apk-redteam-pipeline

Solid

End-to-end Android APK red-team pipeline — automated APK acquisition (Play Store + apkpure + apkmirror fallback), jadx decompilation, secret/URL/JWT/Firebase grep, pinned-cert extraction, exported-component enumeration, Frida runtime instrumentation templates, intent-injection probes. Built from an authorized external red-team engagement where 7 APKs were pulled manually, 4 download attempts truncated, and a hardcoded JWT + 30 internal API endpoints were recovered from one of the apps. Use when target has a mobile app catalogue (Play Store developer page), when you find an APK URL hosted on a web server, or when post-recon mentions "mobile app" in scope.

Data & Documents 1,478 stars 216 forks Updated 5 days ago NOASSERTION

Install

View on GitHub

Quality Score: 86/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

## When to use this skill Trigger when: - Recon surfaces 1+ mobile apps under the target's developer name (Play Store dev page) - A web app hosts `*.apk` files directly (e.g. `Recruitz.apk` found on a subdomain during one engagement) - APK package IDs leaked via stealer logs (e.g. `com.<brand>.app`, `com.<brand>.<sub-brand>` patterns in stealer dump format) - Customer-facing app, dealer/partner portal, or employee mobile companion app is in scope - Bug bounty program lists Android in scope DO NOT use for: - iOS-only targets (different pipeline — IPA reverse, MobSF, frida-ios-dump) - React Native / Flutter web apps already covered by JS bundle analysis - Server-side only assessments --- ## Stage 0 — Inventory all org-owned apps ### Play Store developer-page scrape ```bash # Find developer page from the target's brand name curl -sk -A "Mozilla/5.0" "https://play.google.com/store/apps/developer?id=<Brand+Name>" -o /tmp/dev.html # Extract package IDs grep -oE 'id=[a-zA-Z0-9._]+' /tmp/dev.html | sort -u ``` Example output (anonymized — 7 packages typical for a multi-brand conglomerate): ``` com.events.<brand>build com.<corp>.<sub-brand-1> com.<corp>.<sub-brand-2> com.<corp>.<flagship> com.<corp>.<product-line-1> com.<corp>.<product-line-2> com.<corp>.<sub-brand-3> ``` ### Cross-reference with stealer logs Stealer-log format includes package names like `*@com.<corp>.<app>` — extract these from `creds_userpass.txt` if you have a leaked dump. ### Brand permutation guesses (m...

Details

Author: elementalsouls
Repository: elementalsouls/Claude-BugHunter
Created: 3 weeks ago
Last Updated: 5 days ago
Language: Python
License: NOASSERTION

Integrates with

Anthropic · AI Firebase · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Listed

apex-pipeline

Unified application security testing workflow — combines recon, SAST, DAST, manual hunting, validation, and reporting into a single orchestrated pipeline. Runs as an "app" with automated phase transitions. Supports web apps (React, Next.js, Django, Flask, Laravel, Spring, Rails, Express), mobile APIs, GraphQL, REST, gRPC, and microservices. Phases — Phase 0 (target intake + scope lock), Phase 1 (passive recon + tech fingerprint), Phase 2 (SAST deep scan via semgrep/grep/trufflehog), Phase 3 (DAST active probing — nuclei/ffuf/dalfox), Phase 4 (manual hunt — IDOR/SSRF/XSS/SQLi/auth-bypass/race/business-logic/LLM), Phase 5 (chain building + impact escalation), Phase 6 (7-Question Gate validation), Phase 7 (report generation). Use when starting a full security assessment on any application, when asked to "test this app", "audit this codebase", "find bugs in this project", or when you need an end-to-end security workflow that combines static and dynamic analysis with manual expertise.

1 Updated 1 months ago

mlvpatel

AI & Automation Listed

bounty-mobile

Use when bug-bountying an Android (APK) or iOS (IPA) app. Covers static + dynamic analysis, Frida hooking, certificate pinning bypass, deep link / intent abuse, IPC, secrets in bundles. Triggers on "bounty mobile", "android app", "ios app", "apk analysis", "frida".

6 Updated yesterday

26zl

AI & Automation Solid

analyzing-android-malware-with-apktool

Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.

13,115 Updated today

mukul975

AI & Automation Listed

analyzing-android-malware-with-apktool

6 Updated yesterday

26zl

API & Backend Solid

firebase-apk-scanner

Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.

5,501 Updated 4 days ago

trailofbits