A command-line tool that simplifies Android penetration testing by enabling app data extraction, permission analysis, and anti-debugging checks via adb.
Android pentesting with ease.
This tool is designed for security professionals and pentesters who need to analyze Android applications and devices quickly. It facilitates the extraction of app data, inspection of dangerous permissions, and detection of anti-debugging mechanisms to identify potential vulnerabilities during security assessments.
The tool relies on pure-python-adb but uses the adb binary for pulling directories due to limitations. Users must have adb and dex2jar installed prior to use. It is recommended to run the tool with appropriate permissions to access app data directories on the device.
Ensure dex2jar and adb are installed on your system
Clone or download the dextractor repository
Run pip3 install -r requirements.txt to install Python dependencies
Optionally, create a symlink to main.py in /usr/local/bin for easier CLI accessdextractor
Starts the dextractor interactive CLI interface.
packages
Lists all installed applications on the connected Android device.
dump
Dumps app data files from /data/data/app_package and converts XML and SQLite3 content into text files for analysis.
perm ./AndroidManifest.xml
Analyzes the AndroidManifest.xml file to identify dangerous permissions declared by the app.
debug
Connects through jdb to test if anti-debugging protections are in place.
connect
Establishes a connection to an Android device via adb.
devices
Lists connected Android devices available for interaction.
exit
Exits the dextractor CLI.
help
Displays available commands and usage information.