APKHunt: Introduction to Android Penetration Testing Prakash, 8, August 20238, August 2023 In an era where mobile applications have become integral to daily life, safeguarding the security of these applications is paramount. Android applications, in particular, hold a significant share of the market, making them an attractive target for cyberattacks. This article delves into the realm of APKHunt, a powerful solution powered by the OWASP Mobile Application Security Verification Standard (MASVS) Static Analyzer. We will uncover how APKHunt empowers developers and organizations to enhance Android app security and proactively defend against potential vulnerabilities.APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.With APKHunt, mobile software architects or developers can conduct thorough code reviews to ensure the security and integrity of their mobile applications, while security testers can use the tool to confirm the completeness and consistency of their test results. Whether you’re a developer looking to build secure apps or an infosec tester charged with ensuring their security, APKHunt can be an invaluable resource for your work.NOTE: It is based on the OWASP MASVS v1.5.0 which was released in Jan 2023.TABLE OF CONTENTS1 🎯 Features2 🕸️ Installation3 ⚙️ Usage4 📱 Security test-case coverage5 💻 Demo6 🚧 Upcoming Features6.1 About The Author6.1.1 Prakash6.2 Related🎯 FeaturesScan coverage: Covers most of the SAST (Static Application Security Testing) related test cases of the OWASP MASVS framework.Multiple APK scanning: Supports scanning multiple APK files in a perticular path or folder.Optimised scanning: Specific rules are designed to check for particular security sinks, resulting in an almost accurate scanning process.Low false-positive rate: Designed to pinpoint and highlight the exact location of potential vulnerabilities in the source code.Output format: Results are provided in a TXT file format for easy readability for end-users.🕸️ Installationgit clone https://github.com/Cyber-Buddy/APKHunt.gitcd APKHuntgo run apkhunt.goRequirements:Install Git: sudo apt-get install gitInstall Golang: sudo apt install golang-goInstall JADX: sudo apt-get install jadxInstall Dex2jar: sudo apt-get install dex2jarLimitation:Only supported on Linux environments⚙️ Usage _ _ __ __ _ __ _ _ _ / _ \ | _ _ \| | / / | | | | | | / /_\ \| |_/ /| |/ / | |_| | _ _ _ _ | |_ | _ || __/ | \ | _ || | | |/ _ \| _| | | | || | | |\ \ | | | || |_| || | | || |_ \_| |_/\_| \_| \_/ \_| |_/\ _ _ /|_| |_|\_ _| ------------------------------------------------ OWASP MASVS Static Analyzer APKHunt Usage: go run apkhunt.go [options] {.apk file} Options: -h For help -p Provide the apk file-path -m Provide the folder-path for multiple apk scanning -l For logging (.txt file) Examples: APKHunt.go -p /Downloads/android_app.apk APKHunt.go -p /Downloads/android_app.apk -l APKHunt.go -m /Downloads/android_apps/ APKHunt.go -m /Downloads/android_apps/ -l 📱 Security test-case coverageThe OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results.OWASP MASVSV1Architecture, Design and Threat Modeling RequirementsV2Data Storage and Privacy RequirementsV3Cryptography RequirementsV4Authentication and Session Management RequirementsV5Network Communication RequirementsV6Environmental Interaction RequirementsV7Code Quality and Build Setting RequirementsV8Resiliency & Reverse Engineering Requirements💻 Demo APKHunt_deom.mp4 🚧 Upcoming FeaturesScanning of multiple APK files – DONE ☺️More output format such as HTML – In the outer orbit! 🤔Integration with third-party tools – Cannot commit! 😬DownloadAlso Read:12 Best WiFi Hacking Tools for Secure Network ExplorationReportly: is an AzureAD user activity report tool.How to Monitor Your WiFI Network and See What People Are DoingPentestGPT: A GPT-empowered penetration testing toolAbout The Author Prakash See author's posts Related Exploits kali Linux APKHuntpenetration testing toolstools
Cyber Security Required skill for entry level Cybersecurity job 17, January 20236, August 2023Are you fascinated by the world of cybersecurity? Do you dream of embarking on an exciting career where you can battle hackers, safeguard sensitive data, and protect organizations from cyber threats? Well, hold on to your hats, because we’re about to take you on a thrilling journey into the realm… Read More
kali Linux Sherlock : Find Social Media Accounts With Username 25, April 202325, April 2023Sherlock is a free and open-source tool that may be found on GitHub. This tool is free; you may get it from Github and use it for free. Sherlock is skilled at locating usernames on 300 different social media platforms. As you may already be aware, many individuals create accounts… Read More
Cyber Security 4 Best Information Gathering Tools to Boot Your Security 20, February 202320, February 2023Undisclosed collection of information gathering Tools that will boost your search capacity. In this post, we have revealed the names behind some of the information gathering applications that we have used in the intervening time and that are widely investigated at the corporate level. When the time comes to speak,… Read More