Skip to content

SelvaHacker1225/APKShield

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
apkshield
apkshield
 
 
rules
rules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 
setup.sh
setup.sh
 
 

Repository files navigation

APKShield v2.0

Advanced Android VAPT Framework — Static + Dynamic

Python Platform License

What is APKShield?

APKShield is a professional Android security assessment tool that combines static analysis and dynamic analysis into a single automated pipeline. It covers all OWASP Mobile Top 10 checks and produces a detailed report with severity scores, PoC code, manual exploit steps, and secure code fixes.

Features

  • Static Analysis — decompiles APK and scans for:

    • Weak crypto (MD5, SHA1, DES, ECB, static IV)
    • APK signature schemes (v1/v2/v3) + Janus vulnerability
    • Hardcoded secrets, API keys, tokens
    • Dangerous permissions
    • Manifest misconfigurations
    • OWASP Mobile Top 10 mapping

  • Dynamic Analysis (device/emulator required):

    • Root detection bypass (Magisk/Zygisk via Frida)
    • SSL pinning bypass (OkHttp, TrustManager, NetworkSecConfig)
    • Anti-Frida/hook detection testing
    • Device threat checks (USB debug, ADB wireless, emulator)
    • Network threat checks (proxy, VPN, cleartext traffic)

  • Reports:

    • HTML report (dark theme, filterable, collapsible findings)
    • Excel report (like professional pentest reports)
    • JSON export (machine-readable)
    • Rich CLI summary table

Quick Start

# Install
git clone https://github.com/yourusername/APKShield.git
cd APKShield
bash setup.sh

# Verify setup
apkshield check

# Full scan (static + dynamic)
apkshield scan target.apk -a "Your Name" -n "AppName"

# Static only (no device needed)
apkshield static target.apk

# Dynamic only
apkshield dynamic target.apk

# Detection only — skip active exploits
apkshield scan target.apk --skip-exploit

Project Structure---

Disclaimer

For authorized security testing only. Do not use on apps without explicit written permission.

Architecture Note

APKShield is an open-core tool:

  • Public: CLI interface, YAML rules, setup scripts, report templates
  • Proprietary: Scanner implementations, dynamic bypass engine, report generator

The public repository demonstrates the tool's capabilities, structure, and rule system. The core analysis engine is proprietary and not publicly distributed.

For access, collaboration, or licensing enquiries: Muthuselvan Nadar — Cyber Security Analyst GitHub: @SelvaHacker1225

Proof of Work

APKShield has been tested against:

  • InsecureBankv2 — 12 findings (2 Critical, 6 High, 4 Medium)
  • OWASP Coverage — 7/10 Mobile Top 10 categories detected
  • Real production APKs — tested during live mobile VAPT engagements

About

Advanced Android VAPT Framework — Static + Dynamic | By Muthuselvan Nadar

Topics

python static-analysis dynamic-analysis android-security frida security-tools apk-analysis owasp-mobile-top android-pentesting flutter-security penetration-testing-tool mobile-vapt

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v2.0.0 Latest
Apr 28, 2026

Packages

 
 
 

Contributors

Languages