Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added tool Apkleaks (by @appknox) #3052

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Conversation

jeel38
Copy link
Collaborator

@jeel38 jeel38 commented Nov 7, 2024

Closes #2818

Copy link
Collaborator

@TheDauntless TheDauntless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this submission! Just a few small suggestions :)

---
title: Apkleaks
platform: android
source: https://github.com/dwisiswant0/apkleaks
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
source: https://github.com/dwisiswant0/apkleaks
source: https://github.com/dwisiswant0/apkleaks
host:
- windows
- linux
- macOS


Apkleaks [https://github.com/dwisiswant0/apkleaks] is an open-source utility designed for static analysis of Android APK files, with a primary focus on identifying sensitive data such as API keys, URLs, AWS S3 buckets, and Firebase URLs. This tool automates the process of string analysis, facilitating the detection of hardcoded secrets and potential security vulnerabilities within Android applications.

It offers support for custom regular expression rules, enabling users to specify additional search criteria through a JSON configuration file [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json). This adaptability allows for a customized analysis, thereby increasing its effectiveness in various security testing contexts. The tool integrates smoothly into testing workflows and provides clear, actionable insights to support efficient vulnerability management.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
It offers support for custom regular expression rules, enabling users to specify additional search criteria through a JSON configuration file [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json). This adaptability allows for a customized analysis, thereby increasing its effectiveness in various security testing contexts. The tool integrates smoothly into testing workflows and provides clear, actionable insights to support efficient vulnerability management.
It offers support for custom regular expression rules, enabling users to specify additional search criteria through a JSON configuration file [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json).

Adjectives like "smoothly/clear/actionable/efficient" are very subjective/sales-y. I've removed the second sentence as it doesn't add any value.


Apkleaks [https://github.com/dwisiswant0/apkleaks] is an open-source utility designed for static analysis of Android APK files, with a primary focus on identifying sensitive data such as API keys, URLs, AWS S3 buckets, and Firebase URLs. This tool automates the process of string analysis, facilitating the detection of hardcoded secrets and potential security vulnerabilities within Android applications.

It offers support for custom regular expression rules, enabling users to specify additional search criteria through a JSON configuration file [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json). This adaptability allows for a customized analysis, thereby increasing its effectiveness in various security testing contexts. The tool integrates smoothly into testing workflows and provides clear, actionable insights to support efficient vulnerability management.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
It offers support for custom regular expression rules, enabling users to specify additional search criteria through a JSON configuration file [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json). This adaptability allows for a customized analysis, thereby increasing its effectiveness in various security testing contexts. The tool integrates smoothly into testing workflows and provides clear, actionable insights to support efficient vulnerability management.
It offers support for custom regular expression rules, enabling users to specify additional search criteria through a JSON configuration file [regexes.json](https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json).

Adjectives like "smoothly/clear/actionable/efficient" are very subjective/sales-y. I've removed the second sentence as it doesn't add any value.

@jeel38
Copy link
Collaborator Author

jeel38 commented Nov 20, 2024

@TheDauntless made the requested changes. Please review it

@cpholguera
Copy link
Collaborator

The next tool ID available is 0125 @TheDauntless

@jeel38
Copy link
Collaborator Author

jeel38 commented Nov 21, 2024

@cpholguera I updated the file ID

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[TOOL] Add APKleaks & Deprecate APKEnum
3 participants