Skip to content
Extract packages from an Android device
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Fixed source headers May 1, 2019
dev Fixed source headers May 1, 2019
img Added picture May 2, 2019
snoopdroid Added ability to load data from packages.json May 2, 2019
.gitignore Initial commit Apr 30, 2019
LICENSE Initial commit Apr 30, 2019
Makefile Updated README May 3, 2019 Added Makefile May 2, 2019


Snoopdroid is a simple utility to automate the process of extracting installed apps from an Android phone using the Android Debug Bridge. Optionally, Snoopdroid is able to lookup the extracted packages on various online services in order to attempt to immediately recognize any known malicious apps.

Installation on Debian GNU/Linux

In order to run Snoopdroid on Debian you will need to install the following dependencies:

apt install python3 python3-pip python3-dev build-essential libssl-dev libffi-dev swig android-sdk-platform-tools

Make sure to generate your adb keys with:

adb keygen ~/.android/adbkey

You can then install Snoopdroid with pip3:

pip3 install rsa
pip3 install snoopdroid

Installation on Mac

Running Snoopdroid on Mac requires Xcode and homebrew to be installed.

In order to install adb and other dependencies use:

brew install openssl swig libusb python3
brew install homebrew/cask/android-platform-tools

Make sure to generate your adb keys:

mkdir $HOME/.android
adb keygen $HOME/.android/adbkey
adb pubkey $HOME/.android/adbkey > $HOME/.android/

You can now install Snoopdroid with pip3:

pip3 install rsa
pip3 install snoopdroid

How to use

In order to use Snoopdroid you need to connect your Android device to your computer. You will then need to enable USB debugging on the Android device.

If this is the first time you connect to this device, you will need to approve the authentication keys through a prompt that will appear on your Android device.

You can now launch Snoopdroid simply with snoopdroid. At each run, Snoopdroid will generate a new acquisition folder containing all the extracted APKs in the current working directory. You can change the base folder using:

snoopdroid --storage /path/to/folder

Optionally, you can decide to enable lookups of the SHA256 hash of all the extracted APKs on VirusTotal and/or Koodous. While these lookups do not provide any conclusive assessment on all of the extracted APKs, they might highlight any known malicious ones.

snoopdroid --virustotal
snoopdroid --koodous

Or, to launch all available lookups:

snoopdroid --all
You can’t perform that action at this time.