APK2URL: Extract IP and URL Endpoints from APKs with OSINT Tool
NOTE: Why use apk2url? When compared with APKleaks, MobSF and AppInfoScanner, apk2url identifies a significantly higher number of endpoints.
Running apk2url
NOTE: apk2url requires apktool and jadx which can be easily installed with apt. Please refer to the dependencies section.
git clone https://github.com/n0mi1k/apk2url./apk2url.sh /path/to/apk/file.apkUPDATE v1.2 now supports directory input for multiple APKs!
./apk2url.sh /path/to/apk-directory/You can also install directly for easy access by running ./install.sh.
After that you can run apk2url anywhere:
apk2url /path/to/apk/file.apkBy default there are 2 output files in the "endpoints" directory:
- <apkname>_endpoints.txt - Contains endpoints with full URL paths
- <apkname>_uniq.txt - Contains unique endpoint domains and IPs
By default, the program does not log the Android file name/path where endpoints are discovered.
To enable logging, run as follows:
apk2url /path/to/apk/file.apk log*Tested on Kali 2023.2 and Ubuntu 22.04
Dependencies
Use apt for easy installation of these tools required by apk2url:
- sudo apt install apktool
- sudo apt install jadx
Download APK2URL
Danial Zahoor
Professional Ethical Hacker and Cybersecurity Researcher with a proven track record in dismantling online threats. Successfully neutralized 4 scammer networks, thwarted 13 phishing schemes, and disrupted 4 kidnapper networks. Committed to ensuring online safety and security, I leverage my expertise to protect individuals and organizations from digital threats. Passionate about cybersecurity education and empowering others to stay safe online.
