Skip to main content

Extract all apks from an Android device and check for malicious apps

Project description

Snoopdroid is a simple utility to automate the process of extracting installed apps from an Android phone using the [Android Debug Bridge](https://developer.android.com/studio/command-line/adb). Optionally, Snoopdroid is able to lookup the extracted packages on various online services in order to attempt to immediately recognize any known malicious apps.

<p align=”center”><img src=”/img/snoopdroid.png?raw=true”/></p>

Installation on Debian GNU/Linux

In order to run Snoopdroid on Debian you will need to install the following dependencies:

` apt install python3 python3-pip python3-dev build-essential libssl-dev libffi-dev swig android-sdk-platform-tools `

Make sure to generate your adb keys with:

` adb keygen ~/.android/adbkey `

You can then install Snoopdroid with pip3:

` pip3 install rsa pip3 install snoopdroid `

Installation on Mac

Running Snoopdroid on Mac requires Xcode and [homebrew](https://brew.sh) to be installed.

In order to install adb and other dependencies use:

` brew install openssl swig libusb python3 brew install homebrew/cask/android-platform-tools `

Make sure to generate your adb keys:

` mkdir $HOME/.android adb keygen $HOME/.android/adbkey adb pubkey $HOME/.android/adbkey > $HOME/.android/adbkey.pub `

You can now install Snoopdroid with pip3:

` pip3 install rsa pip3 install snoopdroid `

How to use

In order to use Snoopdroid you need to connect your Android device to your computer. You will then need to [enable USB debugging](https://developer.android.com/studio/debug/dev-options#enable) on the Android device.

If this is the first time you connect to this device, you will need to approve the authentication keys through a prompt that will appear on your Android device.

You can now launch Snoopdroid simply with snoopdroid. At each run, Snoopdroid will generate a new acquisition folder containing all the extracted APKs in the current working directory. You can change the base folder using:

` snoopdroid --storage /path/to/folder `

Optionally, you can decide to enable lookups of the SHA256 hash of all the extracted APKs on [VirusTotal](https://www.virustotal.com) and/or [Koodous](https://www.koodous.com). While these lookups do not provide any conclusive assessment on all of the extracted APKs, they might highlight any known malicious ones.

` snoopdroid --virustotal snoopdroid --koodous `

Or, to launch all available lookups:

` snoopdroid --all `

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

snoopdroid-2.3.tar.gz (21.0 kB view hashes)

Uploaded Source

Built Distribution

snoopdroid-2.3-py3-none-any.whl (35.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page