APKHunt is a powerful tool used in the android app pentest. Android app pentest, short for Android application penetration testing, is the process of analyzing an Android app for potential security vulnerabilities. APKHunt is a tool that aids in the discovery of vulnerabilities and weaknesses within Android applications.
APKHunt is an open-source tool designed specifically for android app pentest. It can perform a range of functions such as extracting metadata, reverse engineering, vulnerability scanning, and more. The user-friendly tool can be easily downloaded and installed on any system.
One of the most significant benefits of APKHunt is its ability to extract metadata from Android applications. This includes details such as the app name, package name, and version code. This information is critical for android app pentesting as it helps in identifying the app's functionality and potential vulnerabilities.
APKHunt also provides reverse engineering capabilities. This feature is essential for identifying hidden features and potential vulnerabilities that may not be visible through the app's interface. It allows pentesters to decompile the application, analyze the code, and gain a deeper understanding of how the app functions.
Disclaimer:
Features
- Multiple APK files scanning in a specific path or folder.
- Covers the majority of the OWASP MASVS framework's test cases related to SAST (Static Application Security Testing).
- For simplicity of use by end users, results are displayed in a TXT file format.
- A low false-positive rate is intended to identify and highlight the precise location of potential vulnerabilities in the source code.
- A highly accurate scanning process is achieved by using certain rules that are created to look for specific security vulnerabilities.
Requirements
Install APKHunt
To install and use APKhunt for android app pentesting, we have to clone the tool from its GitHub repository using the command below.
git clone https://github.com/Cyber-Buddy/APKHunt.git
When the download is complete we can navigate into the directory and install the required dependencies using the below commands.
Golang:
sudo apt install golang-go
JADX:
sudo apt-get install jadx
Dex2jar:
sudo apt-get install dex2jar
Usage
To use APKHunt for android app penetration testing, we run commands using the below syntax.
go run APKHunt.go [ooptions] {.apk file}
Options
- -h - used to display help.
- -l - used for logging results to a text file during android app penetration testing.
- -m - used to indicate the folder path during multiple apps scan.
- -p -used to indicate the apk file path
Performing android app pentesting
Single app pentesting
When performing a single android app pentesting using APKHunt, we just need to specify the location of the application to be scanned. In this case, we will be using Damn Vulnerable Banking Application which is an intentionally vulnerable application used for penetration testing practice by aspiring penetration testers. To run a penetration test scan on the app we use the command with the below syntax.
go run apkhunt.go -p {app location}
If you want to log results for the android app pentesting, you can add the -l flag at the end of the command as shown below.
go run apkhunt.go -p {app location} -l
Single app pentest report
APKHunt android app pentest results are structured in the order in which the scan was carried out. The application’s basic information comes first as shown in the image below.
Since APKHunt checks for application vulnerabilities based on the OWASP MASVS framework, it will only check for vulnerabilities in areas described in the framework. It is recommended that as a pentester you practically try to exploit the vulnerabilities found during the scan.
APKHunt will also provide the user with recommendations to fix the issues found during android app pentesting. In the image below, we can see an issue found within the application we performed the test on and the recommendation from APKHunt.
Multiple app pentesting
While performing multiple android app pentesting, the command we run to scan is slightly different from the one for a single application. For multiple applications, we are required to specify the folder within which we have the applications as shown in the below syntax.
go run apkhunt.go -m {your apps’ folder} -l
In our case, we have the applications, the Damn Vulnerable Banking APP and the InsecureShop within a folder “PENTESTING” hence we run the command as shown in the image below.
As shown in the above image, we can see that we are scanning a total of two application files from the APK's list.
Multiple app pentest report
In a case where the user performs android app pentesting on multiple applications, he/she gets the report of every application scanned in its text file as shown in the image below.
The pentest reports generated during multiple android app pentesting are similar to a report generated during single app penetration testing. Each report will only contain contents of the respective application.
Conclusion
Another significant feature of APKHunt is its vulnerability scanning capabilities. The tool can scan Android applications for known vulnerabilities, including SQL injection, cross-site scripting (XSS), and insecure data storage. This allows penetration testers to identify and remediate security issues before they can be exploited by attackers.
APKHunt's user-friendly interface and extensive functionality make it a valuable tool for Android app pentesting. It provides pentesters with the ability to identify vulnerabilities and potential security weaknesses that could be exploited by attackers. APKHunt can also help developers identify and remediate security issues during the development phase, which can save time and money in the long run.
In conclusion, APKHunt is an essential tool for anyone involved in android app pentest. It's extensive functionality and user-friendly interface make it a valuable asset for identifying potential security vulnerabilities within Android applications. Whether you are a pentester or developer, APKHunt can help you identify and remediate security issues before they can be exploited by attackers.