Extract all apks from an Android device and check for malicious apps
Project description
Snoopdroid is a simple utility to automate the process of extracting installed apps from an Android phone using the [Android Debug Bridge](https://developer.android.com/studio/command-line/adb). Optionally, Snoopdroid is able to lookup the extracted packages on various online services in order to attempt to immediately recognize any known malicious apps.
Installation on Debian GNU/Linux
In order to run Snoopdroid on Debian you will need to install the following dependencies:
apt install python3 python3-pip python3-dev build-essential libssl-dev libffi-dev swig android-sdk-platform-tools
Make sure to generate your Android keys with:
adb keygen ~/.android/adbkey
You can then install Snoopdroid with pip3:
pip3 install rsa pip3 install snoopdroid
Installation on Mac
Running Snoopdroid on Mac requires Xcode and [homebrew](https://brew.sh) to be installed.
In order to install adb and other dependencies use:
brew install openssl swig libusb brew install homebrew/cask/android-platform-tools
Make sure to generate your Android private key with:
mkdir $HOME/.android adb keygen $HOME/.android/adbkey adb pubkey $HOME/.android/adbkey > $HOME/.android/adbkey.pub
You can now install Snoopdroid with pip3:
pip3 install rsa pip3 install snoopdroid
How to use
In order to use Snoopdroid you need to connect your Android device to your computer. You will then need to [enable USB debugging](https://developer.android.com/studio/debug/dev-options#enable) on the Android device.
If this is the first time you connect to this device, you will need to approve the authentication keys through a prompt that will appear on your Android device.
You can now launch Snoopdroid simply with snoopdroid. At each run, Snoopdroid will generate a new acquisition folder containing all the extracted APKs in the current working directory. You can change the base folder using:
snoopdroid –storage /path/to/folder
Optionally, you can decide to enable lookups of the SHA256 hash of all the extracted APKs on [VirusTotal](https://www.virustotal.com) and/or [Koodous](https://www.koodous.com). While these lookups do not provide any conclusive assessment on all of the extracted APKs, they might highlight any known malicious ones.
snoopdroid –virustotal snoopdroid –koodous
Or, to launch all available lookups:
snoopdroid –all
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
