Thanks to visit codestin.com
Credit goes to github.com

Skip to content

azeem7012/android-apk-malware-sandbox

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
mobsf_scanner.py
mobsf_scanner.py
 
 
report_generator.py
report_generator.py
 
 

Repository files navigation

🛡️ Android APK Malware Analysis Sandbox

An end-to-end automated mobile security assessment pipeline that analyzes Android APK files for vulnerabilities, maps findings to OWASP Mobile Top 10, checks threat intelligence via VirusTotal, and auto-generates professional PDF pentest reports.

🔍 What It Does

  • Upload any APK via a Flask web dashboard
  • Automated static analysis via MobSF REST API
  • Detects dangerous permissions, hardcoded secrets, and insecure endpoints
  • Maps every finding to OWASP Mobile Top 10 category with severity rating
  • Checks APK hash against VirusTotal (76+ antivirus engines)
  • Auto-generates a professional PDF pentest report
  • Scan history with one-click PDF download

🧪 Sample Results

App Security Score Critical High VT Result
DIVA 36/100 1 2 0/76 — Clean
InsecureBankv2 28/100 11 2 20 detections

🛠️ Tech Stack

Tool Purpose
MobSF (Docker) Static APK analysis via REST API
Python + Requests API calls, JSON parsing, enrichment
Flask Web dashboard — upload, history, download
WeasyPrint HTML to PDF report generation
VirusTotal API Hash-based threat intelligence
OWASP Mobile Top 10 Vulnerability categorization framework
Docker Containerized MobSF deployment
Kali Linux Testing environment

⚙️ Setup & Usage

Prerequisites

  • Kali Linux / Ubuntu
  • Docker installed
  • Python 3.x
  • VirusTotal API key (free at virustotal.com)

Step 1 — Start MobSF

docker run -it --rm \
  -p 8000:8000 \
  -p 1337:1337 \
  opensecurity/mobile-security-framework-mobsf:latest

Step 2 — Install dependencies

pip install flask requests python-dotenv weasyprint

Step 3 — Configure API keys

Open app.py and mobsf_scanner.py and set:

API_KEY    = "your_mobsf_api_key"   # from localhost:8000/api_docs
VT_API_KEY = "your_virustotal_key"  # from virustotal.com

Step 4 — Run the dashboard

python3 app.py

Open browser at http://localhost:5000, upload any APK and click Scan APK.

CLI Usage (without dashboard)

python3 mobsf_scanner.py /path/to/app.apk

📁 Project Structure

android-apk-malware-sandbox/ ├── app.py # Flask web dashboard ├── mobsf_scanner.py # CLI scanner + MobSF API pipeline ├── report_generator.py # PDF report generator └── .gitignore

📊 OWASP Mobile Top 10 Mapping

Finding Type OWASP Category Severity
WRITE/READ_EXTERNAL_STORAGE M2 - Insecure Data Storage High
SEND_SMS, READ_CALL_LOG M6 - Insecure Authorization Critical
Hardcoded secrets/keys M9 - Reverse Engineering Critical
HTTP endpoints M3 - Insecure Communication High

👤 Author

Azeem Abdulla
SOC Analyst L1 | Cybersecurity Fresher | Offensive & Defensive Security
📧 [email protected]
🔗 LinkedIn
🐙 GitHub

⚠️ Disclaimer

This tool is built for educational purposes and authorized security testing only. Always obtain proper authorization before scanning any application.

About

Automated Android APK malware analysis pipeline — MobSF, OWASP Mobile Top 10, VirusTotal, Flask dashboard, PDF report generation

Topics

android python flask owasp cybersecurity penetration-testing mobsf mobile-security kali-linux virustotal apk-analysis

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages