APK Discovery - URLs and paths
Complexity: basic
Category: Mobile
Tools
Setup
Set up this workflow by uploading the APK file or adding a raw URL at the beginning (replace APK_FILE input value).
![APK Discovery - URLs and paths workflow targets setup](https://res.cloudinary.com/db14crach/image/upload/v1700236753/docs/apk-discovery-urls-and-paths/apk-discovery-setup.gif)
Execution and Results
After setup workflow is ready to be executed. Once workflow's last node, uro
tool, is finished result can be viewed and downloaded.
uro
tool will contain the latest results of the workflow execution.\
![APK Discovery - URLs and paths workflow results](https://res.cloudinary.com/db14crach/image/upload/v1700236753/docs/apk-discovery-urls-and-paths/apk-results.png)
Build this workflow in steps
Getting the data with apkurlgrep
We will add apkurlgrep to the Canvas. It already has apkfile
parameter enabled by default.
![Use APK as an input for apkurlgrep in the workflow editor](https://res.cloudinary.com/db14crach/image/upload/v1700236753/docs/apk-discovery-urls-and-paths/apk-apkurlgrep.gif)
Use APK as an input for apkurlgrep
Get paths with custom-script
Custom-script node could be used to get all of the paths from the output of apkurlgrep
cat in/*/* | grep 'Paths:' -A 100000000000000000 | uniq | tee out/output.txt
This script will cat
all of the files inside in
directory and grep for paths.
![Getting the paths via custom script in the workflow editor](https://res.cloudinary.com/db14crach/image/upload/v1700236755/docs/apk-discovery-urls-and-paths/apk-paths.gif)
Getting the paths via custom script
Using uro to deduplicate the results
Lastly, as the results from the previous node could contain duplicates, we will use uro for deduplicating the results.
![Using uro tool to deduplicate results in the workflow editor](https://res.cloudinary.com/db14crach/image/upload/v1700236754/docs/apk-discovery-urls-and-paths/apk-uro.gif)
Execution and results
uro
will contain the latest results of the workflow execution.
![APK Discovery - URLs and paths workflow results](https://res.cloudinary.com/db14crach/image/upload/v1700236753/docs/apk-discovery-urls-and-paths/apk-results.png)
Try it out!
This workflow is available in the Library, you can copy it and execute it immediately!
Improve this workflow
- Changing machine type of tools to speed up the execution
- Adding additional verification for parsing and getting the paths
- Creating wordlists to brute-force locations gathered in Attack Surface Management