(        )             (       ) 
   (     )\ )  ( /(             )\ ) ( /( 
   )\   (()/(  )\())(   (    ( (()/( )\())
((((_)(  /(_))((_)\ )\  )\   )\ /(_)|(_)\ 
 )\ _ )\(_)) |_ ((_|(_)((_) ((_|_))  _((_)
 (_)_\(_) _ \| |/ /\ \ / / | | | |  | \| |
  / _ \ |  _/  ' <  \ V /| |_| | |__| .` |
 /_/ \_\|_|   _|\_\  \_/  \___/|____|_|\_|

With ApkVuln you will obtain the .java files of an APK and they will be analyzed in search of possible vulnerabilities in the code, for it will make use of regular expressions.

Note: The accuracy of the results will depend on the regular expressions. They are customizable.

To run this app you need to install Python 3.6+ and apkx.

For full operation, check signature version and AndroidManifest you need to install: apksigner and aapt

Adding a module with our own regular expressions is very easy, just create a .py file in regex, create our class that inherits from Template, for example:

from regex._template import Template

class Regex(Template):

    def __init__(self):
        pattern_list = [r"exprexion1", r"expresion1000"]
        file_type = ["xml", "html", "js", "java", "json"] # specifies the type of files to be applied
        desc = "This is the vulnerability description"
        super(Regex, self).__init__(pattern_list, "Vulnerability Test", file_type, desc)

Here is an example of the tool analyzing the vulnerable Diva apk

• Josue Encinar (@JosueEncinar)

The software has been developed to check an apk in order to improve its security. The author is not responsible for any illegitimate use.