OSINT Tool: apk2url

by | Jan 19, 2024 | Tools

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 2 Minutes

apk2url

apk2url by n0mi1k is a tool that easily extracts URL and IP endpoints from an APK file and performs filtering into a .txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints associated with an application.

NOTE: Why use apk2url? When compared with APKleaks, MobSF, and AppInfoScanner, apk2url identifies a significantly higher number of endpoints.

 

See Also: A Practical Guide to Hacking Techniques for finding Top Bugs.
The Bug Bounty Hunting Course

Running apk2url

NOTE: apk2url requires apktool and jadx which can be easily installed with apt. Please refer to the dependencies section.

git clone https://github.com/n0mi1k/apk2url

./apk2url.sh /path/to/apk/file.apk

UPDATE v1.2 now supports directory input for multiple APKs!

./apk2url.sh /path/to/apk-directory/

 

You can also install directly for easy access by running ./install.sh.
After that, you can run apk2url anywhere:

apk2url /path/to/apk/file.apk

By default there are 2 output files in the “endpoints” directory:

  • <apkname>_endpoints.txt – Contains endpoints with full URL paths
  • <apkname>_uniq.txt – Contains unique endpoint domains and IPs

 

By default, the program does not log the Android file name/path where endpoints are discovered.
To enable logging, run as follows:

apk2url /path/to/apk/file.apk log

*Tested on Kali 2023.2 and Ubuntu 22.04

 

Dependencies

Use apt for easy installation of these tools required by apk2url:

  • sudo apt install apktool
  • sudo apt install jadx

 

Demonstration

 

Clone the repo from here: GitHub Link

 

Merch

Recent Tools

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This