APK Discovery - URLs and paths
Complexity: basic
Category: Mobile
Tools
Setup
Set up this workflow by uploading the APK file or adding a raw URL at the beginning (replace APK_FILE input value).
Execution and Results
After setup workflow is ready to be executed. Once workflow's last node, uro
tool, is finished result can be viewed and downloaded.
uro
tool will contain the latest results of the workflow execution.\
Build this workflow in steps
Getting the data with apkurlgrep
We will add apkurlgrep to the Canvas. It already has apkfile
parameter enabled by default.
Get paths with custom-script
Custom-script node could be used to get all of the paths from the output of apkurlgrep
cat in/*/* | grep 'Paths:' -A 100000000000000000 | uniq | tee out/output.txt
This script will cat
all of the files inside in
directory and grep for paths.
Using uro to deduplicate the results
Lastly, as the results from the previous node could contain duplicates, we will use uro for deduplicating the results.
Execution and results
uro
will contain the latest results of the workflow execution.
Try it out!
This workflow is available in the Library, you can copy it and execute it immediately!
Improve this workflow
- Changing machine type of tools to speed up the execution
- Adding additional verification for parsing and getting the paths
- Creating wordlists to brute-force locations gathered in Attack Surface Management