Aparoid is a framework for analyzing Android applications. It provides a set of automated techniques for detecting vulnerabilities and other dangers in mobile apps. It uses the Flask framework and has a web interface for uploading APK files and exploring the contents/results.
The following features are included in the current version:
- JADX decompilation of APK files
- Dashboard-based vulnerability detection system (customizable rules)
- Risk analysis for binary files
- Frameworks like React Native, Flutter, and Xamarin have custom features
- Security checks for Android manifests
- All rooted Android devices (physical, emulated, and cloud-based) are analyzed dynamically
- We support Frida scripts to bypass root detection, SSL pinning, and debugger detection (custom scripts are also supported)
- Root CA certificate installation automatically (also supports Burp Suite)
- Real-time HTTP(S) traffic viewer and interception proxy using Kafka
- Browser for real-time data stored in applications
Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose.
Download Link: https://github.com/stefan2200/aparoid