Member-only story
Install
git clone https://github.com/arijitdirghanji/Find-Hardcodedcd Find-Hardcodedbash find-hardcoded.sh InsecureShop.apk
Usage
┌──(zapstiko💀Hacker)-[~/mobile_pentesting]
└─# bash find-hardcoded.sh InsecureShop.apkif you found API key, secret, and token you can check here
key hacks — @streaak (https://github.com/streaak/keyhacks)
!Note!
Some regex can give you huge output like (GitHub,MD5_Hash,Javascript_Variables,Base64,ipv6,LinkFinder,IP_Address)
if you don't want you can comment those line.Prerequisites
- apktool {apt install apktool} @iBotPeaches(https://github.com/iBotPeaches/Apktool)
regex credit
https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json
https://github.com/stevemcilwain/quiver/blob/master/payloads/secrets-content.json
https://github.com/hahwul/dalfox/blob/main/pkg/scanning/grep.go
https://github.com/BitTheByte/Eagle/blob/master/plugins/spider.py
https://github.com/firmianay/Vehicle-Security-Toolkit/blob/main/apk-leaks.py
https://github.com/dwisiswant0/apkleaks/blob/master/config/regexes.json
https://github.com/stevemcilwain/quiver/blob/master/payloads/secrets-content.json
