apkingo is an APK analysis tool written in Go. It extracts information from Android applications, such as permissions, metadata, certificate details, and integrates with VirusTotal and Koodous for malware detection.
- General Info: Package name, version, main activity, SDK versions
- Hashes: MD5, SHA1, SHA256
- Permissions: Complete list of requested permissions
- Metadata: Application metadata
- Certificate: Serial, thumbprint, validity, issuer, subject
- XAPK/APKS Support: Automatically detects and extracts APKs from Android App Bundle archives
- Directory Analysis: Batch analyze multiple APKs in a directory with the
-dirflag
- Play Store Integration: Scrapes application info from Google Play Store
- VirusTotal Analysis (requires VirusTotal API key):
- Malware detection stats with highlighted red flags
- Popular threat classification (e.g., "trojan.pegasus/chrysaor")
- File reputation score
- Community detection (Sigma, YARA, IDS)
- File tags and characteristics
- VirusTotal Androguard (automatic with VirusTotal API key):
- Complete APK structure analysis
- Activities, Services, Providers, Receivers
- Libraries and SDK versions
- Dangerous permissions highlighted in red
- Koodous Integration (requires Koodous API key):
- Malware detection status
- Community rating and trust score
- Positive/Negative votes
- Repository information when available
- Enhanced Terminal Output: Colored results with bold red warnings for malware indicators
- JSON Export: Pretty-printed analysis export including all VirusTotal/Koodous data
Download the pre-compiled binary for your system from the Releases page.
go install github.com/andpalmier/apkingo/cmd/apkingo@latestbrew tap andpalmier/tap
brew install apkingoYou can run apkingo directly using Docker without installing Go or downloading binaries.
# Analyze an APK (mount the directory containing the APK)
docker run --rm -v $(pwd):/mnt ghcr.io/andpalmier/apkingo -apk /mnt/target.apk
# Analyze an XAPK file
docker run --rm -v $(pwd):/mnt ghcr.io/andpalmier/apkingo -apk /mnt/app.xapk
# Analyze all APKs in a directory
docker run --rm -v $(pwd):/mnt ghcr.io/andpalmier/apkingo -dir /mnt
# Analyze and export JSON report
docker run --rm -v $(pwd):/mnt ghcr.io/andpalmier/apkingo -apk /mnt/target.apk -json /mnt/report.json# Analyze a single APK
apkingo -apk <path_to_apk>
# Analyze an XAPK/APKS file
apkingo -apk <path_to_xapk>
# Analyze all APKs in a directory
apkingo -dir <path_to_directory>
# Analyze with API keys and export JSON
apkingo -apk <path_to_apk> -vtapi <VT_KEY> -kapi <KOODOUS_KEY> -json report.jsonFor enhanced analysis, you can provide API keys for VirusTotal and Koodous either via command-line flags or environment variables:
Environment Variables (Recommended):
export VT_API_KEY="your_virustotal_api_key"
export KOODOUS_API_KEY="your_koodous_api_key"
apkingo -apk <path_to_apk>Command-Line Flags:
apkingo -apk <path_to_apk> -vtapi <YOUR_VT_KEY> -kapi <YOUR_KOODOUS_KEY>| Flag | Description |
|---|---|
-apk |
Path to APK or XAPK file to analyze (required) |
-dir |
Analyze all APKs in a directory |
-json |
Path to export analysis in JSON format |
-country |
Country code of the Play Store (default: "us") |
-vtapi |
VirusTotal API key (can also use VT_API_KEY env var) |
-kapi |
Koodous API key (can also use KOODOUS_API_KEY env var) |
-vtupload |
Upload the APK to VirusTotal after analysis (interactive prompt) |
apkingo -apk <path_to_apk>apkingo analyzing an Android malware:
- shogo82148/androidbinary: GitHub repo and Go reference
- avast/apkverifier: GitHub repo and Go reference
- fatih/color: GitHub repo and Go reference
- n0madic/google-play-scraper: GitHub repo and Go reference
- parnurzeal/gorequest: GitHub repo and Go reference
- VirusTotal/vt-go: GitHub repo and Go reference
- VirusTotal API documentation
- Koodous API documentation