http/client.py", line 1224, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.7/http/client.py", line 1016, in _send_output
    self.send(msg)
  File "/usr/local/lib/python3.7/http/client.py", line 956, in send
    self.connect()
  File "/usr/local/lib/python3.7/http/client.py", line 1392, in connect
    server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "apkleaks.py", line 24, in <module>
    apk = init.integrity()
  File "/botoo/testAPK/apkleaks-master/apkleaks/apkleaks.py", line 66, in integrity
    self.dependencies()
  File "/botoo/testAPK/apkleaks-master/apkleaks/apkleaks.py", line 37, in dependencies
    with closing(urlopen(exter)) as jadx:
  File "/usr/local/lib/python3.7/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/local/lib/python3.7/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/local/lib/python3.7/urllib/request.py", line 543, in _open
    '_open', req)
  File "/usr/local/lib/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/usr/local/lib/python3.7/urllib/request.py", line 1360, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/local/lib/python3.7/urllib/request.py", line 1319, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 104] Connection reset by peer>

How can I solve this error？

thank you!

Error Syntax

Command:
python apkleaks.py -f file_name.apk

OS version:
OSX High Sierra

Python version:
3.8.0

Screenshoot

ERROR: No module named apk_parse.apk

Hi, i'm having this error while trying to run the script:

python2 apkleaks.py -h

Traceback (most recent call last):
File "apkleaks.py", line 2, in
from apk_parse.apk import APK
ImportError: No module named apk_parse.apk

Where can i find this "apk_parse.apk" file ?

Thanks

missing some

not able to find sensitive data that is comment out in apk.

pyaxmlparser installation is missing

pip install pyaxmlparser

Permissionerror: [winerror 32] this file is in use by another program and cannot be accessed by the process.: ' C:\\Users\\*****\\AppData\\Local\\Temp\\a pkleaks-oj1o08vu. txt'

Permissionerror: [winerror 32] this file is in use by another program and cannot be accessed by the process.: ' C:\Users\*****\AppData\Local\Temp\a

pkleaks-oj1o08vu. txt'

I use the latest version

.

The filename, directory name, or volume label syntax is incorrect

I used the following command,

python apkleaks.py -f testapp.apk

but it gives error :

←[0m
←[94m** Decompiling APK...
←[0mThe filename, directory name, or volume label syntax is incorrect.

** Scanning against 'instagram.photo.video.downloader.repost.insta'

** Done with nothing. ¯_(ツ)_/¯

re.error: missing : at position 31

i am running my kali linux on wsl i am getting this type of error

└─# apkleaks -f ../com.example.client.apk
_ ____ _ ___ _
/ \ | _ | |/ / | _ | | _____
/ _ \ | |) | ' /| | / _ / ` | |/ / |
/ _ | /| . | || / (| | <
// | ||____|_,||____/
v2.5.0

Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0

Can't find jadx binary.
Do you want to download jadx? (Y/n) y

** Downloading jadx...

** Decompiling APK...
INFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 17

** Scanning against 'com.example.client'

** Done with nothing. ¯_(ツ)_/¯
Traceback (most recent call last):
File "/usr/local/bin/apkleaks", line 33, in
sys.exit(load_entry_point('apkleaks==2.5.0', 'console_scripts', 'apkleaks')())
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/cli.py", line 36, in main
init.scanning()
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/apkleaks.py", line 132, in scanning
thread = threading.Thread(target = self.extract, args = (name, util.finder(pattern, self.tempdir)))
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/utils.py", line 18, in finder
matcher = re.compile(pattern)
File "/usr/lib/python3.9/re.py", line 252, in compile
return _compile(pattern, flags)
File "/usr/lib/python3.9/re.py", line 304, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib/python3.9/sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib/python3.9/sre_parse.py", line 948, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
File "/usr/lib/python3.9/sre_parse.py", line 443, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
File "/usr/lib/python3.9/sre_parse.py", line 805, in _parse
flags = _parse_flags(source, state, char)
File "/usr/lib/python3.9/sre_parse.py", line 913, in _parse_flags
raise source.error(msg, len(char))
re.error: missing : at position 31

[Question] I have a question about verbosity

is there a way to add more verbosity to the can of an apk.
for example the scan will tell me i found xyz but it doesnt tell me in which file and it would be benefitials to inspect the file to figure out what else might be hidding in there.

For example:

[Google_API_Key]

AAAAABBBBCCCDDDEEEEFFF
| --> /resources/some_folder/somefile.properties

Thanks

ERROR - finished with errors, count: 146

v2.6.1

Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
�[0m
�[94m** Decompiling APK...
�[0mINFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 146

It's possible to make apkleaks save output of jadx instead of create Temporary Dir

It's possible to make apkleaks save output of jadx , I tried using --output-dir-src and --output-dir-res with -a but apkleaks search only through -d dir and -d dir here is Temporary Dir so It's will be awesome if you make it not temporary dir so later we can use output of jadx

Can't able to run apkleaks.py

Getting following Error first

Traceback (most recent call last):
  File "apkleaks.py", line 2, in <module>
    from apkleaks.apkleaks import APKLeaks
  File "/mnt/f/InfoSec/Tools/apkleaks/apkleaks/apkleaks.py", line 2, in <module>
    from apkleaks.colors import clr
ImportError: No module named colors

re.error: missing : at position 21.

when i use -p argement and specify pattern file it throws this error :

Traceback (most recent call last):
  File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks.py", line 5, in <module>
    main()
  File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\cli.py", line 36, in main
    init.scanning()
  File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\apkleaks.py", line 135, in scanning
    thread = threading.Thread(target = self.extract, args = (name, util.finder(pattern, self.tempdir)))
  File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\utils.py", line 18, in finder
    matcher = re.compile(pattern)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\re.py", line 252, in compile
    return _compile(pattern, flags)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\re.py", line 304, in _compile
    p = sre_compile.compile(pattern, flags)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_compile.py", line 764, in compile
    p = sre_parse.parse(p, flags)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 948, in parse
    p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 443, in _parse_sub
    itemsappend(_parse(source, state, verbose, nested + 1,
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 805, in _parse
    flags = _parse_flags(source, state, char)
  File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 913, in _parse_flags
    raise source.error(msg, len(char))
re.error: missing : at position 21

pattern file i used :

{
	"Amazon_AWS_Access_Key_ID": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}",
	"Amazon_AWS_S3_Bucket": [
		"//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+",
		"//s3\\.amazonaws\\.com/[a-z0-9._-]+",
		"[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com",
		"[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)",
		"[a-z0-9.-]+\\.s3\\.amazonaws\\.com",
		"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
	],
	"AWS Client ID": "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}",
	"AWS Secret Key": "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z/+]{40}['\"]",
	"Google Drive API Key": "AIza[0-9A-Za-z\\-_]{35}",
	"Google Drive Oauth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
	"Gmail API key": "AIza[0-9A-Za-z\\-_]{35}",
	"Gmail Oauth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
	"Google Oauth Access Token": "ya29\\.[0-9A-Za-z\\-_]+",
	"Youtube API  key": "AIza[0-9A-Za-z\\-_]{35}",
	"LinkedIn Secret Key": "(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]",
	"Stripe API Key": "(?:r|s)k_live_[0-9a-zA-Z]{24}",
	"Vault Token": "[sb]\\.[a-zA-Z0-9]{24}",
	"Artifactory_API_Token": "(?:\\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}",
	"Artifactory_Password": "(?:\\s|=|:|\"|^)AP[\\dABCDEF][a-zA-Z0-9]{8,}",
	"Authorization_Basic": "basic\\s[a-zA-Z0-9_\\-:\\.=]+",
	"Authorization_Bearer": "bearer\\s[a-zA-Z0-9_\\-:\\.=]+",
	"AWS_API_Key": "AKIA[0-9A-Z]{16}",
	"Basic_Auth_Credentials": "(?<=:\/\/)[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+",
	"Cloudinary_Basic_Auth": "cloudinary:\/\/[0-9]{15}:[0-9A-Za-z]+@[a-z]+",
	"DEFCON_CTF_Flag": "O{3}\\{.*\\}",
	"Discord_BOT_Token": "((?:N|M|O)[a-zA-Z0-9]{23}\\.[a-zA-Z0-9-_]{6}\\.[a-zA-Z0-9-_]{27})$",
	"Facebook_Access_Token": "EAACEdEose0cBA[0-9A-Za-z]+",
	"Facebook_ClientID": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K](.{0,20})?['\"][0-9]{13,17}",
	"Facebook_OAuth": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]",
	"Facebook_Secret_Key": "([f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K]|[f|F][b|B])(.{0,20})?['\"][0-9a-f]{32}",
	"Firebase": "[a-z0-9.-]+\\.firebaseio\\.com",
	"Generic_API_Key": "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
	"Generic_Secret": "[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
	"GitHub": "[g|G][i|I][t|T][h|H][u|U][b|B].*['|\"][0-9a-zA-Z]{35,40}['|\"]",
	"GitHub_Access_Token": "([a-zA-Z0-9_-]*:[a-zA-Z0-9_-][email protected]*)$",
	"Google_API_Key": "AIza[0-9A-Za-z\\-_]{35}",
	"Google_Cloud_Platform_OAuth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
	"Google_Cloud_Platform_Service_Account": "\"type\": \"service_account\"",
	"Google_OAuth_Access_Token": "ya29\\.[0-9A-Za-z\\-_]+",
	"HackerOne_CTF_Flag": "[h|H]1(?:[c|C][t|T][f|F])?\\{.*\\}",
	"HackTheBox_CTF_Flag": "[h|H](?:[a|A][c|C][k|K][t|T][h|H][e|E][b|B][o|O][x|X]|[t|T][b|B])\\{.*\\}$",
	"Heroku_API_Key": "[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
	"IP_Address": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])",
	"JSON_Web_Token": "(?i)^((?=.*[a-z])(?=.*[0-9])(?:[a-z0-9_=]+\\.){2}(?:[a-z0-9_\\-\\+\/=]*))$",
	"LinkFinder": "(?:\"|')(((?:[a-zA-Z]{1,10}:\/\/|\/\/)[^\"'\/]{1,}\\.[a-zA-Z]{2,}[^\"']{0,})|((?:\/|\\.\\.\/|\\.\/)[^\"'><,;| *()(%%$^\/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{1,}\\.(?:[a-zA-Z]{1,4}|action)(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{3,}(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-]{1,}\\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\\?|#][^\"|']{0,}|)))(?:\"|')",
	"Mac_Address": "(([0-9A-Fa-f]{2}[:]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{2}[-]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{4}[\\.]){2}[0-9A-Fa-f]{4})$",
	"MailChimp_API_Key": "[0-9a-f]{32}-us[0-9]{1,2}",
	"Mailgun_API_Key": "key-[0-9a-zA-Z]{32}",
	"Mailto": "(?<=mailto:)[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9.-]+",
	"Password_in_URL": "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
	"PayPal_Braintree_Access_Token": "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}",
	"PGP_private_key_block": "-----BEGIN PGP PRIVATE KEY BLOCK-----",
	"Picatic_API_Key": "sk_live_[0-9a-z]{32}",
	"RSA_Private_Key": "-----BEGIN RSA PRIVATE KEY-----",
	"Slack_Token": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
	"Slack_Webhook": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
	"Square_Access_Token": "sq0atp-[0-9A-Za-z\\-_]{22}",
	"Square_OAuth_Secret": "sq0csp-[0-9A-Za-z\\-_]{43}",
	"SSH_DSA_Private_Key": "-----BEGIN DSA PRIVATE KEY-----",
	"SSH_EC_Private_Key": "-----BEGIN EC PRIVATE KEY-----",
	"Stripe_API_Key": "sk_live_[0-9a-zA-Z]{24}",
	"Stripe_Restricted_API_Key": "rk_live_[0-9a-zA-Z]{24}",
	"TryHackMe_CTF_Flag": "[t|T](?:[r|R][y|Y][h|H][a|A][c|C][k|K][m|M][e|E]|[h|H][m|M])\\{.*\\}$",
	"Twilio_API_Key": "SK[0-9a-fA-F]{32}",
	"Twitter_Access_Token": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}",
	"Twitter_ClientID": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{18,25}",
	"Twitter_OAuth": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*['|\"][0-9a-zA-Z]{35,44}['|\"]",
	"Twitter_Secret_Key": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{35,44}"
}

Can you provide a web regular expression?

"LinkFinder": "(?:"|')(((?:[a-zA-Z]{1,10}://|//)[^\"'\/]{1,}\.[a-zA-Z]{2,}[^\"']{0,})|((?:/|\.\./|\./)[^\"'><,;| *()(%%$^\/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\?|#][^\"|']{0,}|)))(?:"|')"
I want to use this expression, but can I just match HTTP and HTTPS?

Publish source tarball on pypi?

👋 it looks like there is no source tarball for pypi for the latest release, do you mind publishing one over there (it would help homebrew to parsing out the dependencies). Thanks!

relates to Homebrew/homebrew-core#153406

Passing user-supplied disassambler arguments

Looks like --args="-a b -c d".

Related #15.

Error when running python3 apkleaks.py -f...

ModuleNotFoundError: No module named 'pyaxmlparser'

'C:/Program' is not recognized as an internal or external command, operable program or batch file.

Issue exists on Apkleaks v2.6.1, running on Windows 10, with python 3.9.0.

This is probably because of the space in name of the Program Files folder. The error message appears after ** Decompiling APK...

Module Error

What's the apk_parse.apk module?I can't find this

Entropies scan rules.

I saw some services here in Github that are based on entropy. I think you can add it, it is a good fit and a strong way to discover keys.

ps: I cannot work on this myself.

Bug on Artifactory_Password

in running the lastest version of apkleaks
I ran apkleaks -f android_app.apk
I get the the following output
since the apps doesnt tell which file contains the artifactory password I decompile the apk
did a search for the string and It didnt find it anywhere.

Add JSON format for output report

Hi there,

I like this tool and I would like to integrate it as a library. Would it may be possible to create a json file as output instead of a text file? I think JSON would it make easier to parse the results and use the tool in combination with other tools.

Thx & Have a great day

Tom

Version from PyPi is broken (File not found error)

The error:

ERROR - Incorrect arguments: File not found /usr/share/jadx/bin/APKPure_v3.17.51_apkpure.com.apk

Here's the diff between the apkleaks.py and what's shipped from PyPi.

1c1,4
< #!/usr/bin/env python3
---
> #!/usr/bin/python3
> # -*- coding: utf-8 -*-
> import re
> import sys
3d5
<
5c7,8
<     main()
---
>     sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
>     sys.exit(main())

Get rid of the banner

Having an 11 line banner show up whenever the program is instance is silly and annoying - if you must have a banner, make it only show up when there's an error or when --help has been provided.

This will help with making the output more greppable.

Additional key patterns

Some good pointers here:
https://github.com/streaak/keyhacks

dwisiswant0 / apkleaks Goto Github PK

apkleaks's Introduction

APKLeaks

Installation

from PyPi

from Source

from Docker

Dependencies

Usage

Options

Output

Pattern

Arguments (disassembler)

License

Acknowledments

apkleaks's People

Contributors

Stargazers

Watchers

Forkers

apkleaks's Issues

python2 apkleaks.py -h

└─# apkleaks -f ../com.example.client.apk _ ____ _ ___ _ / \ | _ | |/ / | ___ __ | | _____ / _ \ | |) | ' /| | / _ / ` | |/ / __| / ___ | /| . | || __/ (| | <__ // __| ||______|_,||____/ v2.5.0

v2.6.1

Recommend Projects

Recommend Topics

Recommend Org

└─# apkleaks -f ../com.example.client.apk
_ ____ _ ___ _
/ \ | _ | |/ / | _ | | _____
/ _ \ | |) | ' /| | / _ / ` | |/ / |
/ _ | /| . | || / (| | <
// | ||____|_,||____/
v2.5.0