APK Discovery - URLs and paths

Mobile apps could often contain a lot of information about URLs and paths which can lead to finding more vulnerabilities. This simple workflow will let you upload the APK file of an app you want to discover URLs and paths used.

Complexity: basic

Category: Mobile

Tools

Setup

Set up this workflow by uploading the APK file or adding a raw URL at the beginning (replace APK_FILE input value).

Execution and Results

After setup workflow is ready to be executed. Once workflow's last node, uro tool, is finished result can be viewed and downloaded.

uro tool will contain the latest results of the workflow execution.\

APK Discovery - URLs and paths workflow results

Build this workflow in steps

Getting the data with apkurlgrep

We will add apkurlgrep to the Canvas. It already has apkfile parameter enabled by default.

Use APK as an input for apkurlgrep in the workflow editor — Use APK as an input for apkurlgrep

Get paths with custom-script

Custom-script node could be used to get all of the paths from the output of apkurlgrep

cat in/*/* | grep 'Paths:' -A 100000000000000000 | uniq | tee out/output.txt

This script will cat all of the files inside in directory and grep for paths.

Getting the paths via custom script in the workflow editor — Getting the paths via custom script

Using uro to deduplicate the results

Lastly, as the results from the previous node could contain duplicates, we will use uro for deduplicating the results.

Using uro tool to deduplicate results in the workflow editor

Execution and results

uro will contain the latest results of the workflow execution.

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

Improve this workflow

Changing machine type of tools to speed up the execution
Adding additional verification for parsing and getting the paths
Creating wordlists to brute-force locations gathered in Attack Surface Management

Private Agents - Scan Internal Environments On Any Device