Usage
When the program starts, it lists connected devices and asks you to select one. Then, you can choose from the following main menu options:
Main Menu
- 1) Environment Config Setup: Proxy configuration and Burp certificate installation.
- 2) Drozer Tools: Application analysis and attack surface detection with Drozer.
- 3) Analysis Tools: Pull app data, APK analysis, regex search, dumpsys info.
- 4) Frida Tools: Frida server setup and script execution.
- 5) APK Build & Sign: Rebuild and sign decompiled APKs.
- 6) Exit: Exit the program.
Each menu contains detailed sub-steps.
Directory Structure
APKScope/
├── APKScope.py
├── tool/
│ ├── jadx/
│ └── apktool/
| └── frida-server/
| └── drozer
├── config/
│ ├── regex.json
│ ├── blacklist.json
│ └── signer.json
├── result/
├── decompiled_data/
├── dumped_data/
├── app/
└── script/
Menu Descriptions
1. Environment Config Setup
Once you provide the IP address, port information, and the Burp certificate path, you will be able to view the traffic through Burp.
- Proxy configuration
- Certificate installation (e.g., Burp)
In step 1, the Drozer and Drozer Agent APKs are installed. Once the agent is activated through the interface, you can perform an attack surface analysis using Drozer.
- Install Drozer agent and set up port forwarding
- Retrieve app info via Drozer console
- IPC tests and attack surface analysis
- Pull app data (/data/data)
- APK attack surface analysis (decompile + manifest analysis)
- Jadx decompile and key/secret search
- /data/data regex analysis
- Retrieve app info with dumpsys
Pull app data (/data/data)
You can list the third-party applications on the device and analyze their local storage data.
APK attack surface analysis (decompile + manifest analysis)
By selecting the third-party application you want to analyze from the device, you can examine security-related features such as permissions, activities, content providers, backup settings, and cleartext traffic.
-Additionally, the relevant ADB commands are automatically generated for your convenience.
Jadx decompile and key/secret search
By selecting option 1, you can list the third-party applications installed on the device, pull them from the device, and then perform secret analysis within the APK package by choosing step 2 (search) or step 3 (regex-based analysis using config/regex.json).To reduce false positives in the output, you can improve the patterns using a blacklist(config/blacklist.json).