dwisiswant0 / apkleaks Goto Github PK
View Code? Open in Web Editor NEWScanning APK file for URIs, endpoints & secrets.
License: Apache License 2.0
Scanning APK file for URIs, endpoints & secrets.
License: Apache License 2.0
I just called python apkleaks.py -f app.apk -o app.txt
and got:
Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
←[0m
←[94m** Decompiling APK...
←[0mINFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 3
The app.txt
file is completly empty. What could be the problem?
OS: Windows 10
Python: 3.8.0
I saw some services here in Github that are based on entropy. I think you can add it, it is a good fit and a strong way to discover keys.
ps: I cannot work on this myself.
When i use --outpot, i get this error:
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\sezer\\Desktop\\folder'
When use just -f file.apk, i get this one:
ERROR - Error saving class: com.things.thing
jadx.core.utils.exceptions.JadxRuntimeException:
Can't create directory C:\Users\sezer\AppData\Local\Temp\apkleaks-woqqyysy\sources\com\exampleapk\module\ui\main\api\data\aux
______________________________________________________________________________________________
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\sezer\\AppData\\Local\\Temp\\apkleaks-3hmqctov.txt'
I tried use on admin mode too but still same.
Hi, i'm having this error while trying to run the script:
Traceback (most recent call last):
File "apkleaks.py", line 2, in
from apk_parse.apk import APK
ImportError: No module named apk_parse.apk
Where can i find this "apk_parse.apk" file ?
Thanks
Having an 11 line banner show up whenever the program is instance is silly and annoying - if you must have a banner, make it only show up when there's an error or when --help has been provided.
This will help with making the output more greppable.
pip install pyaxmlparser
I was trying out apkleaks on an app that I had created using Flutter. But when I ran the command apkleaks -f app-arm64-v8a-release.apk
, I got this error:
_ ____ _ ___ _
/ \ | _ \| |/ / | ___ __ _| | _____
/ _ \ | |_) | ' /| | / _ \/ _` | |/ / __|
/ ___ \| __/| . \| |__| __/ (_| | <\__ \
/_/ \_\_| |_|\_\_____\___|\__,_|_|\_\___/
v2.3.0
--
Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
Traceback (most recent call last):
File "C:\Python38\Scripts\apkleaks-script.py", line 11, in <module>
load_entry_point('apkleaks==2.3.0', 'console_scripts', 'apkleaks')()
File "c:\python38\lib\site-packages\apkleaks\cli.py", line 32, in main
init = APKLeaks(args)
File "c:\python38\lib\site-packages\apkleaks\apkleaks.py", line 29, in __init__
self.disarg = re.split(r"\s|=", args.args)
File "c:\python38\lib\re.py", line 231, in split
return _compile(pattern, flags).split(string, maxsplit)
TypeError: expected string or bytes-like object
I ran this command in the same directory where my apk file is present. I am unable to figure out why I am getting this error.
It's possible to make apkleaks save output of jadx , I tried using --output-dir-src and --output-dir-res with -a but apkleaks search only through -d dir and -d dir here is Temporary Dir so It's will be awesome if you make it not temporary dir so later we can use output of jadx
hello, everyone, i have this problem
building 'M2Crypto._m2crypto' extension
swigging SWIG/_m2crypto.i to SWIG/_m2crypto_wrap.c
C:\swigwin-3.0.12\swig.exe -python -Ic:\python27\include -Ic:\python27\PC -I/usr/include/openssl -includeall -modern -builtin -outdir c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\M2Crypto -o SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i
SWIG_m2crypto.i(62) : Error: Unable to find 'openssl\opensslv.h'
SWIG_m2crypto.i(68) : Error: Unable to find 'openssl\safestack.h'
SWIG_evp.i(12) : Error: Unable to find 'openssl\opensslconf.h'
SWIG_rc4.i(5) : Error: Unable to find 'openssl\opensslconf.h'
SWIG_ec.i(7) : Error: Unable to find 'openssl\opensslconf.h'
error: command 'C:\swigwin-3.0.12\swig.exe' failed with exit status 1
----------------------------------------
Command "c:\python27\python.exe -u -c "import setuptools, tokenize;file='c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record c:\users\public\documents\wondershare\creatortemp\pip-j9duqt-record\install-record.txt --single-version-externally-managed --compile" failed with error code 1 in c:\users\public\documents\wondershare\creatortemp\pip-build-n3nlsa\m2crypto\
however I have wig and openssl installed correctly
C:>openssl
OpenSSL>
please help me
Hi
is there a way to add more verbosity to the can of an apk.
for example the scan will tell me i found xyz but it doesnt tell me in which file and it would be benefitials to inspect the file to figure out what else might be hidding in there.
For example:
[Google_API_Key]
Thanks
ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
dwisiswant0/apkleaks:latest
is 2.6.0, not the latest version
I do not think I can PR this,
If possible please update the docker file to run from 2.6.1 ❤️
It always saves results to a file which makes it difficult to grep against and goes against the UX for virtually all *ix interfaces. The logic is sort of turned about - you should output to stdout unless a filename is supplied (using a --output option).
Some good pointers here:
https://github.com/streaak/keyhacks
Version 2 introduces a new APK signing mechanism, starting in Android 7.0 (Nougat). Since that version, the Android application package's format has changed, and now differs slightly from a normal ZIP file.
The modification consists in adding a special block in the ZIP file, called the APK Signing Block.
resulting in
File is not a zip file
** Done with nothing. ¯_(ツ)_/¯
The error:
ERROR - Incorrect arguments: File not found /usr/share/jadx/bin/APKPure_v3.17.51_apkpure.com.apk
Here's the diff
between the apkleaks.py and what's shipped from PyPi.
1c1,4
< #!/usr/bin/env python3
---
> #!/usr/bin/python3
> # -*- coding: utf-8 -*-
> import re
> import sys
3d5
<
5c7,8
< main()
---
> sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
> sys.exit(main())
Getting following Error first
Traceback (most recent call last):
File "apkleaks.py", line 2, in <module>
from apkleaks.apkleaks import APKLeaks
File "/mnt/f/InfoSec/Tools/apkleaks/apkleaks/apkleaks.py", line 2, in <module>
from apkleaks.colors import clr
ImportError: No module named colors
I ran apkleaks with this command:
sudo python3 apkleaks.py -f ../myapp.apk
but I got this error:
`
** Decompiling APK...
ERROR - Incorrect arguments: File not found /usr/share/jadx/bin/../myapp.apk
** Scanning against 'com.flightio.app'
** Done with nothing. ¯_(ツ)_/¯
Traceback (most recent call last):
File "/home/majidmc2/Desktop/apkleaks/apkleaks.py", line 5, in
main()
File "/home/majidmc2/Desktop/apkleaks/apkleaks/cli.py", line 36, in main
init.scanning()
File "/home/majidmc2/Desktop/apkleaks/apkleaks/apkleaks.py", line 124, in scanning
regex = json.load(regexes)
File "/usr/lib/python3.9/json/init.py", line 293, in load
return loads(fp.read(),
File "/usr/lib/python3.9/json/init.py", line 346, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.9/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 62 column 1 (char 4619)
`
I used the following command,
python apkleaks.py -f testapp.apk
but it gives error :
←[0m
←[94m** Decompiling APK...
←[0mThe filename, directory name, or volume label syntax is incorrect.** Scanning against 'instagram.photo.video.downloader.repost.insta'
** Done with nothing. ¯_(ツ)_/¯
when i use -p argement and specify pattern file it throws this error :
Traceback (most recent call last):
File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks.py", line 5, in <module>
main()
File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\cli.py", line 36, in main
init.scanning()
File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\apkleaks.py", line 135, in scanning
thread = threading.Thread(target = self.extract, args = (name, util.finder(pattern, self.tempdir)))
File "C:\Users\PenTest\Desktop\tools\apkleaks-master\apkleaks\utils.py", line 18, in finder
matcher = re.compile(pattern)
File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\re.py", line 252, in compile
return _compile(pattern, flags)
File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\re.py", line 304, in _compile
p = sre_compile.compile(pattern, flags)
File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 948, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 443, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 805, in _parse
flags = _parse_flags(source, state, char)
File "C:\Users\PenTest\AppData\Local\Programs\Python\Python39\lib\sre_parse.py", line 913, in _parse_flags
raise source.error(msg, len(char))
re.error: missing : at position 21
pattern file i used :
{
"Amazon_AWS_Access_Key_ID": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}",
"Amazon_AWS_S3_Bucket": [
"//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+",
"//s3\\.amazonaws\\.com/[a-z0-9._-]+",
"[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com",
"[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)",
"[a-z0-9.-]+\\.s3\\.amazonaws\\.com",
"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
],
"AWS Client ID": "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}",
"AWS Secret Key": "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z/+]{40}['\"]",
"Google Drive API Key": "AIza[0-9A-Za-z\\-_]{35}",
"Google Drive Oauth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
"Gmail API key": "AIza[0-9A-Za-z\\-_]{35}",
"Gmail Oauth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
"Google Oauth Access Token": "ya29\\.[0-9A-Za-z\\-_]+",
"Youtube API key": "AIza[0-9A-Za-z\\-_]{35}",
"LinkedIn Secret Key": "(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]",
"Stripe API Key": "(?:r|s)k_live_[0-9a-zA-Z]{24}",
"Vault Token": "[sb]\\.[a-zA-Z0-9]{24}",
"Artifactory_API_Token": "(?:\\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}",
"Artifactory_Password": "(?:\\s|=|:|\"|^)AP[\\dABCDEF][a-zA-Z0-9]{8,}",
"Authorization_Basic": "basic\\s[a-zA-Z0-9_\\-:\\.=]+",
"Authorization_Bearer": "bearer\\s[a-zA-Z0-9_\\-:\\.=]+",
"AWS_API_Key": "AKIA[0-9A-Z]{16}",
"Basic_Auth_Credentials": "(?<=:\/\/)[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+",
"Cloudinary_Basic_Auth": "cloudinary:\/\/[0-9]{15}:[0-9A-Za-z]+@[a-z]+",
"DEFCON_CTF_Flag": "O{3}\\{.*\\}",
"Discord_BOT_Token": "((?:N|M|O)[a-zA-Z0-9]{23}\\.[a-zA-Z0-9-_]{6}\\.[a-zA-Z0-9-_]{27})$",
"Facebook_Access_Token": "EAACEdEose0cBA[0-9A-Za-z]+",
"Facebook_ClientID": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K](.{0,20})?['\"][0-9]{13,17}",
"Facebook_OAuth": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]",
"Facebook_Secret_Key": "([f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K]|[f|F][b|B])(.{0,20})?['\"][0-9a-f]{32}",
"Firebase": "[a-z0-9.-]+\\.firebaseio\\.com",
"Generic_API_Key": "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
"Generic_Secret": "[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
"GitHub": "[g|G][i|I][t|T][h|H][u|U][b|B].*['|\"][0-9a-zA-Z]{35,40}['|\"]",
"GitHub_Access_Token": "([a-zA-Z0-9_-]*:[a-zA-Z0-9_-][email protected]*)$",
"Google_API_Key": "AIza[0-9A-Za-z\\-_]{35}",
"Google_Cloud_Platform_OAuth": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
"Google_Cloud_Platform_Service_Account": "\"type\": \"service_account\"",
"Google_OAuth_Access_Token": "ya29\\.[0-9A-Za-z\\-_]+",
"HackerOne_CTF_Flag": "[h|H]1(?:[c|C][t|T][f|F])?\\{.*\\}",
"HackTheBox_CTF_Flag": "[h|H](?:[a|A][c|C][k|K][t|T][h|H][e|E][b|B][o|O][x|X]|[t|T][b|B])\\{.*\\}$",
"Heroku_API_Key": "[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
"IP_Address": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])",
"JSON_Web_Token": "(?i)^((?=.*[a-z])(?=.*[0-9])(?:[a-z0-9_=]+\\.){2}(?:[a-z0-9_\\-\\+\/=]*))$",
"LinkFinder": "(?:\"|')(((?:[a-zA-Z]{1,10}:\/\/|\/\/)[^\"'\/]{1,}\\.[a-zA-Z]{2,}[^\"']{0,})|((?:\/|\\.\\.\/|\\.\/)[^\"'><,;| *()(%%$^\/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{1,}\\.(?:[a-zA-Z]{1,4}|action)(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{3,}(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-]{1,}\\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\\?|#][^\"|']{0,}|)))(?:\"|')",
"Mac_Address": "(([0-9A-Fa-f]{2}[:]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{2}[-]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{4}[\\.]){2}[0-9A-Fa-f]{4})$",
"MailChimp_API_Key": "[0-9a-f]{32}-us[0-9]{1,2}",
"Mailgun_API_Key": "key-[0-9a-zA-Z]{32}",
"Mailto": "(?<=mailto:)[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9.-]+",
"Password_in_URL": "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
"PayPal_Braintree_Access_Token": "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}",
"PGP_private_key_block": "-----BEGIN PGP PRIVATE KEY BLOCK-----",
"Picatic_API_Key": "sk_live_[0-9a-z]{32}",
"RSA_Private_Key": "-----BEGIN RSA PRIVATE KEY-----",
"Slack_Token": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
"Slack_Webhook": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
"Square_Access_Token": "sq0atp-[0-9A-Za-z\\-_]{22}",
"Square_OAuth_Secret": "sq0csp-[0-9A-Za-z\\-_]{43}",
"SSH_DSA_Private_Key": "-----BEGIN DSA PRIVATE KEY-----",
"SSH_EC_Private_Key": "-----BEGIN EC PRIVATE KEY-----",
"Stripe_API_Key": "sk_live_[0-9a-zA-Z]{24}",
"Stripe_Restricted_API_Key": "rk_live_[0-9a-zA-Z]{24}",
"TryHackMe_CTF_Flag": "[t|T](?:[r|R][y|Y][h|H][a|A][c|C][k|K][m|M][e|E]|[h|H][m|M])\\{.*\\}$",
"Twilio_API_Key": "SK[0-9a-fA-F]{32}",
"Twitter_Access_Token": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}",
"Twitter_ClientID": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{18,25}",
"Twitter_OAuth": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*['|\"][0-9a-zA-Z]{35,44}['|\"]",
"Twitter_Secret_Key": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{35,44}"
}
Thnak you for your tool.
Can you add the possibilty to specify apktool or jadx ?
Can you add possibilty to run only scan on a given folder contains files extracted from apk ?
Thanks
Issue exists on Apkleaks v2.6.1, running on Windows 10, with python 3.9.0.
This is probably because of the space in name of the Program Files
folder. The error message appears after ** Decompiling APK...
Either user want to use jadx
or apktool
.
It just gets the first line of a private key
[RSA_Private_Key]
can you provide a PoC for Artifactory_Password or how can i exploit it , thanks.
I've been trying to install APKLeaks but having some run time installation error while installing the requirement.text
. It seems there's some error with numpy cause it's failing to build and clean wheel again and again.
I even tried updating numpy to the latest version and re-installing too but there's no success. Please find the entire error here: https://ghostbin.co/paste/ojqknqs/raw
not able to find sensitive data that is comment out in apk.
ModuleNotFoundError: No module named 'pyaxmlparser'
The code reveals that ApkLeaks only decompiles classes.dex
, omitting any other DEX files: https://github.com/dwisiswant0/apkleaks/blob/master/apkleaks/apkleaks.py#L92
Since jadx
is able to decompile an entire APK file, I suggest to pass the following arguments to jadx
:
args = [self.jadx, self.file, "-d", self.tempdir, "--deobf"]
After issue #37 was fixed, I cloned the repo and tried testing it again.
Here's the command I entered: python .\apkleaks.py -f <path-to-apk>\app-armeabi-v7a-release.apk
Here's the output:
_ ____ _ ___ _
/ \ | _ \| |/ / | ___ __ _| | _____
/ _ \ | |_) | ' /| | / _ \/ _` | |/ / __|
/ ___ \| __/| . \| |__| __/ (_| | <\__ \
/_/ \_\_| |_|\_\_____\___|\__,_|_|\_\___/
v2.3.0
--
Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
** Decompiling APK...
The filename, directory name, or volume label syntax is incorrect.
** Scanning against 'com.<package-name>'
Traceback (most recent call last):
File ".\apkleaks.py", line 5, in <module>
main()
File "C:\Users\username\Documents\apkleaks\apkleaks\cli.py", line 38, in main
init.cleanup()
File "C:\Users\username\Documents\apkleaks\apkleaks\apkleaks.py", line 144, in cleanup
os.remove(self.output)
PermissionError: [WinError 32] The process cannot access the file because it is being used by another process: 'C:\\Users\\username\\AppData\\Local\\Temp\\apkleaks-fimv9xye.txt'
Hello, I want to share some regex 😃
FCM Key:
AAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140}
Square app id/secret and auth token:
sq0[a-z]{3}-[0-9A-Za-z\-_]{22,43}
EAAA[a-zA-Z0-9]{60}
Microsoft azure tenant:
CLIENT_ID: [0-9a-z\-]{36}
CLIENT_SECRET: [0-9A-Za-z\+\=]{40,50}
TENANT_ID: [0-9a-z\-]{36}
Google Recaptcha key:
^6[0-9a-zA-Z_-]{39}$
Hi :
when i operate this command: python apkleaks.py -f test.apk -o test.log
return this error:
_ ____ _ ___ _
/ \ | _ \| |/ / | ___ __ _| | _____
/ _ \ | |_) | ' /| | / _ \/ _` | |/ / __|
/ ___ \| __/| . \| |__| __/ (_| | <\__ \
/_/ \_\_| |_|\_\_____\___|\__,_|_|\_\___/
v2.0.3
--
Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
Can't find jadx binary.
Do you want to download jadx? (Y/n) Y
** Downloading jadx...
Traceback (most recent call last):
File "/usr/local/lib/python3.7/urllib/request.py", line 1317, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "/usr/local/lib/python3.7/http/client.py", line 1229, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.7/http/client.py", line 1275, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.7/http/client.py", line 1224, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.7/http/client.py", line 1016, in _send_output
self.send(msg)
File "/usr/local/lib/python3.7/http/client.py", line 956, in send
self.connect()
File "/usr/local/lib/python3.7/http/client.py", line 1392, in connect
server_hostname=server_hostname)
File "/usr/local/lib/python3.7/ssl.py", line 412, in wrap_socket
session=session
File "/usr/local/lib/python3.7/ssl.py", line 853, in _create
self.do_handshake()
File "/usr/local/lib/python3.7/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "apkleaks.py", line 24, in <module>
apk = init.integrity()
File "/botoo/testAPK/apkleaks-master/apkleaks/apkleaks.py", line 66, in integrity
self.dependencies()
File "/botoo/testAPK/apkleaks-master/apkleaks/apkleaks.py", line 37, in dependencies
with closing(urlopen(exter)) as jadx:
File "/usr/local/lib/python3.7/urllib/request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "/usr/local/lib/python3.7/urllib/request.py", line 525, in open
response = self._open(req, data)
File "/usr/local/lib/python3.7/urllib/request.py", line 543, in _open
'_open', req)
File "/usr/local/lib/python3.7/urllib/request.py", line 503, in _call_chain
result = func(*args)
File "/usr/local/lib/python3.7/urllib/request.py", line 1360, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/local/lib/python3.7/urllib/request.py", line 1319, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 104] Connection reset by peer>
How can I solve this error?
thank you!
Hi there,
I like this tool and I would like to integrate it as a library. Would it may be possible to create a json file as output instead of a text file? I think JSON would it make easier to parse the results and use the tool in combination with other tools.
Thx & Have a great day
Tom
Any chance of packaging this into a PIP module?
i am running my kali linux on wsl i am getting this type of error
Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
Can't find jadx binary.
Do you want to download jadx? (Y/n) y
** Downloading jadx...
** Decompiling APK...
INFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 17
** Scanning against 'com.example.client'
** Done with nothing. ¯_(ツ)_/¯
Traceback (most recent call last):
File "/usr/local/bin/apkleaks", line 33, in
sys.exit(load_entry_point('apkleaks==2.5.0', 'console_scripts', 'apkleaks')())
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/cli.py", line 36, in main
init.scanning()
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/apkleaks.py", line 132, in scanning
thread = threading.Thread(target = self.extract, args = (name, util.finder(pattern, self.tempdir)))
File "/usr/local/lib/python3.9/dist-packages/apkleaks-2.5.0-py3.9.egg/apkleaks/utils.py", line 18, in finder
matcher = re.compile(pattern)
File "/usr/lib/python3.9/re.py", line 252, in compile
return _compile(pattern, flags)
File "/usr/lib/python3.9/re.py", line 304, in _compile
p = sre_compile.compile(pattern, flags)
File "/usr/lib/python3.9/sre_compile.py", line 764, in compile
p = sre_parse.parse(p, flags)
File "/usr/lib/python3.9/sre_parse.py", line 948, in parse
p = _parse_sub(source, state, flags & SRE_FLAG_VERBOSE, 0)
File "/usr/lib/python3.9/sre_parse.py", line 443, in _parse_sub
itemsappend(_parse(source, state, verbose, nested + 1,
File "/usr/lib/python3.9/sre_parse.py", line 805, in _parse
flags = _parse_flags(source, state, char)
File "/usr/lib/python3.9/sre_parse.py", line 913, in _parse_flags
raise source.error(msg, len(char))
re.error: missing : at position 31
👋 it looks like there is no source tarball for pypi for the latest release, do you mind publishing one over there (it would help homebrew to parsing out the dependencies). Thanks!
relates to Homebrew/homebrew-core#153406
When i run: python apkleaks.py -f a.apk
An error occurred:
Traceback (most recent call last):
File "apkleaks.py", line 2, in <module>
from apkleaks.apkleaks import apkleaks
File "/git/apkleaks/apkleaks/apkleaks.py", line 2, in <module>
from apk_parse.apk import APK
ImportError: No module named apk_parse.apk
Scanning APK file for URIs, endpoints & secrets
(c) 2020-2021, dwisiswant0
�[0m
�[94m** Decompiling APK...
�[0mINFO - loading ...
INFO - processing ...
ERROR - finished with errors, count: 146
"LinkFinder": "(?:"|')(((?:[a-zA-Z]{1,10}://|//)[^\"'\/]{1,}\.[a-zA-Z]{2,}[^\"']{0,})|((?:/|\.\./|\./)[^\"'><,;| *()(%%$^\/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\?|#][^\"|']{0,}|)))(?:"|')"
I want to use this expression, but can I just match HTTP and HTTPS?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.