Aparoid is a framework for analyzing Android applications. It provides a set of automated techniques for detecting vulnerabilities and other dangers in mobile apps. It uses the Flask framework and has a web interface for uploading APK files and exploring the contents/results.

The following features are included in the current version:

  1. JADX decompilation of APK files
  2. Dashboard-based vulnerability detection system (customizable rules)
  3. Risk analysis for binary files
  4. Frameworks like React Native, Flutter, and Xamarin have custom features
  5. Security checks for Android manifests
  6. All rooted Android devices (physical, emulated, and cloud-based) are analyzed dynamically
  7. We support Frida scripts to bypass root detection, SSL pinning, and debugger detection (custom scripts are also supported)
  8. Root CA certificate installation automatically (also supports Burp Suite)
  9. Real-time HTTP(S) traffic viewer and interception proxy using Kafka
  10. Browser for real-time data stored in applications

Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose.

Download Link: https://github.com/stefan2200/aparoid