MCPcopy Index your code
hub / github.com/d78ui98/APKDeepLens

github.com/d78ui98/APKDeepLens @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
70 symbols 183 edges 9 files 37 documented · 53%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

APKDeepLens

Android security insights in full spectrum.

FeaturesDetectionInstallationUsageReports

Featured at Black Hat MEA 2023 and Black Hat ASIA 2024


image

What is APKDeepLens?

APKDeepLens is a Python-based static analysis tool for Android APK files. It decompiles APKs using JADX and runs a deep multi-layer security scan covering the OWASP Mobile Top 10 (2024). Every finding is tagged with a severity level (CRITICAL / HIGH / MEDIUM / LOW / INFO) and an OWASP category, and results are exported in JSON, HTML, PDF, or TXT format.


Features

  • APK decompilation via JADX (Windows, Linux, macOS, Docker)
  • AndroidManifest.xml analysis — permissions, exported components, misconfigurations
  • Deep code scanning — walks all decompiled Java/Kotlin/XML source
  • Hardcoded secret detection — API keys, OAuth tokens, private keys, passwords
  • Insecure communication detection — HTTP, FTP, SMTP, JavaScript protocol URLs
  • Cryptographic weakness detection — weak algorithms, ECB mode, insecure random
  • WebView security analysis — JavaScript interface, file access, SSL ignore
  • SSL/TLS misconfiguration — trust-all certs, hostname bypass, legacy protocols
  • Dynamic code execution — DexClassLoader, Runtime.exec(), ProcessBuilder
  • Insecure data storage — world-readable files, clipboard, external storage, raw SQL
  • Sensitive data in logs — Log.*, System.out.println, printStackTrace
  • Intent security — implicit PendingIntents, sticky broadcasts
  • Zip path traversal (Zip Slip) detection
  • Severity classification — CRITICAL, HIGH, MEDIUM, LOW, INFO per finding
  • OWASP Mobile Top 10 (2024) mapping on every finding
  • Multi-format reports — JSON, HTML, PDF, TXT
  • CI/CD ready — JSON output integrates directly into pipelines
  • Cross-platform — Windows, Linux, macOS, Docker

Detection at a Glance

Category Checks Severity Range OWASP
Manifest Security 10 CRITICAL → MEDIUM M3–M9
Cryptography 7 CRITICAL → MEDIUM M1, M10
WebView Security 6 CRITICAL → HIGH M4, M5, M7, M9
SSL / TLS 5 CRITICAL → MEDIUM M5
Dynamic Code Execution 4 HIGH → MEDIUM M4, M7
Insecure Data Storage 6 HIGH → LOW M4, M6, M9
Logs / Privacy 3 MEDIUM → LOW M6
Intent Security 2 HIGH → MEDIUM M4
Zip Path Traversal 1 HIGH M4
Hardcoded Secrets 16+ M1
Insecure Communications M5

For full check IDs, regex patterns, and evidence examples see DETECTION.md.


Installation

Requirements: Python 3.10+, Java / OpenJDK

Linux / macOS

git clone https://github.com/d78ui98/APKDeepLens.git
cd APKDeepLens
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python APKDeepLens.py --help

Windows

git clone https://github.com/d78ui98/APKDeepLens.git
cd APKDeepLens
python3 -m venv venv
.\venv\Scripts\activate
pip install -r requirements.txt
python APKDeepLens.py --help

Docker

docker build -t apkdeeplens .
docker run --rm -v /path/to/apk/files:/apk apkdeeplens -apk /apk/file.apk

Usage

# Basic scan — outputs JSON report
python APKDeepLens.py -apk app.apk

# Skip decompilation when source is already extracted
python APKDeepLens.py -apk app.apk -source_code_path /path/to/source

# Generate HTML report
python APKDeepLens.py -apk app.apk -report html

# Generate PDF report
python APKDeepLens.py -apk app.apk -report pdf

# Generate plain-text report
python APKDeepLens.py -apk app.apk -report txt

# Specify output directory
python APKDeepLens.py -apk app.apk -report json -o /path/to/output/

# Skip virtualenv check (CI/CD)
python APKDeepLens.py -apk app.apk --ignore_virtualenv

All reports are saved to a reports/ subdirectory of the output path.


Reports

Format Description
JSON (default) Machine-readable. All findings include id, severity, owasp, description, and evidence. Ideal for pipeline integration.
HTML / PDF Colour-coded severity tables — CRITICAL in red, HIGH in orange, MEDIUM in amber.
TXT Human-readable, severity-sorted findings with file locations and descriptions.

See DETECTION.md for the full JSON output schema.


Project Structure

APKDeepLens/
├── APKDeepLens.py               # Main entry point
├── report_gen.py                # Report generation (JSON, HTML, PDF, TXT)
├── report_template.html         # HTML report template
├── requirements.txt
└── static_tools/
    ├── code_scanner.py          # Deep code-pattern security scanner (40+ checks)
    ├── scan_android_manifest.py # Manifest parser + security checker
    ├── sensitive_info_extractor.py  # Hardcoded secret + insecure URL scanner
    ├── known_false_positives.txt    # Curated false-positive filter list
    └── utility/
        └── utility_class.py    # Shared constants (DANGEROUS_PERMISSIONS, util)

Contributing

Feature requests, bug reports, and pull requests are welcome at github.com/d78ui98/APKDeepLens/issues.


Featured at

Core symbols most depended-on inside this repo

mod_log
called by 30
report_gen.py
mod_log
called by 17
static_tools/utility/utility_class.py
_scan_pattern
called by 8
static_tools/code_scanner.py
mod_print
called by 6
report_gen.py
grep_keyword
called by 3
report_gen.py
clean_apk_name
called by 3
report_gen.py
mod_print
called by 2
APKDeepLens.py
return_abs_path
called by 2
APKDeepLens.py

Shape

Method 59
Class 9
Function 2

Languages

Python100%

Modules by API surface

report_gen.py24 symbols
APKDeepLens.py18 symbols
static_tools/code_scanner.py12 symbols
static_tools/scan_android_manifest.py7 symbols
static_tools/sensitive_info_extractor.py6 symbols
static_tools/utility/utility_class.py3 symbols

For agents

$ claude mcp add APKDeepLens \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact