apkingo

module

v1.0.2 Latest Latest Go to latest Published: Feb 12, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andpalmier/apkingo

Links

Open Source Insights

README ¶

apkingo

apkingo is a utility designed to extract information from an APK file. By analyzing the provided file, apkingo extracts details like package name, target SDK, permissions, metadata, certificate serial, and issuer. Additionally, the tool fetches information about the specified apk from the Play Store and, if valid API keys are provided, from Koodous and VirusTotal. If the file is not available on VirusTotal, apkingo offers the option to upload it.

Installation

You can download apkingo from the releases section or compile it from the source by running:

go install github.com/andpalmier/apkingo/cmd/apkingo@latest

Usage

You can run apkingo with the following flags:

  -apk string (REQUIRED)
        Path to APK file
  -country string
        Country code of the Play Store (default "us")
  -json string
        Path to export analysis in JSON format
  -kapi string
        Koodous API key (you can export it using the env variable KOODOUS_API_KEY)
  -vtapi string
        VirusTotal API key (you can export it using the env variable VT_API_KEY)

Screenshots

apkingo analyzing snapseed:

apkingo

apkingo analyzing F-Droid:

apkingo

apkingo analyzing an Android malware (I had to cut the screenshot on the permissions section):

apkingo apkingo

Features

Here is the full list of information which apkingo can retrieve:

General information: app name, package name, app version, main activity, minimum and target SDK
Hashes: md5, sha1 and sha256
Permissions
Metadata
Certificate information: serial, thumbprint, validity, date, expiration date, issuer and subject
Play Store information: Play Store url, version, release date, last update date, genre, summary, number of installations, score, developer name, developer ID, developer mail and developer website
Koodous info (API key required): Koodous url, Koodous ID, Koodous link to the app icon, size, Koodous tags, trusted (boolean), Koodous rating, corrupted (boolean) and submission date
VirusTotal info (API key required): VirusTotal url, apk names, submission date, number of submissions, last analysis date and results, community votes (harmless and malicious), md5 and dhash of icon, providers, receivers, services, interesting strings and permissions that are considered dangerous

3rd party libraries used

Directories ¶

Path	Synopsis
cmd
apkingo

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL