APKHunt is a static code analysis tool for Android apps that identifies security vulnerabilities based on the OWASP MASVS framework.
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.
APKHunt is primarily used by mobile app developers and security testers to conduct thorough security reviews of Android applications, ensuring compliance with OWASP MASVS standards. It helps identify potential vulnerabilities in APK files, enabling developers and testers to improve app security before deployment.
APKHunt currently supports only Linux environments. Ensure all dependencies like Git, Golang, JADX, and Dex2jar are installed prior to running the tool. The tool is based on OWASP MASVS v1.5.0 (Jan 2023), so users should be familiar with this framework for best results.
git clone https://github.com/Cyber-Buddy/APKHunt.git
cd APKHunt
go run apkhunt.go
Install Git: sudo apt-get install git
Install Golang: sudo apt install golang-go
Install JADX: sudo apt-get install jadx
Install Dex2jar: sudo apt-get install dex2jargo run apkhunt.go -h
Displays help information about APKHunt usage and options
go run apkhunt.go -p /path/to/file.apk
Scans a single APK file located at the specified path
go run apkhunt.go -m /path/to/folder
Scans multiple APK files located in the specified folder
go run apkhunt.go -l
Enables logging and outputs results to a TXT file