Ticker

6/recent/ticker-posts

Quickly Extract Android Application End-Points Using Apk2URL On Linux


Suppose you come across a suspicious application (APK) and need to identify the servers or endpoints that the application is using to send and receive data. Several ways or application softwares might help you analyze that application, but APK2URL is a free, better, and time-saving tool for you.

You May Also Like to Read: Extract Passwords & Other User Credentials with LaZagne

APK2URL is a specially designed tool used to extract network endpoints, such as URLs and IP addresses, from Android Package (APK) files. This tool is commonly used by cybersecurity professionals, including red teams, penetration testers, and developers, to conduct comprehensive security evaluations and gather information for Android applications.

How does it work

- Extraction of URLs and IP:

This tool examines the contents of an APK file, which is a compressed archive with the whole application.

The tool looks through different files in the APK, like the manifest file, config files, and built-in resources, to find network endpoints.

It spots URLs and IP addresses the app might connect to, including API endpoints outside services, and other network resources.

- Filtering and Output:

After finding the endpoints, apk2url sorts and arranges them.

The sorted endpoints then go into a .txt file giving a neat and simple list of network connections the app uses.

This output helps with more study, security testing, or keeping an eye on things

You May Also Like to Read: Ominis OSINT For Secure Web-Search Like Dorking

How to use APK2URL

It requires apktool and jadx which can be easily installed by using apt package manager on your Linux terminal by following the commands:
sudo apt install apktool -y
sudo apt install jadx -y
git clone https://github.com/n0mi1k/apk2url
cd apk2url && sudo ./install.sh
apk2url /path/to/apk/file.apk
You can also extract endpoints from the bulk APK list by providing their directory path as shown in the command below
apk2url /path/to/apk/file.apk
apk2url /path/to/apk-directory/
By default, there are 2 output files in the "endpoints" directory:

<apkname>_endpoints.txt - Contains endpoints with full URL paths.
<apkname>_uniq.txt - Contains unique endpoint domains and IPs.
apk2url /path/to/apk/file.apk log
I hope this information is helpful for you if you're new in the field of cybersecurity and want to learn more advanced hacking join our Complete Offensive Hacking Program and learn everything directly from me with your time flexibility from home comfort.