apkleaks ☆

« Back to VersTracker

Description:
Scanning APK file for URIs, endpoints & secrets

Type: Formula | Latest Version: 2.6.3@1 | Tracked Since: Dec 17, 2025

Links: Homepage | @dwisiswant0 | formulae.brew.sh

Category: Security

Tags: android security apkanalysis pentesting secrets-detection

Install: brew install apkleaks

About:
APKLeaks is a command-line tool designed to scan Android application packages for exposed URIs, endpoints, and sensitive secrets. It decompiles APK files to analyze source code and manifest files, identifying potential security vulnerabilities and data leaks. This helps developers and security researchers uncover hardcoded credentials, API keys, and other confidential information that could be exploited.

Key Features:

Decompiles APK files using JADX to analyze source code
Scans for exposed URIs, endpoints, and secrets like API keys
Outputs findings in a structured format for easy review
Lightweight and fast scanning process
Open-source and customizable for specific needs

Use Cases:

Security auditing of Android apps to detect hardcoded secrets
Penetration testing to identify exposed endpoints and URIs
Developers checking their own apps for accidental data leaks

Alternatives:

MobSF – MobSF is a comprehensive mobile security framework with static/dynamic analysis, while APKLeaks focuses narrowly on URI/secret scanning for quicker targeted scans
quark-engine – Quark-engine uses behavioral analysis for malware detection, whereas APKLeaks specializes in static analysis for exposed endpoints and secrets

License: Apache-2.0

Dependencies: jadx, python@3.14

Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, sonoma, arm64_linux, x86_64_linux

Version History

Detected	Version	Rev	Change	Commit
Oct 12, 2025 9:05am		0	VERSION_BUMP	5e62b895
Sep 13, 2024 1:26am		0	VERSION_BUMP	2a1cb518