[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81052":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":13,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":17,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":15,"starSnapshotCount":15,"syncStatus":13,"lastSyncTime":35,"discoverSource":36},81052,"apkshield-pt","Whitehat987\u002Fapkshield-pt","Whitehat987","Android Penetration Testing Tool — Auto Root Detection & SSL Pinning Bypass with Frida Script Generation","",null,"Python",31,2,28,0,1,3,1.43,"MIT License",false,"main",true,[24,25,26,27,28,29,30,31],"android","frida","frida-scripts","mobile-security","penetration-testing","reverse-engineering","ssl","ssl-pinning","2026-06-12 02:04:10","\u003Cdiv align=\"center\">\n\n```\n █████╗ ██████╗ ██╗ ██╗███████╗██╗ ██╗██╗███████╗██╗ ██████╗\n ██╔══██╗██╔══██╗██║ ██╔╝██╔════╝██║ ██║██║██╔════╝██║ ██╔══██╗\n ███████║██████╔╝█████╔╝ ███████╗███████║██║█████╗ ██║ ██║ ██║\n ██╔══██║██╔═══╝ ██╔═██╗ ╚════██║██╔══██║██║██╔══╝ ██║ ██║ ██║\n ██║ ██║██║ ██║ ██╗███████║██║ ██║██║███████╗███████╗██████╔╝\n ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝╚══════╝╚══════╝╚═════╝\n```\n\n**AI-Powered Android Penetration Testing Tool**\n\n![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.10%2B-blue?style=flat-square&logo=python)\n![Platform](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPlatform-Kali%20Linux-557C94?style=flat-square&logo=linux)\n![Frida](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FFrida-17.x%20Compatible-orange?style=flat-square)\n![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-green?style=flat-square)\n\n> ⚠️ **For authorized penetration testing only. Always obtain written permission before testing any application.**\n\n\u003C\u002Fdiv>\n\n---\n\n## What is APKShield-PT?\n\nAPKShield-PT is an automated Android penetration testing tool that:\n\n1. **Decompiles** the APK using `apktool` (smali + resources) and `jadx` (Java source)\n2. **Detects** root detection techniques across 14 categories\n3. **Detects** SSL\u002FTLS certificate pinning across 15 categories\n4. **Generates** ready-to-use Frida bypass scripts targeting exactly what was found\n5. **Produces** a full HTML + JSON report\n\nNo manual code reading required. Drop in an APK, get working Frida scripts out.\n\n---\n\n## Features\n\n| Feature | Details |\n|---|---|\n| Auto Decompilation | apktool + jadx, skips if already done |\n| Root Detection Engine | 14 categories — RootBeer, SafetyNet, Play Integrity, Magisk, su binary, build props, Frida\u002FXposed self-detection, signature checks, emulator detection |\n| SSL Pinning Engine | 15 categories — OkHttp, TrustManager, HostnameVerifier, NSC XML, TrustKit, WebView, gRPC, Conscrypt, Cronet, certificate transparency, native pinning |\n| Frida Script Generator | Auto-generates targeted scripts — no generic one-size-fits-all hooks |\n| AI Analysis (optional) | Deep code analysis to find obfuscated\u002Fcustom checks |\n| Reports | HTML report (dark theme) + JSON report |\n| Frida 17.x Compatible | All overloads correctly specified, no crash on startup |\n\n---\n\n## Installation\n\n### Requirements\n\n- Kali Linux (recommended) or any Debian-based distro\n- Python 3.10+\n- Android device with frida-server running\n\n### One-command setup\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FWhitehat987\u002Fapkshield-pt\ncd apkshield-pt\nbash setup.sh\n```\n\nThe setup script installs: `apktool`, `jadx`, `adb`, `frida-tools`, `objection`, and all Python dependencies.\n\n### Manual install\n\n```bash\nsudo apt install apktool jadx adb -y\npip3 install frida-tools objection rich anthropic --break-system-packages\n```\n\n---\n\n## Usage\n\n```bash\n# Basic usage — no AI (fully offline)\npython3 apkshield.py App.apk --no-ai\n\n# Custom output directory\npython3 apkshield.py App.apk --no-ai -o \u002Froot\u002Fresults\n\n# With AI analysis (requires API key)\nexport ANTHROPIC_API_KEY=your_key_here\npython3 apkshield.py App.apk\n\n# Verbose output\npython3 apkshield.py App.apk --no-ai -v\n\n# Check all dependencies\npython3 apkshield.py --check-deps\n```\n\n---\n\n## Output Structure\n\n```\napkshield_output\u002F\n└── AppName\u002F\n ├── apktool_out\u002F # Smali + resources\n ├── jadx_out\u002F # Decompiled Java source\n ├── frida\u002F\n │ ├── master_bypass.js ← Start here (all-in-one)\n │ ├── root_bypass.js\n │ ├── ssl_bypass.js\n │ ├── safetynet_bypass.js\n │ ├── frida_detection_bypass.js\n │ └── custom_bypass.js ← AI-identified hooks (if AI used)\n ├── report.html ← Visual report (open in browser)\n └── report.json ← Machine-readable report\n```\n\n---\n\n## Using the Frida Scripts\n\n### Setup frida-server on device first\n\n```bash\n# Download frida-server matching your frida-tools version\n# https:\u002F\u002Fgithub.com\u002Ffrida\u002Ffrida\u002Freleases\n\nadb push frida-server \u002Fdata\u002Flocal\u002Ftmp\u002F\nadb shell chmod +x \u002Fdata\u002Flocal\u002Ftmp\u002Ffrida-server\nadb shell \u002Fdata\u002Flocal\u002Ftmp\u002Ffrida-server &\n```\n\n### Run bypass scripts\n\n```bash\n# Spawn app with master bypass (recommended — start here)\nfrida -U -f com.target.app -l frida\u002Fmaster_bypass.js --no-pause\n\n# Attach to already running app\nfrida -U com.target.app -l frida\u002Fmaster_bypass.js\n\n# SSL bypass only\nfrida -U -f com.target.app -l frida\u002Fssl_bypass.js --no-pause\n\n# Via objection (interactive shell)\nobjection -g com.target.app explore\n```\n\n---\n\n## Root Detection Coverage\n\n| ID | Category | Bypass Function |\n|---|---|---|\n| RD-001 | su binary path checks | `bypass_file_checks()` |\n| RD-002 | busybox binary | `bypass_file_checks()` |\n| RD-003 | Root manager apps (Magisk, SuperSU) | `bypass_package_manager()` |\n| RD-004 | Build.TAGS test-keys | `bypass_build_props()` |\n| RD-005 | ro.secure \u002F ro.debuggable props | `bypass_build_props()` |\n| RD-006 | RootBeer library | `bypass_rootbeer()` |\n| RD-007 | RootTools library | `bypass_rootbeer()` |\n| RD-008 | SafetyNet Attestation API | `bypass_safetynet()` |\n| RD-009 | Play Integrity API | `bypass_safetynet()` |\n| RD-010 | Native JNI root check | Manual \u002F Magisk Hide |\n| RD-011 | Writable path checks | `bypass_file_checks()` |\n| RD-012 | Frida \u002F Xposed self-detection | `bypass_frida_detection()` |\n| RD-013 | Emulator detection | `bypass_build_props()` |\n| RD-014 | APK signature \u002F tamper check | `bypass_package_manager()` |\n\n## SSL Pinning Coverage\n\n| ID | Category | Bypass Function |\n|---|---|---|\n| SSL-001 | OkHttp3 CertificatePinner | `bypass_okhttp()` |\n| SSL-002 | Custom X509TrustManager | `bypass_trust_manager()` |\n| SSL-003 | Custom HostnameVerifier | `bypass_hostname_verifier()` |\n| SSL-004 | Network Security Config XML | `bypass_nsc()` |\n| SSL-005 | Conscrypt \u002F Cronet | `bypass_trust_manager()` |\n| SSL-006 | HttpsURLConnection | `bypass_hostname_verifier()` |\n| SSL-007 | Appcelerator Titanium | `bypass_trust_manager()` |\n| SSL-008 | Volley HurlStack | `bypass_trust_manager()` |\n| SSL-009 | gRPC TLS credentials | `bypass_trust_manager()` |\n| SSL-010 | Native JNI SSL pinning | Manual native patching |\n| SSL-011 | Firebase \u002F GMS TLS | `bypass_trust_manager()` |\n| SSL-012 | Certificate Transparency | `bypass_trust_manager()` |\n| SSL-013 | Public key pinning | `bypass_trust_manager()` |\n| SSL-014 | WebView SSL handling | `bypass_webview_ssl()` |\n| SSL-015 | TrustKit framework | `bypass_trustkit()` |\n\n---\n\n## Project Structure\n\n```\napkshield-pt\u002F\n├── apkshield.py # Main entry point\n├── setup.sh # Installer for Kali Linux\n├── README.md\n└── core\u002F\n ├── __init__.py\n ├── decompiler.py # apktool + jadx wrapper\n ├── root_detector.py # Root detection pattern engine\n ├── ssl_detector.py # SSL pinning pattern engine\n ├── frida_gen.py # Frida script generator\n ├── ai_analyzer.py # Optional AI deep analysis\n └── reporter.py # HTML + JSON report generator\n```\n\n---\n\n## Troubleshooting\n\n**`No module named 'core'`**\n```bash\n# Make sure you run from inside the project folder\ncd apkshield-pt\npython3 apkshield.py App.apk --no-ai\n```\n\n**`pip install` fails on Kali**\n```bash\npip3 install rich anthropic --break-system-packages\n```\n\n**`apktool not found`**\n```bash\nsudo apt install apktool -y\n```\n\n**`jadx not found`**\n```bash\nsudo apt install jadx -y\n```\n\n**Frida crash: `has more than one overload`**\nThis was fixed in the current version. Make sure you downloaded the latest `master_bypass.js`.\n\n**App still detects root after bypass**\n- The app may use native (C\u002FC++) root detection — check the `native_root` note in the report\n- Try running with Magisk Hide \u002F Shamiko enabled alongside the Frida script\n- Use `--verbose` and check which specific hooks logged output\n\n---\n\n## Contributing\n\nPull requests welcome. To add a new detection pattern, edit `core\u002Froot_detector.py` or `core\u002Fssl_detector.py` and add an entry to the respective `*_PATTERNS` list following the existing format.\n\n---\n\n## Legal\n\nThis tool is intended for authorized security testing only. The authors are not responsible for any misuse. Always obtain explicit written permission from the application owner before testing.\n\n---\n\n## License\n\nMIT License — see [LICENSE](LICENSE) for details.\n","APKShield-PT 是一款自动化 Android 渗透测试工具,能够自动检测 APK 的 Root 检测技术和 SSL\u002FTLS 证书固定,并生成相应的 Frida 绕过脚本。其核心功能包括使用 apktool 和 jadx 自动反编译 APK 文件,检测 14 种根检测技术和 15 种 SSL\u002FTLS 证书固定技术,以及根据检测结果自动生成针对性的 Frida 脚本。此外,它还支持 AI 分析以发现混淆或自定义检查,并生成详细的 HTML 和 JSON 报告。该工具适用于授权的安全测试场景,尤其适合需要快速识别和绕过移动应用安全机制的情况。","2026-06-11 04:03:19","CREATED_QUERY"]