apk2url: quickly extract IP and URL endpoints from APKs


apk2url easily extracts URL and IP endpoints from an APK file to a .txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints associated with an application.

NOTE: Why use apk2url? When compared with APKleaks, MobSF, and AppInfoScanner, apk2url identifies a significantly higher number of endpoints.

Inspired by diggy, apk2url is rewritten and upgraded with IP support, stronger regex, auto filtering, and Jadx decompilation.

Running apk2url

git clone https://github.com/n0mi1k/apk2url

./apk2url.sh /path/to/apk/file.apk

You can also install it directly for easy access by running ./install.sh.
After that, you can run apk2url anywhere:

apk2url /path/to/apk/file.apk

By default, there are 2 output files in the “endpoints” directory:

  • <apkname>_endpoints.txt – Contains endpoints with full URL paths
  • <apkname>_uniqurls.txt – Contains unique endpoint domains and IPs

By default, the program does not log the APK file path where endpoints are discovered.
To enable logging, run as follows:

apk2url /path/to/apk/file.apk log

Copyright (c) 2023 n0mi1k

Source: https://github.com/n0mi1k/