APKXHunter is an Android Static Analysis Framework written entirely in C, purpose-built for Android security assessments, reverse engineering, bug bounty hunting, malware analysis, and penetration testing.
It combines multiple static analysis techniques — decompilation, secret detection, endpoint discovery, permission analysis, and native library detection — to uncover sensitive information inside Android applications, while producing clean, organized reports for security researchers.
APKXHunter also integrates a lightweight Machine Learning-based Secret Classification Engine, written entirely in C, which automatically classifies detected secrets by confidence and severity, helping researchers prioritize findings instead of manually reviewing every result.
- 🔗 GitHub: https://github.com/SyscallX-18113/Apkx-Hunter
- 👤 Developed by: SyscallX-18113
- 🏷️ Version: v2.0.0

🛡️ OWASP MASVS Scanning Support
Apkx-Hunter now includes OWASP MASVS security scanning with 15 categories and 166 detection patterns:
| # | Category | Patterns |
|---|---|---|
| 1 | Weak Cryptography | 28 |
| 2 | Certificate Pinning | 13 |
| 3 | Root Detection | 20 |
| 4 | Anti Debugging | 9 |
| 5 | Anti Tamper | 3 |
| 6 | SharedPreferences | 8 |
| 7 | SQLite | 9 |
| 8 | External Storage | 11 |
| 9 | Dynamic Code Loading | 10 |
| 10 | Reflection | 9 |
| 11 | Runtime Command Execution | 9 |
| 12 | WebView Security | 13 |
| 13 | Network Security | 10 |
| 14 | SSL Validation | 10 |
| 15 | Native Library Loading | 9 |
| TOTAL | 166 |
OWASP Validation
APKXHunter has been tested against the OWASP UnCrackable Level 4 application. The scan successfully identified multiple security findings, demonstrating the effectiveness of its OWASP MASVS scanning engine and Android static analysis capabilities.

✨ Features
- 🛡️ OWASP MASVS Support — Apkx-Hunter now includes comprehensive OWASP MASVS security scanning with 14+ categories and 160+ detection patterns:
- 🔍 JADX Decompilation — Fast and deep decompilation modes
- 🛠️ APKTool Decompilation — Full APKTool-based decompilation and scanning
- 📦 Archive Extraction — Support for APK, AAB, APKM, APKS, XAPK, and ZIP formats
- 📁 Decompiled Folder Scanning — Scan any already-decompiled JADX source directory
- 📁 APKTool Folder Scanning — Scan any already-decompiled APKTool directory
- 🔑 Secret Detection — Discover API keys, tokens, passwords, and embedded secrets
- 🌐 Endpoint Discovery — Identify URLs, endpoints, and security-relevant patterns
- 🔐 Android Permission Analysis — Analyze permissions and exported activities
- 📚 Native (.so) Library Detection — Detect native libraries bundled in the app
- 🗂️ File Inventory Generation — Generate a complete file inventory report
- 🤖 Machine Learning-based Secret Classification (Highlighted Feature) — ML-assisted confidence scoring for detected secrets to accelerate triage and reducing false positive in secrets finding
Machine Learning Model
APKXHunter uses an offline machine learning classifier. model.bin contains only trained numerical weights used to calculate the confidence score of detected secrets.
It is NOT executable.
It contains no code.
It is loaded as binary data only.
- 📡 Offline ML Inference — All model inference runs locally, with no cloud APIs or internet connection required
- 📊 Confidence Probability Scoring — Each detected secret receives a confidence probability from the trained model
Project Statistics
- Language: C
- Codebase: 3,800+ lines
- Architecture: Modular
- Platform: Linux
Platform Support
- ✅ Linux (Supported)
- ❌ Windows (Not Supported)
- ❌ macOS (Not Supported)
Performance
The following results are based on testing performed during development.
| Metric | Tested Value |
|---|---|
| Operating System | Kali Linux |
| RAM Used for Testing | 8 GB |
| CPU | Intel Core i3-2120 |
| Largest APK Successfully Decompiled or Scanned | 85 MB |
| Average Decompilation Time | ~50 - 60 seconds |
System Requirements
Minimum:
- Linux
- 4 GB RAM
- JADX
- APKTool
- unzip
Recommended:
- Linux
- 8 GB RAM or higher
- Quad-core CPU
- SSD storage
⚙️ Installation
APKXHunter ships with an automated installer that checks for and installs only the dependencies that are missing on your system.
git https://github.com/SyscallX-18113/Apkx-Hunter.git
cd Apkx-Hunter
cd Apkx-Hunter
chmod +x install.sh
./install.sh
install.sh automatically checks for and installs required dependencies — it will not reinstall anything already present on your system.
🚀 Usage
USAGE
./apkxhunter <package/folder> [options] [options]
General Options
| Flag | Description |
|---|---|
-h |
Show help message. |
🎯 Scan Modes
Scanning Modes for JADX
| Flag | Description |
|---|---|
--fast |
Perform a fast jadx decompilation and scan extracted folder. |
--deep |
Perform a complete deep jadx decompilation and scan extracted folder. |
Note: Use these flags only after giving apk file name
Examples:
./apkxhunter app.apk --fast
./apkxhunter app.apk --deep
Scanning Modes for APKTool
| Flag | Description |
|---|---|
--apktool |
Perform a apktool decompilation and scan extracted folder. |
Note: Use these flags only after giving apkfile name
Examples:
./apkxhunter app.apk --apktool
📁 Folder Scan
| Flag | Description |
|---|---|
--folder-scan |
Scan an already decompiled JADX source directory or any directory |
--apktool-folder-scan |
Scan an already decompiled Apktool directory — use this flag only for scanning decompiled apk folder which is decompiled by APKTOOL. |
Note: Use these flags only after folder_name for scan
Examples:
./apkxhunter <folder_name> --folder-scan
./apkxhunter <folder_name_decompiled_by_apktool> --apktool-folder-scan
./apkxhunter <folder_name> --folder-scan --secrets
./apkxhunter <folder_name> --folder-scan --masvs
./apkxhunter <folder_name> --folder-scan --permissions
./apkxhunter <folder_name_decompiled_by_apktool> --apktool-folder-scan --secrets
./apkxhunter <folder_name_decompiled_by_apktool> --apktool-folder-scan --files
🧩 Individual Scanners
| Flag | Description |
|---|---|
--secrets |
Scan for API keys, tokens, passwords, and other embedded secrets. |
--permissions |
Analyze Android permissions or exported activity. |
--endpoints |
Discover URLs, endpoints, and patterns. |
--files |
Generate a file inventory report with .so name files extraction. |
--masvs |
OWASP MASVS Scan. |
Note: Use these flags only after scanning modes flags or folder analysis flags
Examples:
./apkxhunter app.apk --deep --secrets
./apkxhunter app.apk --deep --permissions
./apkxhunter app.apk --deep --endpoints
./apkxhunter app.apk --deep --masvs
./apkxhunter <folder_name> --folder-scan --secrets
./apkxhunter <folder_name> --folder-scan --permissions
./apkxhunter <folder_name_decompiled_by_apktool> --apktool-folder-scan --endpoints
./apkxhunter app.apk --deep --files
📄 Decompilation Only
| Flag | Description |
|---|---|
--decompile |
Decompile APK using JADX or APKTOOL — doesn't run folder scan after decompilation |
Note: Use these flags only after scanning modes flags
Examples:
./apkxhunter app.apk --deep --decompile
./apkxhunter app.apk --fast --decompile
./apkxhunter app.apk --apktool --decompile
📦 Archive Extraction
| Flag | Description |
|---|---|
--extract |
Extract supported Android packages before analysis and save extracted apk to folder extracted_output_<apk_name>. |
Supported Formats: APK, AAB, APKM, APKS, XAPK, ZIP
Example:
./apkxhunter app.apkm --extract
🤖 ML Secret Classification
APKXHunter integrates a lightweight Machine Learning-based Secret Classification Engine, written entirely in C, as part of its secret detection workflow. This is a statistical Machine Learning model — not a Large Language Model, ChatGPT, Generative AI, or Deep Learning system.
- Secrets detected by APKXHunter are analyzed by the integrated Machine Learning classification engine.
- The model estimates the probability that a detected secret is valid or security-sensitive.
- Findings are prioritized using confidence-based severity scoring.
- The ML engine assists researchers in triaging findings faster.
- The ML engine is designed to assist human analysis rather than replace manual verification.
⚙️ How It Works
- Detect potential secret.
- Extract statistical features (entropy, character distribution, length, uppercase/lowercase ratios, digits, symbols, and other statistical token characteristics).
- Load trained model (
model.bin). - Perform ML inference.
- Produce a confidence probability.
- Present results to the user for manual verification.
🔒 Security Note
All Machine Learning inference is performed locally on the trained model.bin file. APKXHunter does not transmit scanned data, detected secrets, or any other analysis output externally — no cloud APIs are used, and no internet connection is required for ML inference.
🗃️ Output Directories
JADX Analysis
Jadx_output_<apk_name>/
Findings Reports:
Result_Jadx_output_<apk_name>/
|- secrets_findings.txt -> Embedded API keys, tokens, secrets
|- permissions.txt -> Android permission analysis
|- pattern_findings.txt -> URLs, endpoints and security patterns
|- files.txt -> File inventory report
|- native_library_files.txt -> Detected native (.so) libraries
|- masvs_findings.txt -> OWASP MASVS Scann Result
Folder Scan Result
Findings Reports:
Folder-scan_Result_<folder_name>/
|- secrets_findings.txt
|- permissions.txt
|- pattern_findings.txt
|- files.txt
|- native_library_files.txt
|- masvs_findings.txt
APKTool Analysis
Apktool_output_<apk_name>/
Findings Reports:
Apktool_Result_<apk_name>/
|- secrets_findings.txt
|- permissions.txt
|- endpoint_findings.txt
|- files.txt
|- native_library_files.txt
|- masvs_findings.txt
APKTOOL Folder Scan Result
Findings Reports:
Apktool-folder-scan_Result_<folder_name>/
|- secrets_findings.txt
|- permissions.txt
|- endpoint_findings.txt
|- files.txt
|- native_library_files.txt
|- masvs_findings.txt
Archive Extraction
extracted_output_<package_name>/
|- Extracted APK files
📑 Report Files
| File | Description |
|---|---|
secrets_findings.txt |
Embedded API keys, tokens, secrets |
permissions.txt |
Android permission analysis |
pattern_findings.txt |
URLs, endpoints and security patterns (JADX / Folder Scan output) |
endpoint_findings.txt |
URLs, endpoints and security patterns (APKTool output) |
files.txt |
File inventory report |
native_library_files.txt |
Detected native (.so) libraries |
masvs_findings.txt |
OWASP MASVS Scann Result |
📦 Supported Formats
APK, AAB, APKM, APKS, XAPK, ZIP
📋 Requirements
APKXHunter depends on the following external tools:
- JADX
- APKTool
- unzip
install.sh automatically checks for these dependencies and installs only the ones that are missing — existing installations are left untouched.
💡 Example Commands
./apkxhunter app.apk --fast
./apkxhunter app.apk --deep
./apkxhunter app.apk --apktool
./apkxhunter <folder_name> --folder-scan
./apkxhunter <folder_name_decompiled_by_apktool> --apktool-folder-scan
./apkxhunter <folder_name> --folder-scan --secrets
./apkxhunter <folder_name> --folder-scan --permissions
./apkxhunter <folder_name_decompiled_by_apktool> --apktool-folder-scan --secrets
./apkxhunter <folder_name_decompiled_by_apktool> --apktool-folder-scan --files
./apkxhunter app.apk --deep --secrets
./apkxhunter app.apk --deep --permissions
./apkxhunter app.apk --deep --endpoints
./apkxhunter <folder_name_decompiled_by_apktool> --apktool-folder-scan --endpoints
./apkxhunter app.apk --deep --files
./apkxhunter app.apk --deep --masvs
./apkxhunter app.apk --deep --decompile
./apkxhunter app.apk --fast --decompile
./apkxhunter app.apk --apktool --decompile
./apkxhunter app.apkm --extract
🚀 Next Update
The following features are planned for the next major release:
Advanced CLI with flexible command parsing. Automatic update checking from GitHub. One-click self-update (--update). Dependency compatibility verification for JADX and APKTool. Improved error handling and stability.
📬 Feedback & Support
APKXHunter is an actively maintained open-source project.
If you:
- 🐞 Found a bug
- 💡 Have a feature request
- ⚙️ Want to suggest improvements
- 🔒 Found a security issue
- 📝 Have documentation suggestions
Please open a GitHub Issue or contact me directly:
Your feedback helps improve APKXHunter for everyone.
⚠️ Disclaimer
APKXHunter is intended strictly for:
- Educational purposes
- Authorized penetration testing
- Defensive security research
Users are solely responsible for ensuring they have proper authorization before analyzing any application. Unauthorized use of this tool against applications or systems you do not own or have explicit permission to test may be illegal.
Comments