Added tool Apkleaks (by @appknox) (#3052)

* Added tool Apkleaks * fix lint * updated changes * updated tool ID * Update techniques/android/MASTG-TECH-0022.md * Update tools/android/MASTG-TOOL-0125.md --------- Co-authored-by: Appknox <[email protected]> Co-authored-by: Carlos Holguera <[email protected]>
OWASP · Dec 8, 2024 · 24fc845 · 24fc845
1 parent bc93250
commit 24fc845
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/techniques/android/MASTG-TECH-0022.md b/techniques/android/MASTG-TECH-0022.md
@@ -5,7 +5,9 @@ platform: android
 
 Most of the apps you might encounter connect to remote endpoints. Even before you perform any dynamic analysis (e.g. traffic capture and analysis), you can obtain some initial inputs or entry points by enumerating the domains to which the application is supposed to communicate to.
 
-Typically these domains will be present as strings within the binary of the application. One way to achieve this is by using automated tools such as [APKEnum](https://github.com/shivsahni/APKEnum "APKEnum: A Python Utility For APK Enumeration") or @MASTG-TOOL-0035. Alternatively, you can _grep_ for the domain names by using regular expressions. For this you can target the app binary directly or reverse engineer it and target the disassembled or decompiled code. The latter option has a clear advantage: it can provide you with **context**, as you'll be able to see in which context each domain is being used (e.g. class and method).
+Typically, these domains will be present as strings within the binary of the application. One way to do this is to use automated tools such as @MASTG-TOOL-0125 or @MASTG-TOOL-0035.
+
+Alternatively, you can _grep_ for the domain names using regular expressions. To do this, you can target the app binary directly, or reverse engineer it and target the disassembled or decompiled code. The latter option has a clear advantage: it can provide you with **context**, as you'll be able to see in which context each domain is used (e.g. class and method).
 
 From here on you can use this information to derive more insights which might be of use later during your analysis, e.g. you could match the domains to the pinned certificates or the [Network Security Configuration](../../Document/0x05g-Testing-Network-Communication.md#android-network-security-configuration) file or perform further reconnaissance on domain names to know more about the target environment. When evaluating an application it is important to check the Network Security Configuration file, as often (less secure) debug configurations might be pushed into final release builds by mistake.
 

diff --git a/tools/android/MASTG-TOOL-0125.md b/tools/android/MASTG-TOOL-0125.md
@@ -0,0 +1,13 @@
+---
+title: Apkleaks
+platform: android
+source: https://github.com/dwisiswant0/apkleaks
+host:
+- windows
+- linux
+- macOS
+---
+
+[Apkleaks](https://github.com/dwisiswant0/apkleaks) is an open-source utility designed for static analysis of Android APK files, with a primary focus on identifying sensitive data such as API keys, URLs, AWS S3 buckets, and Firebase URLs. This tool automates the process of string analysis, facilitating the detection of hardcoded secrets and potential security vulnerabilities.
+
+It offers support for custom regular expression rules, enabling users to specify additional search criteria through a JSON configuration file [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json).