{"id":27361216,"url":"https://github.com/kamushadenes/apkrash","last_synced_at":"2025-10-20T02:34:46.817Z","repository":{"id":57694587,"uuid":"465239498","full_name":"kamushadenes/apkrash","owner":"kamushadenes","description":"APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.","archived":false,"fork":false,"pushed_at":"2025-09-02T06:07:23.000Z","size":3091,"stargazers_count":31,"open_issues_count":2,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-09T00:37:04.143Z","etag":null,"topics":["analysis","android","apk","repackaging","reversing","security","tampering"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kamushadenes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["kamushadenes"]}},"created_at":"2022-03-02T09:30:44.000Z","updated_at":"2025-09-07T22:21:21.000Z","dependencies_parsed_at":"2022-09-26T16:40:22.624Z","dependency_job_id":"b3f6844a-5791-4bbd-acaa-e50da103e759","html_url":"https://github.com/kamushadenes/apkrash","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/kamushadenes/apkrash","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamushadenes%2Fapkrash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamushadenes%2Fapkrash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamushadenes%2Fapkrash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamushadenes%2Fapkrash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kamushadenes","download_url":"https://codeload.github.com/kamushadenes/apkrash/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kamushadenes%2Fapkrash/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274231097,"owners_count":25245687,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-08T02:00:09.813Z","response_time":121,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","android","apk","repackaging","reversing","security","tampering"],"created_at":"2025-04-13T01:30:00.378Z","updated_at":"2025-10-20T02:34:41.779Z","avatar_url":"https://github.com/kamushadenes.png","language":"Go","funding_links":["https://github.com/sponsors/kamushadenes"],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eAPKrash\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  APKrash is an Android APK security analysis toolkit focused on comparing APKs to detect tampering and repackaging.\n\u003c/p\u003e\n\n\u003chr\u003e\n\n## Features\n\n- Able to analyze pure Android Manifests, APKs, AABs and JARs.\n- Downloads APKs from Google Play Store to perform analysis.\n- Analyzes and detects differences on permissions, activities, services, receivers, providers, features and source code.\n- With optional dependencies, supports APK extraction, decompiling and conversion to JAR.\n- Outputs results as plain text, tables and JSON.\n\n\u003chr\u003e\n\n## Install\n\nYou can download a pre-compiled binary from the [Releases](https://github.com/kamushadenes/apkrash/releases) page.\n\nAlternatively, you can install APKrash using the following commands:\n\n```shell\ngit clone https://github.com/kamushadenes/apkrash.git\ncd apkrash/cmd\ngo build -o apkrash\n```\n\n## Dependencies\n\nThose are optional non-Go dependencies that enable certain features.\n\n### apktool\n\nFor the `extract` command\n\n### bundletool\n\nTo support `.aab` files\n\n### dex2jar\n\nFor the `jar` command\n\n### jadx\n\nFor the `decompile` command and for using the `-l` flag to compare source code files\n\n## Usage\n\n```shell\napkrash help\n```\n\n```\nAndroid APK security analysis toolkit\n\nUsage:\n  apkrash [command]\n\nAvailable Commands:\n  analyze     Analyze an APK or Manifest\n  compare     Compares two APKs or Manifests\n  completion  Generate the autocompletion script for the specified shell\n  decompile   Decompile APK into Java code using jadx\n  extract     Extract APK using apktool\n  help        Help about any command\n  jar         Convert APK to JAR using dex2jar\n\nFlags:\n  -c, --color             Output with color (only valid for text mode)\n  -e, --email string      Email to use for downloading APKs from Google Play\n  -o, --format string     Output format, one of text, json, json_pretty, table (default \"text\")\n  -h, --help              help for apkrash\n  -d, --onlyDiffs         Output only diffs (only valid for text mode)\n  -w, --password string   Password to use for downloading APKs from Google Play\n\nUse \"apkrash [command] --help\" for more information about a command.\n```\n\n### Analyze an APK or Manifest\n\n```shell\napkrash analyze \u003cfile.apk or AndroidManifest.xml\u003e\n```\n\n### Compare two APKs\n\n```shell\napkrash compare \u003cfile1.apk or AndroidManifest1.xml\u003e \u003cfile2.apk or AndroidManifest2.xml\u003e\n```\n\n### Decompile an APK using jadx\n\n```shell\napkrash decompile \u003cfile.apk\u003e [output_dir]\n```\n\n### Extract an APK using apktool\n\n```shell\napkrash extract \u003cfile.apk\u003e [output_dir]\n```\n\n### Convert APK to JAR using dex2jar\n\n```shell\napkrash jar \u003cfile.apk\u003e [output_dir]\n```\n\n## Examples\n\n### Compare two APKs showing only diffs with colored output\n\n```shell\napkrash compare -c -d apk1.apk apk2.apk\n```\n\n![](.github/images/compare_example.png)\n\n### Analyze an APK and output to JSON (pretty), including files and statistics\n\n```shell\napkrash analyze -o json_pretty -f apk.apk\n```\n\n### Compare two APKs and their source code, outputting to JSON\n\n*Note: this may take a few minutes as the APK needs to be decompiled using jadx*\n\n```shell\napkrash compare -o json -f -l apk1.apk apk2.apk\n```\n\n## Roadmap\n\n- [x] Add support for AndroidManifest.xml\n- [x] Add support for APKs\n- [x] Add support for JARs\n- [x] Add support for AABs\n- [x] Add support for downloading APKs from Play Store\n- [ ] Add support for downloading APKs from other stores\n\n## Credits\n\n- Inspired by [AndroCompare](https://github.com/harismuneer/AndroCompare)\n- Google Play support provided by [@89z](https://github.com/89z/googleplay)\n- Binary Android Manifest support provided by [@shogo82148](https://github.com/shogo82148/androidbinary)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkamushadenes%2Fapkrash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkamushadenes%2Fapkrash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkamushadenes%2Fapkrash/lists"}