Inspiration :
- google-play-scraper : A wonderful tool to get information from Play Store
- Raccoon4 : A perfect tool (as I can find) to crawl apks from Play Store.
This is a tool help you :
- Scan app information from Play Store
- Download APK from Play Store use package-ID
- Download APK from APK Pure, use package-ID or keyword
- Install multiple apk to android phone
- Scan securities risks from your application :
- Application can be re signed by another key
- Application can be leak sensitive string
- Check application can be resign by another key.
- Check protection of Application : Obfuscate, Shield (Promon, Proguard…) (use APKID)
- Application can be bypass SSL-Pinning (WIP)
- Application risks when run on un-protected environment(WIP)
- Send message to discord server in case version app change
Prerequisite :
- Before using this tool, make sure you have installed
apktool
. You can download and install it from the official website - Install Java
- Install Raccoon4, please authenticate with app-password.
- Firefox browser to be installed in order to run crawler in apkpure.
- This tool current run on MacOS only
- Installation :
cd Android-App-Analyzer && npm install
- Features :
-
Search:
-
See all options
npm run start -- -h
- Result
Options: --version Show version number [boolean] -p, --packageId Specify package id of app [string] -k, --keyword Specify name of app or keyword of app [string] --category, --col Specify category of app [string] --collection Specify collection of app [string] --categories, --cs List all categories [boolean] --collections, --cols List all collection of app on play store [boolean] -d, --download Download apk [boolean] --resign, --rs Check apk can be re-sign or not [boolean] -h, --help Show help [boolean]
-
Search application by keyword or name
npm run start -- -k ${keyword}
-
List all package id of specific category:
- Result
npm run start -- --category BUSINESS ✔ Zoom - One Platform to Connect : us.zoom.videomeetings ✔ Microsoft Authenticator : com.azure.authenticator ✔ Microsoft Teams : com.microsoft.teams ✔ Indeed Job Search : com.indeed.android.jobsearch ✔ Uber - Driver: Drive & Deliver : com.ubercab.driver ✔ Google Chat : com.google.android.apps.dynamite ✔ DoorDash - Dasher : com.doordash.driverapp
-
Search application by package id :
npm run start -- -p ${packageId}
-
List all categories of Play Store
npm run start -- --cs
-
-
Download from Play Store
-
Download use keyword:
npm run start -- --k ${keyword} -d
-
NOTE THAT THIS COMMAND WILL DOWNLOAD ALL PACKAGE CONTAIN KEYWORD
-
Download use package-id :
npm run start -- --p ${package-id} -d
-
-
Securities Risks :
- Re-sign package by another keystore.
npm run start -- --packageId "${packageId}" --rs true
✔ Get package com.bcy.fsapp success from path : base,split_config.arm64_v8a,split_config.en,split_config.vi,split_config.xxhdpi ✔ Pulled package from /data/app/com.bcy.fsapp-KxANmk3tdW53rE-E4Y0uZQ==/base.apk to com.bcy.fsapp/base ✔ Pulled package from /data/app/com.bcy.fsapp-KxANmk3tdW53rE-E4Y0uZQ==/split_config.arm64_v8a.apk to com.bcy.fsapp/split_config.arm64_v8a ✔ Pulled package from /data/app/com.bcy.fsapp-KxANmk3tdW53rE-E4Y0uZQ==/split_config.en.apk to com.bcy.fsapp/split_config.en ✔ Pulled package from /data/app/com.bcy.fsapp-KxANmk3tdW53rE-E4Y0uZQ==/split_config.vi.apk to com.bcy.fsapp/split_config.vi ✔ Pulled package from /data/app/com.bcy.fsapp-KxANmk3tdW53rE-E4Y0uZQ==/split_config.xxhdpi.apk to com.bcy.fsapp/split_config.xxhdpi ⠋ Decompiling apk in folder : com.bcy.fsapp/base/base.apk DONE ! ✔ Decompiled in folder com.bcy.fsapp/base/source ✔ Build application completed in folder : com.bcy.fsapp/base/source ✔ Signed APK : com.bcy.fsapp/base/source/dist/base.ap
-
Analyze application :
npm run start -- --packageId -d
App Info : { title: 'MoMo: Chuyển tiền & Thanh toán', appId: 'com.mservice.momotransfer', framework: 'React Native', gameEngine: 'Cocos', shield: '[*] /Users/Thien/Android-App-Analyzer/apks/com.mservice.momotransfer/config.arm64_v8a-40230.apk!lib/arm64-v8a/libvosWrapperEx.so\n' + ' |-> anti_vm : possible VM check\n' + ' |-> protector : Vkey (V-OS App Protection)\n', recentChanges: '- Cập nhật ngay phiên bản mới của MoMo để có trải nghiệm thanh toán an toàn, tiện lợi và hiện đại nhất.', version: '4.0.23', androidVersion: '6.0', developer: 'M_SERVICE JSC' }