{"id":13821915,"url":"https://github.com/n0mi1k/apk2url","last_synced_at":"2025-05-16T15:31:43.388Z","repository":{"id":184184966,"uuid":"670264280","full_name":"n0mi1k/apk2url","owner":"n0mi1k","description":"An OSINT tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling","archived":false,"fork":false,"pushed_at":"2024-02-24T03:56:10.000Z","size":19,"stargazers_count":537,"open_issues_count":0,"forks_count":57,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-05-30T02:52:27.527Z","etag":null,"topics":["android","android-security","apk","apktool","bugbounty","endpoint-discovery","jadx","osint-tool","redteam-tools"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/n0mi1k.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-24T16:49:00.000Z","updated_at":"2024-05-29T17:40:35.000Z","dependencies_parsed_at":"2023-07-27T11:52:39.468Z","dependency_job_id":"3bc3e22c-e0a9-4b45-a2dd-5ceaa1e2faed","html_url":"https://github.com/n0mi1k/apk2url","commit_stats":null,"previous_names":["n0mi1k/apk2url"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fapk2url","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fapk2url/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fapk2url/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/n0mi1k%2Fapk2url/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/n0mi1k","download_url":"https://codeload.github.com/n0mi1k/apk2url/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":213893315,"owners_count":15653524,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-security","apk","apktool","bugbounty","endpoint-discovery","jadx","osint-tool","redteam-tools"],"created_at":"2024-08-04T08:01:33.786Z","updated_at":"2024-08-04T08:07:16.767Z","avatar_url":"https://github.com/n0mi1k.png","language":"Shell","funding_links":[],"categories":["Shell","信息搜集"],"sub_categories":[],"readme":"# apk2url\n\napk2url easily extracts URL and IP endpoints from an APK file and performs filtering into a .txt output. This is suitable for information gathering by the red team, penetration testers and developers to quickly identify endpoints associated with an application.\n\n**NOTE: Why use apk2url?** When compared with APKleaks, MobSF and AppInfoScanner, apk2url identifies a significantly higher number of endpoints with additional features. \n\n## Features\n- Subdomain enumeration : Find unique domains and subdomains\n- URL + URI Path Finder : Finds interesting URLs with paths and GET params\n- IP Address finder : Finds IP addresses\n- Log endpoint source : Log filename in APK where endpoints were discovered\n- Easy to install : Run `install.sh`\n- Multi APK support : Run on multiple APKs on a single run\n\n## Running apk2url\n**NOTE:** apk2url requires apktool and jadx which can be easily installed with `apt`. Please refer to the dependencies section.\n```bash\ngit clone https://github.com/n0mi1k/apk2url\n```  \n```bash\n./apk2url.sh /path/to/apk/file.apk\n```\n\n**UPDATE** v1.2 now supports directory input for multiple APKs!\n```bash\n./apk2url.sh /path/to/apk-directory/\n```\n\nYou can also install directly for easy access by running `./install.sh`.                        \nAfter that you can run apk2url anywhere:\n```bash\napk2url /path/to/apk/file.apk\n```\nBy default there are 2 output files in the \"endpoints\" directory:  \n- \\\u003capkname\\\u003e_endpoints.txt - **Contains endpoints with full URL paths**\n- \\\u003capkname\\\u003e_uniq.txt - **Contains unique endpoint domains and IPs**\n\nBy default, the program does not log the Android file name/path where endpoints are discovered.    \nTo enable logging, run as follows:\n\n```bash\napk2url /path/to/apk/file.apk log\n```\n**Tested on Kali 2023.2 and Ubuntu 22.04*\n\n## Dependencies\nUse `apt` for easy installation of these tools required by apk2url or use `install.sh`:\n- sudo apt install apktool\n- sudo apt install jadx\n\n## Demonstration\n\u003cimg width=\"679\" alt=\"image\" src=\"https://github.com/n0mi1k/apk2url/assets/28621928/f0459e53-f6d9-4e42-a2ed-e146fb36b520\"\u003e\n\n## Disclaimer\nThis tool is for educational and testing purposes only. Do not use it to exploit the vulnerability on any system that you do not own or have permission to test. The authors of this script are not responsible for any misuse or damage caused by its use.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn0mi1k%2Fapk2url","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fn0mi1k%2Fapk2url","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fn0mi1k%2Fapk2url/lists"}