Skip to main content

Extract all apks from an Android device and check for malicious apps

Project description

Snoopdroid is a simple utility to automate the process of extracting installed apps from an Android phone using the [Android Debug Bridge](https://developer.android.com/studio/command-line/adb). Optionally, Snoopdroid is able to lookup the extracted packages on various online services in order to attempt to immediately recognize any known malicious apps.

Installation on Debian GNU/Linux

In order to run Snoopdroid on Debian you will need to install the following dependencies:

` apt install python3 python3-pip python3-dev build-essential libssl-dev libffi-dev swig android-sdk-platform-tools `

Make sure to generate your Android keys with:

` adb keygen ~/.android/adbkey `

You can then install Snoopdroid with pip3:

` pip3 install rsa pip3 install snoopdroid `

Installation on Mac

Running Snoopdroid on Mac requires Xcode and [homebrew](https://brew.sh) to be installed.

In order to install adb and other dependencies use:

` brew install openssl swig libusb brew install homebrew/cask/android-platform-tools `

Make sure to generate your Android private key with:

` mkdir $HOME/.android adb keygen $HOME/.android/adbkey adb pubkey $HOME/.android/adbkey > $HOME/.android/adbkey.pub `

You can now install Snoopdroid with pip3:

` pip3 install rsa pip3 install snoopdroid `

How to use

In order to use Snoopdroid you need to connect your Android device to your computer. You will then need to [enable USB debugging](https://developer.android.com/studio/debug/dev-options#enable) on the Android device.

If this is the first time you connect to this device, you will need to approve the authentication keys through a prompt that will appear on your Android device.

You can now launch Snoopdroid simply with snoopdroid. At each run, Snoopdroid will generate a new acquisition folder containing all the extracted APKs in the current working directory. You can change the base folder using:

` snoopdroid --storage /path/to/folder `

Optionally, you can decide to enable lookups of the SHA256 hash of all the extracted APKs on [VirusTotal](https://www.virustotal.com) and/or [Koodous](https://www.koodous.com). While these lookups do not provide any conclusive assessment on all of the extracted APKs, they might highlight any known malicious ones.

` snoopdroid --virustotal snoopdroid --koodous `

Or, to launch all available lookups:

` snoopdroid --all `

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
snoopdroid-2.0-py3-none-any.whl (23.5 kB) Copy SHA256 hash SHA256 Wheel py3
snoopdroid-2.0.tar.gz (7.9 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page