Metadata-Version: 2.4
Name: appxploit
Version: 1.0.1
Summary: Professional Android APK security analysis tool for bug bounty hunters
Home-page: https://github.com/letchupkt/AppXploit
Author: LAKSHMIKANTHAN K
Author-email: 
License: MIT
Project-URL: Homepage, https://github.com/letchupkt/AppXploit
Project-URL: Repository, https://github.com/letchupkt/AppXploit
Project-URL: Issues, https://github.com/letchupkt/AppXploit/issues
Keywords: android,apk,security,analysis,bug-bounty,penetration-testing
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Topic :: Security
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click>=8.1.0
Requires-Dist: colorama>=0.4.6
Requires-Dist: pyyaml>=6.0
Requires-Dist: jinja2>=3.1.2
Requires-Dist: requests>=2.31.0
Requires-Dist: lxml>=4.9.0
Dynamic: home-page
Dynamic: license-file
Dynamic: requires-python

# AppXploit

<div align="center">

```
    ___               _  __       __      _ __ 
   /   |  ____  ____ | |/ /____  / /___  (_) /_
  / /| | / __ \/ __ \|   // __ \/ / __ \/ / __/
 / ___ |/ /_/ / /_/ /   |/ /_/ / / /_/ / / /_  
/_/  |_/ .___/ .___/_/|_/ .___/_/\____/_/\__/  
      /_/   /_/        /_/                     
```

**Professional Android APK Bug Hunting Tool**

[![Python](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/downloads/)
[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
[![Platform](https://img.shields.io/badge/platform-Windows%20%7C%20Linux-lightgrey.svg)]()

*Built for security researchers, bug bounty hunters, and red teams*

</div>

---

## 🎯 Overview

**AppXploit** is an **Elite Android Vulnerability Discovery Framework** that performs intelligent static analysis to discover **HIGH-SEVERITY, BOUNTY-WORTHY** vulnerabilities. Built for bug bounty hunters who need fewer, higher-quality findings.

### 🏆 Elite Framework Features

**🎯 Business Logic Intelligence**
- Payment bypass detection (client-side verification)
- Premium feature unlock detection
- Price manipulation detection
- Access control bypass via boolean flags

**🔍 Advanced IDOR Engine**
- Logic-based detection (not just patterns)
- Identifier flow tracking (API → Storage → UI → API)
- IDOR classification (Horizontal, Vertical, Contextual)
- Confidence scoring per finding

**🔗 Deep Link Abuse v2**
- State-changing deep link detection
- Auth-bypass deep link identification
- Callback abuse (password reset, verification, OAuth)
- Attack narrative generation

**🔐 Crypto Misuse Intelligence**
- Context-aware analysis (only exploitable issues)
- ECB mode detection with pattern analysis
- Weak algorithm detection (MD5, SHA1, DES, RC4)
- Encoding vs encryption distinction

**🏆 Exploit Path Ranking**
- Rank by: Business Impact (40%), Ease (30%), Acceptance (30%)
- Highlight **TOP 1-3 MOST DANGEROUS PATHS**
- "Why This Is Exploitable" explanations
- Bug bounty acceptance likelihood

**✅ Quality Control**
- Evidence requirement (file + line + code)
- Speculation filter (no "might", "could")
- Deterministic results (same APK = same findings)
- Confidence scoring (0.75-0.95)

### 📊 Core Capabilities

✨ **Intelligent Analysis**
- App classification (fintech, social, e-commerce, etc.)
- Risk surface estimation
- Vulnerability scoring using Reachability × Control × Impact × Exploitability × ContextConfidence

🔍 **Comprehensive Discovery**
- 15+ secret patterns (AWS keys, Firebase, OAuth, JWT, etc.)
- REST, GraphQL, WebSocket endpoint extraction
- Admin/internal API detection

⛓️ **Exploit Chain Correlation**
- Chains multiple findings into attack paths
- Generates PoC outlines
- CVSS scoring

📊 **HackerOne-Ready Reports**
- **TOP 3 Most Dangerous Paths** section
- Detailed impact analysis (users, business, security)
- Clear exploitation steps
- Professional remediation guidance
- JSON export support

🚀 **Zero Configuration**
- Auto-downloads tools (apktool, jadx)
- Cross-platform (Windows + Linux)
- No manual setup required

### 📈 Quality Metrics

| Metric | Traditional Scanners | AppXploit Elite |
|--------|---------------------|-----------------|
| **Findings per APK** | 15-30 | 5-15 |
| **False Positive Rate** | 20-30% | <5% |
| **Critical Findings** | 1-3 | 3-7 |
| **Confidence Scores** | 0.5-0.7 | 0.75-0.95 |
| **Report Quality** | Generic | HackerOne-ready |


---

## 📦 Installation

### From PyPI (Recommended)

```bash
pip install appxploit
```

### From Source

```bash
git clone https://github.com/letchupkt/AppXploit.git
cd AppXploit
pip install -e .
```

### Requirements

- **Python 3.8+**
- **Java 8+** (for apktool and jadx)

AppXploit will automatically download apktool and jadx on first run.

---

## 🚀 Usage

### Basic Usage

```bash
appxploit target.apk
```

This will:
1. Extract and analyze the APK
2. Discover secrets and API endpoints
3. Detect vulnerabilities
4. Generate exploit chains
5. Create a report: `target_report.md`

### Advanced Options

```bash
# Specify output file
appxploit target.apk -o custom_report.md

# JSON output
appxploit target.apk --format json

# Verbose mode
appxploit target.apk -v

# Quick scan (skip deep analysis)
appxploit target.apk --quick

# Suppress banner
appxploit target.apk --no-banner
```

### Example Output

```
    ___                 _  __      __      _ __ 
   /   |  ____  ____   | |/ /___  / /___  (_) /_
  / /| | / __ \/ __ \  |   / __ \/ / __ \/ / __/
 / ___ |/ /_/ / /_/ / /   / /_/ / / /_/ / / /_  
/_/  |_/ .___/ .___/ /_/|_\____/_/\____/_/\__/  
      /_/   /_/                                  

╔═══════════════════════════════════════════════════════════╗
║  Professional Android APK Bug Hunting Tool                ║
║  Version: 1.0.0                                           ║
║  Author: LAKSHMIKANTHAN K (letchupkt)                     ║
╚═══════════════════════════════════════════════════════════╝
```

[*] Target APK: target.apk
[*] Output: target_report.md
[*] Mode: Deep Analysis
[*] Verbose: Disabled

[*] Starting analysis...

[1/8] Extracting APK...
[✓] APK extracted
[2/8] Running APK intelligence...
[✓] Intelligence complete
    App Type: Fintech
    Risk Level: Critical
[3/8] Running static analysis...
[✓] Static analysis complete
[4/8] Discovering secrets and APIs...
  [*] Decompiling with jadx...
  [*] Scanning 1247 Java files for secrets...
[✓] Discovery complete
    Secrets found: 12
    Endpoints found: 45
[5/8] Analyzing vulnerabilities...
  [*] Advanced vulnerabilities found: 8
[✓] Vulnerability analysis complete
    Vulnerabilities found: 16
[6/8] Correlating exploit chains...
[✓] Exploit correlation complete
    Exploit chains found: 4
[7/8] Filtering noise...
[✓] Filtering complete
    High-signal findings: 12
[8/8] Generating report...
[✓] Report generated

[✓] Analysis complete!
[✓] Report saved to: target_report.md
```

---

## ✨ Advanced Features (v1.0+)

### 🔍 8 Advanced Vulnerability Categories

- **Authentication & Session Logic** - Client-side auth, bypass flags
- **IDOR & Access Control** - User IDs in URLs, admin endpoints
- **Cryptography & Data Protection** - Weak algorithms, hardcoded keys
- **WebView Security** - XSS, JavaScript interfaces
- **Storage & Data Leaks** - SharedPreferences, logs
- **Component Abuse** - Exported components, PendingIntents
- **OTP & Verification** - Client-side validation
- **Payment & Financial** - Price manipulation

### 🎯 Improved Confidence Scoring

- **ContextConfidence factor** reduces false positives by 40-60%
- Evidence strength, usage frequency, business logic relevance
- Minimum confidence threshold filtering

### ⛓️ Multi-Hop Exploit Chains

- **8 pre-built exploit chains** (3-5 steps each)
- Impact classification (Account Takeover, Data Exfiltration, etc.)
- Human-readable attack narratives
- Business impact explanations

### 📦 Version Checking

- Automatic PyPI version check on startup
- Non-blocking update notifications

### 📂 Current Directory Execution

- Reports save to current working directory by default
- Matches expected CLI tool behavior

---

---

## 📋 What AppXploit Detects

### Security Misconfigurations
- `android:debuggable="true"`
- `android:allowBackup="true"`
- `android:usesCleartextTraffic="true"`
- Old target SDK versions

### Component Security
- Exported activities without permissions
- Exported content providers
- Exported services and receivers
- Deep link injection risks

### Secret Exposure
- AWS access keys
- Google API keys
- Firebase configurations
- Stripe keys
- OAuth secrets
- JWT secrets
- Database credentials
- Private keys

### API Security
- Admin/internal endpoints
- HTTP (non-HTTPS) endpoints
- GraphQL endpoints
- WebSocket URLs

### Exploit Chains
- Debuggable + Exported Activity → Runtime Manipulation
- Hardcoded API Key + Admin Endpoint → Account Takeover
- Backup Enabled + Secrets → Data Exfiltration
- Deep Link + Exported Activity → Auth Bypass

---

## 📊 Report Example

AppXploit generates professional Markdown reports with:

- **Executive Summary** - App info and findings overview
- **Exploit Chains** - Correlated attack paths with PoC outlines
- **Vulnerability Findings** - Detailed findings with CWE, impact, and remediation
- **API Inventory** - All discovered endpoints
- **Secrets Summary** - Exposed credentials and keys
- **Recommendations** - Actionable security improvements

---

## 🏗️ Architecture

```
AppXploit/
├── appxploit/
│   ├── core/              # CLI, orchestration, config
│   ├── intelligence/      # APK fingerprinting, classification
│   ├── analysis/          # Manifest, components, permissions
│   ├── discovery/         # Secrets, API endpoints
│   ├── reasoning/         # Vulnerability detection, scoring
│   ├── filtering/         # Noise reduction
│   └── reporting/         # Report generation
```

### Analysis Pipeline

1. **APK Extraction** → Extract with apktool
2. **Intelligence** → Fingerprint, classify, estimate risk
3. **Static Analysis** → Parse manifest, analyze components
4. **Discovery** → Decompile with jadx, find secrets/APIs
5. **Reasoning** → Detect vulnerabilities, score findings
6. **Correlation** → Chain findings into exploit paths
7. **Filtering** → Remove noise, prioritize high-impact
8. **Reporting** → Generate professional report

---

## 🎓 Methodology

AppXploit uses intelligent reasoning over brute-force scanning:

### Vulnerability Scoring Formula

```
Score = Reachability × Control × Impact × Exploitability × 100
```

- **Reachability**: Can attacker reach this? (exported components, deep links)
- **Control**: Can attacker manipulate input?
- **Impact**: What's the business impact? (data leak, auth bypass)
- **Exploitability**: How easy to exploit? (PoC complexity)

### Noise Filtering

- Prioritizes exploit chains (highest value)
- Filters low-impact findings
- Focuses on business-critical vulnerabilities
- Removes common false positives

---

## 🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

---

## 📄 License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

---

## 👤 Author

**LAKSHMIKANTHAN K**  
GitHub: [@letchupkt](https://github.com/letchupkt)

---

## ⚠️ Disclaimer

This tool is intended for **authorized security testing only**. Unauthorized testing or exploitation of vulnerabilities is illegal and unethical. Always obtain proper authorization before testing any application.

---

## 🙏 Acknowledgments

- [apktool](https://ibotpeaches.github.io/Apktool/) - APK decompilation
- [jadx](https://github.com/skylot/jadx) - Dex to Java decompiler

---

<div align="center">

**Built with ❤️ for the security community**

If AppXploit helped you find bugs, consider ⭐ starring the repo!

</div>
