APKHunt: Android App Pentesting [Step-by-Step]


Ethical hacking

Reviewer: Deepak Prasad

APKHunt is a powerful tool used in the android app pentest. Android app pentest, short for Android application penetration testing, is the process of analyzing an Android app for potential security vulnerabilities. APKHunt is a tool that aids in the discovery of vulnerabilities and weaknesses within Android applications.

APKHunt is an open-source tool designed specifically for android app pentest. It can perform a range of functions such as extracting metadata, reverse engineering, vulnerability scanning, and more. The user-friendly tool can be easily downloaded and installed on any system.

One of the most significant benefits of APKHunt is its ability to extract metadata from Android applications. This includes details such as the app name, package name, and version code. This information is critical for android app pentesting as it helps in identifying the app's functionality and potential vulnerabilities.

APKHunt also provides reverse engineering capabilities. This feature is essential for identifying hidden features and potential vulnerabilities that may not be visible through the app's interface. It allows pentesters to decompile the application, analyze the code, and gain a deeper understanding of how the app functions.

 

Disclaimer:

It is recommended that you run these tests on a virtual lab and use applications available for pentesting. In a case where you need to perform penetration testing on other applications, make sure you obtain consent from the parties involved to avoid breaking the law.

 

Features

  • Multiple APK files scanning in a specific path or folder.
  • Covers the majority of the OWASP MASVS framework's test cases related to SAST (Static Application Security Testing).
  • For simplicity of use by end users, results are displayed in a TXT file format.
  • A low false-positive rate is intended to identify and highlight the precise location of potential vulnerabilities in the source code.
  • A highly accurate scanning process is achieved by using certain rules that are created to look for specific security vulnerabilities.

 

Requirements

 

Install APKHunt

To install and use APKhunt for android app pentesting, we have to clone the tool from its GitHub repository using the command below.

git clone https://github.com/Cyber-Buddy/APKHunt.git

When the download is complete we can navigate into the directory and install the required dependencies using the below commands.

Golang:

sudo apt install golang-go

JADX:

sudo apt-get install jadx

Dex2jar:

sudo apt-get install dex2jar

 

Usage

To use APKHunt for android app penetration testing, we run commands using the below syntax.

 go run APKHunt.go [ooptions] {.apk file}

Options

  • -h - used to display help.
  • -l - used for logging results to a text file during android app penetration testing.
  • -m - used to indicate the folder path during multiple apps scan.
  • -p -used to indicate the apk file path

 

Performing android app pentesting

Single app pentesting

When performing a single android app pentesting using APKHunt, we just need to specify the location of the application to be scanned. In this case, we will be using Damn Vulnerable Banking Application which is an intentionally vulnerable application used for penetration testing practice by aspiring penetration testers. To run a penetration test scan on the app we use the command with the below syntax.

go run apkhunt.go -p {app location}

If you want to log results for the android app pentesting, you can add the -l flag at the end of the command as shown below.

go run apkhunt.go -p {app location} -l

android app pentest

 

Single app pentest report

APKHunt android app pentest results are structured in the order in which the scan was carried out. The application’s basic information comes first as shown in the image below.

android app pentest

 

Since APKHunt checks for application vulnerabilities based on the OWASP MASVS framework, it will only check for vulnerabilities in areas described in the framework. It is recommended that as a pentester you practically try to exploit the vulnerabilities found during the scan.

APKHunt will also provide the user with recommendations to fix the issues found during android app pentesting. In the image below, we can see an issue found within the application we performed the test on and the recommendation from APKHunt.

android app pentest

 

Multiple app pentesting

While performing multiple android app pentesting, the command we run to scan is slightly different from the one for a single application. For multiple applications, we are required to specify the folder within which we have the applications as shown in the below syntax.

go run apkhunt.go -m {your apps’ folder} -l

In our case, we have the applications, the Damn Vulnerable Banking APP and the InsecureShop within a folder “PENTESTING” hence we run the command as shown in the image below.

android app pentesting

As shown in the above image, we can see that we are scanning a total of two application files from the APK's list.

 

Multiple app pentest report

In a case where the user performs android app pentesting on multiple applications, he/she gets the report of every application scanned in its text file as shown in the image below.

android app pentest

The pentest reports generated during multiple android app pentesting are similar to a report generated during single app penetration testing. Each report will only contain contents of the respective application.

 

Conclusion

Another significant feature of APKHunt is its vulnerability scanning capabilities. The tool can scan Android applications for known vulnerabilities, including SQL injection, cross-site scripting (XSS), and insecure data storage. This allows penetration testers to identify and remediate security issues before they can be exploited by attackers.

APKHunt's user-friendly interface and extensive functionality make it a valuable tool for Android app pentesting. It provides pentesters with the ability to identify vulnerabilities and potential security weaknesses that could be exploited by attackers. APKHunt can also help developers identify and remediate security issues during the development phase, which can save time and money in the long run.

In conclusion, APKHunt is an essential tool for anyone involved in android app pentest. It's extensive functionality and user-friendly interface make it a valuable asset for identifying potential security vulnerabilities within Android applications. Whether you are a pentester or developer, APKHunt can help you identify and remediate security issues before they can be exploited by attackers.

 

Kennedy Muthii

Kennedy Muthii

He is an accomplished professional proficient in Python, ethical hacking, Linux, cybersecurity, and OSINT. With a track record including winning a national cybersecurity contest, launching a startup in Kenya, and holding a degree in information science, he is currently engaged in cutting-edge research in ethical hacking. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment