Linux command
apkleaks 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Scan
apkleaks -f [app.apk]
Example
apkleaks -f [app.apk] -o [results.json]
Example
apkleaks -f [app.apk] -p [patterns.json]
Verbose
apkleaks -f [app.apk] -v
说明
apkleaks scans Android APK files for hardcoded secrets, API keys, and sensitive information. It decompiles the APK, searches through code and resources using regex patterns, and reports potential security issues. The tool helps identify accidental exposure of credentials, private keys, URLs with tokens, and other sensitive data that developers may have inadvertently included in their applications.
参数
- -f _file_
- APK file to analyze
- -o _file_
- Output file for results
- -p _file_
- Custom patterns file (JSON)
- -a _args_
- Additional arguments to pass to the jadx decompiler.
- --json
- Output results in JSON format.
- -v, --verbose
- Verbose output, including matched line numbers.
- --disassemble
- Disassemble bytecode (slower, may catch additional secrets).
FAQ
What is the apkleaks command used for?
apkleaks scans Android APK files for hardcoded secrets, API keys, and sensitive information. It decompiles the APK, searches through code and resources using regex patterns, and reports potential security issues. The tool helps identify accidental exposure of credentials, private keys, URLs with tokens, and other sensitive data that developers may have inadvertently included in their applications.
How do I run a basic apkleaks example?
Run `apkleaks -f [app.apk]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -f _file_ do in apkleaks?
APK file to analyze