The project is a flask web app which allows doing basic static analysis on Android APK files from a browser.
Current features:
- Decompile apk files with JADX
- Zip decompiled files and download them
- Scan apk file or decompiled code with Yara
- View in browser specific files that matched a yara rule or download them
- Grep decompiled files for specific grep patterns
- Parse/detect permissions and services in manifest files
- Download manifest files
- Configure grep patterns and yara rules
The project runs on docker containers. Make sure you have docker and docker-compose installed:
Run docker compose to build the images and run the project:
docker-compose -f local.yml up
Or run it as daemon:
docker-compose -f local.yml up -d
Once the docker images are built and the containers are running, two things must be done:
- Compile yara rules:
docker-compose -f local.yml exec flask flask apksneeze compile
- Seed db (populate grep patterns):
docker-compose -f local.yml exec flask flask apksneeze seed
And that's it.
Now you can visit: http://localhost:5000
to use the app.
If you want to clear the DB (excluding string patterns) you can issue a GET request to path: /clear_all
You can modify code on the fly since the code volume is mounted on both the web app and the worker, plus the project is running in debug mode.
Here are some screenshot of running the tool against the injured android app developed by B3nac https://github.com/B3nac/InjuredAndroid. Many thanks to B3nac for this app!
Index page
Dashboard page
Report pages:
Viewing matched yara rules:
View code from file with matched a yara rule:
Yara rules configuration:
Grep patterns configuration:
The project uses 4 docker containers:
- Alpine python (web app)
- Alpine OpenJDK (worker)
- Redis
- Postgres
File hashes, apk file sizes, yara rule matches, and grep matches are all stored in a postgresql DB running on one of the docker containers. Also, decompiled files and uploaded apks are stored in the /storage
directory. The more you use this project, the more data you will accumulate. After that you can get creative with that data.
The worker currenly uses the same code that the flask app is using, perhaps reducing the code and depedencies will result in a lighter image.
Just in case: I do not recommend running this in production or on sensitive machines for obvious reasons (look at the code, it can easily be abused). Launch it on a lab/test machine, do analysis, close it.
Usage of APKSneeze Lab for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.