Difference between revisions of "OWASP APK DISSECTOR"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 
+
OWASP APK Dissector is an automated tool to perform static security analysis of Mobile Application. The tool is uses useful opensource application and tries to automate the process of security analysis. Right now it can perform automation on APK files only and there is a plan to enrich its features.
  
 
== OWASP Apk Dissector  ==
 
== OWASP Apk Dissector  ==
 
+
 
# OWASP Apk Dissector 
+
[[File:Gitpic.png]](https://sourceforge.net/projects/apkdissector/files/latest/download)
[![Download APK Dissector](https://a.fsdn.com/con/app/sf-download-button)](https://sourceforge.net/projects/apkdissector/files/latest/download)
 
 
 
## Java Based APK Decompiler
 
  
 
Basic useful feature list:
 
Basic useful feature list:
Line 21: Line 18:
 
  * Decompile the DEX files to JAVA source files (.dex to .java) [ New feature in v2.0 ]
 
  * Decompile the DEX files to JAVA source files (.dex to .java) [ New feature in v2.0 ]
 
   
 
   
## How to use this application ?
+
How to use this application ?
1.From source  
+
* By building from git source  
2.Executable Jar
+
* - You can clone/download the source and import in Eclipse and then run the ApkDissector.java file
 +
* Or available Executable Jar
 +
* -  Download and extract the zip file containing the executable Jar file from https://sourceforge.net/projects/apkdissector/
 +
You can clone/download the source and import in Eclipse and then run the ApkDissector.java file
  
1.You can clone/download the source and import in Eclipse and then run the ApkDissector.java file
+
Usage
 
 
 
 
2. Download and extract the zip file containing the executable Jar file from https://sourceforge.net/projects/apkdissector/
 
  
 
Double click and open the jar file  
 
Double click and open the jar file  
Line 36: Line 33:
 
  * Decompile APK/DEX - Decompile and extracts the contents on the APK file.
 
  * Decompile APK/DEX - Decompile and extracts the contents on the APK file.
 
   
 
   
## How to decompile an APK file ?
+
How to decompile an APK file ?
  
 
Once you click decompile it will create a folder called extract and inside that you will find a folder having same name as the file where you will get all the extracted contents of the apk
 
Once you click decompile it will create a folder called extract and inside that you will find a folder having same name as the file where you will get all the extracted contents of the apk
Line 44: Line 41:
 
  * All the extracted files will be with in extracts directory within the folder name <apkfileName>.apk
 
  * All the extracted files will be with in extracts directory within the folder name <apkfileName>.apk
  
## How to decompile the DEX file ?
+
How to decompile the DEX file ?
 
  * Select APK/DEX - Click this button to browse and select the DEX file which will be located inside the extracts/<apkfileName>.apk directory
 
  * Select APK/DEX - Click this button to browse and select the DEX file which will be located inside the extracts/<apkfileName>.apk directory
 
  * Decompile APK/DEX - Click this button to  decompile and extracts the contents on the DEX file.
 
  * Decompile APK/DEX - Click this button to  decompile and extracts the contents on the DEX file.
 
  * All the extracted files will be under extracts within <apkFilename.apk>\DEX_extracts
 
  * All the extracted files will be under extracts within <apkFilename.apk>\DEX_extracts
 
 
 
 
## How to use this project ?
 
 
If your are trying to fork or extented the project here are some information regarding this project.
 
 
Run the AppDissector to see the output !
 
 
And here's some code! :+1:
 
 
```java
 
System.out.println("More features will be added soon");
 
```
 
==Description==
 
The file will be available in form of apk file which runs on android device . This file can be downloaded from the github / owasp site / Google's app store .
 
 
==Licensing==
 
  
  

Revision as of 21:59, 4 April 2017

OWASP Project Header.jpg

OWASP APK Dissector is an automated tool to perform static security analysis of Mobile Application. The tool is uses useful opensource application and tries to automate the process of security analysis. Right now it can perform automation on APK files only and there is a plan to enrich its features.

OWASP Apk Dissector

Gitpic.png(https://sourceforge.net/projects/apkdissector/files/latest/download)

Basic useful feature list:

* Purely Java Based
* Analyze the contents of the APK file
* Decompile and extract the contents of the APK file
* Decompile the DEX files to JAVA source files (.dex to .java) [ New feature in v2.0 ]

How to use this application ?

* By building from git source 
* - You can clone/download the source and import in Eclipse and then run the ApkDissector.java file
* Or available Executable Jar
* -  Download and extract the zip file containing the executable Jar file from https://sourceforge.net/projects/apkdissector/

You can clone/download the source and import in Eclipse and then run the ApkDissector.java file

Usage

Double click and open the jar file

* Select APK/DEX - Browse Selects the APK/DEX file.
* Analyze - Find information about the contents inside the apk file.
* Decompile APK/DEX - Decompile and extracts the contents on the APK file.

How to decompile an APK file ?

Once you click decompile it will create a folder called extract and inside that you will find a folder having same name as the file where you will get all the extracted contents of the apk

* Select APK/DEX - Click this button to browse and select the APK file.
* Decompile APK/DEX - Click this button to  decompile and extracts the contents on the APK file.
* All the extracted files will be with in extracts directory within the folder name <apkfileName>.apk

How to decompile the DEX file ?

* Select APK/DEX - Click this button to browse and select the DEX file which will be located inside the extracts/<apkfileName>.apk directory
* Decompile APK/DEX - Click this button to  decompile and extracts the contents on the DEX file.
* All the extracted files will be under extracts within <apkFilename.apk>\DEX_extracts


This program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Project Resources

Github[1]

Project Leader

Dibyendu Sikdar

Related Projects

OWASP_JSEC_CVE_Details

Classifications

Project Type Files TOOL.jpg
Incubator Project Owasp-breakers-small.png
Owasp-defenders-small.png
Affero General Public License 3.0

News

How can I participate in your project?

All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?

Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. See the Road Map and Getting Involved tab for more details.

Contributors

The first contributors to the project were:


Roadmap

Currently all owasp tools are running on pc . The world is moving towards handheld systems . There isn't any mobile based tool from owasp to do web app pen testing from handheld systems . This app is going to be OWASP first ever mobile app to test web app security. Apart from this this tool will be developed in such a way that it can be customized in an easy way .User supplied vectors can be added easily . It will have encoders,decoders and they can be integrated with different modules easily example (Url encoding with XSS Module). In short this app will have the combined features of modern day scanners with an added mobility & easy customization feature . The application will be opensource . So others can fork and extend and contribute easily .

Getting Involved

Some of the ways you can help are as follows:

Coding

Localization

Testing

Feedback

The scanner has various module . Each module is independent of other . The project will be extended by adding more modules to it.