apkz-tool
v1.0.1
Published
Modern APK analysis and modification tool with beautiful console output
Maintainers
kakuzu_aonReadme
APKZ - Advanced APK Reverse Engineering & Security Analysis Platform
Professional-grade APK analysis tool for security researchers and developers
(https://owasp.org/Top10/)
[
())
Created by Kakuzu • Discord: kakuzu_aon • Telegram: kakuzu_aon
🏆 Why APKZ?
APKZ is a comprehensive APK analysis platform that outperforms traditional tools like apktool with modern features, professional security scanning, and beautiful user interfaces. It's designed for security researchers, malware analysts, and professional developers who need powerful APK analysis capabilities.
� Core Features
🔍 Security Analysis
- OWASP Top 10 Compliance - Automated vulnerability assessment
- CVSS Scoring - Professional risk evaluation with severity ratings
- Vulnerability Database - Extensive vulnerability patterns and signatures
- Security Recommendations - Actionable security improvement suggestions
- Compliance Reporting - Generate compliance reports for audits
🔧 Advanced Modification
- Interactive APK Editor - Real-time APK modification with preview
- String Replacement - Bulk string replacement in smali files
- Permission Management - Add, remove, or bypass permissions
- Package Refactoring - Change package names with automatic updates
- Icon Replacement - Replace app icons with automatic size generation
- Manifest Editing - Direct AndroidManifest.xml modification
🌐 Modern Interfaces
- Web Dashboard - Beautiful web interface with real-time updates
- Batch Processing - Process hundreds of APKs simultaneously
- Real-time Monitoring - Watch directories for automatic analysis
- RESTful API - Complete API for integration with other tools
- WebSocket Updates - Real-time progress tracking and notifications
📊 Deep Analysis
- Obfuscation Detection - Analyze code protection and anti-tampering
- Network Analysis - Extract URLs, endpoints, and API keys
- Resource Analysis - Comprehensive resource file analysis
- Signature Extraction - Extract code signatures and metadata
- String Analysis - Categorized string extraction and analysis
📦 Installation
Global Installation
npm install -g apkzLocal Development
git clone https://github.com/kakuzu-aon/apkz
cd apkz
npm install
npm linkRequirements
- Node.js 16.0.0 or higher
- Java 8+ (for some operations)
- ADB (for device installation)
- 7-Zip (for archive operations)
🎯 Quick Start
Basic APK Analysis
# Show comprehensive APK information
apkz info app.apk
# Deep analysis with security scanning
apkz analyze app.apk --deep --vulnerability
# Extract APK with advanced features
apkz extract app.apk --analyze --vulnerability --network --stringsSecurity Assessment
# Comprehensive vulnerability scan
apkz vuln-scan app.apk --obfuscation --severity medium
# Generate security report
apkz vuln-scan app.apk --format html -o security_report.html
# Batch security assessment
apkz batch ./apk_files --vulnerability --obfuscation --parallel 8APK Modification
# Interactive modification mode
apkz modify-enhanced app.apk
# Quick string replacement
apkz modify-enhanced app.apk --decode-dir ./decoded
# Advanced modification with analysis
apkz modify-enhanced app.apk --decode-dir ./decoded --analyzeAdvanced Operations
# Advanced decompilation
apkz decompile app.apk --level advanced --deobfuscate --analyze-strings
# Real-time monitoring
apkz monitor ./apk_directory --auto-analyze --vulnerability
# Web interface
apkz web --port 3000📋 Command Reference
Core Commands
| Command | Description | Options |
|---------|-------------|---------|
| info <apk> | Show detailed APK information | --json, --summary |
| decode <apk> | Decode APK resources | -o <dir>, --resources, --dex, --native |
| build <dir> | Rebuild APK from decoded directory | -o <file>, --sign |
| analyze <apk> | Perform deep analysis | --deep, --vulnerability, --network |
| modify <apk> | Interactive modification | --decode-dir, --backup |
| sign <apk> | Sign APK with keystore | --keystore, --alias, --debug |
| install <apk> | Install on device | --device, --replace |
| diff <apk1> <apk2> | Compare two APKs | --format, --summary |
Advanced Commands
| Command | Description | Options |
|---------|-------------|---------|
| vuln-scan <apk> | Security vulnerability scan | --obfuscation, --severity, --format, --deep |
| batch <dir> | Batch processing | --vulnerability, --parallel, --recursive, --format |
| web | Web interface | --port, --host, --no-open |
| extract <apk> | Advanced extraction | --analyze, --vulnerability, --network, --strings, --signatures |
| decompile <apk> | Advanced decompilation | --level, --deobfuscate, --analyze-strings, --optimize |
| monitor <dir> | Real-time monitoring | --auto-analyze, --vulnerability, --webhook |
Enhanced Commands
| Command | Description | Options |
|---------|-------------|---------|
| modify-enhanced <apk> | Enhanced modification | --decode-dir, --quick, --analyze |
🔍 Security Analysis
Vulnerability Scanning
APKZ includes comprehensive vulnerability scanning based on OWASP Top 10 and Mobile Top 10:
High Severity
- Hardcoded Secrets - API keys, passwords, tokens
- Weak Cryptography - Insecure encryption algorithms
- Insecure Communication - HTTP URLs, unencrypted data
- SQL Injection - Vulnerable database queries
- Debug Mode - Debug information in release builds
Medium Severity
- Overprivileged Permissions - Excessive permission requests
- Weak Hashing - MD5, SHA1, outdated algorithms
- Hardcoded Endpoints - API URLs in application code
- Insecure Storage - Unprotected sensitive data
- Outdated Libraries - Libraries with known vulnerabilities
Low Severity
- Information Disclosure - Sensitive data in error messages
- Missing Obfuscation - Code not protected against reverse engineering
- Weak Permissions - Components not properly protected
- Logging Issues - Sensitive data in application logs
Risk Assessment
- CVSS Scoring - Professional severity ratings
- Risk Levels - Critical, High, Medium, Low
- Compliance Mapping - OWASP Top 10 and Mobile Top 10
- Recommendations - Actionable security improvements
🔧 Modification Capabilities
String Manipulation
# Replace specific strings
apkz modify-enhanced app.apk --decode-dir ./decoded
# Batch string replacement
apkz modify-enhanced app.apk --decode-dir ./decoded --quick
# Regex pattern replacement
apkz modify-enhanced app.apk --decode-dir ./decoded --analyzePermission Management
- Add Permission Bypasses - Automatically bypass permission checks
- Remove Permission Checks - Remove security restrictions
- Permission Analysis - Analyze permission usage patterns
Package Refactoring
- Package Name Change - Update all references automatically
- Class Name Updates - Comprehensive refactoring
- Resource Updates - Update resource references
Icon Management
- Icon Replacement - Replace with automatic size generation
- Adaptive Icons - Support for modern adaptive icons
- Icon Extraction - Extract existing app icons
- Icon Validation - Verify icon format and size
🌐 Web Interface
Features
- Drag & Drop Upload - Intuitive file upload interface
- Real-time Progress - Live job progress tracking
- Interactive Dashboard - Beautiful analysis dashboard
- Results Download - Download reports in multiple formats
- WebSocket Updates - Real-time notifications
- Job Management - Track multiple analysis jobs
API Endpoints
# Upload APK
POST /api/upload
# Start Analysis
POST /api/analyze
{
"filepath": "/path/to/apk",
"options": {
"vulnerability": true,
"obfuscation": true,
"network": true
}
}
# Get Results
GET /api/results/:jobId
# List Jobs
GET /api/jobs
# Download Report
GET /api/download/:jobId/:format📊 Batch Processing
Batch Analysis
# Process entire directory
apkz batch ./apk_files --vulnerability --obfuscation --parallel 8
# Filter specific files
apkz batch ./apk_files --filter "*.apk" --vulnerability
# Generate summary report
apkz batch ./apk_files --vulnerability --format htmlParallel Processing
- Multi-threaded Analysis - Process multiple APKs simultaneously
- Progress Tracking - Real-time progress for each job
- Resource Management - Optimized CPU and memory usage
- Error Handling - Robust error handling for batch operations
� Real-time Monitoring
Directory Monitoring
# Monitor directory for new APKs
apkz monitor ./apk_directory --auto-analyze --vulnerability
# Recursive monitoring
apkz monitor ./apk_directory --recursive --auto-analyze
# Webhook notifications
apkz monitor ./apk_directory --webhook https://hooks.slack.com/your-webhookEvent Handling
- File Addition - Automatic analysis of new APKs
- File Modification - Re-analyze modified APKs
- File Removal - Track deleted files
- Progress Updates - Real-time progress notifications
📈 Reports & Export
Report Formats
- JSON - Machine-readable data format
- HTML - Beautiful interactive reports
- CSV - Spreadsheet-compatible format
Export Options
# Generate HTML security report
apkz vuln-scan app.apk --format html -o security_report.html
# Export vulnerability data
apkz vuln-scan app.apk --format json -o vuln_data.json
# Batch report generation
apkz batch ./apk_files --format html -o batch_security_report.html🔬 Obfuscation Analysis
Code Protection Detection
- ProGuard/R8 Detection - Identify obfuscation tools
- String Obfuscation - Detect encoded/encrypted strings
- Control Flow Obfuscation - Analyze code complexity
- Anti-Tampering - Detect protection mechanisms
Analysis Levels
- None - No obfuscation detected
- Light - Basic obfuscation present
- Moderate - Significant obfuscation
- Heavy - Advanced obfuscation techniques
🛠️ Development
Project Structure
apkz/
├── src/
│ ├── commands/ # CLI commands
│ ├── utils/ # Utility classes
│ └── web/ # Web interface
├── test_files/ # Test APKs
├── docs/ # Documentation
└── README.md # This fileContributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
Building
# Install dependencies
npm install
# Run tests
npm test
# Build for production
npm run build🔧 Configuration
Made with ❤️ by Kakuzu
