Appie – Android Pentesting Portable Integrated Environment

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual Machine(VM) or dualboot.
It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android Security Analysis Tool and is a one stop answer for all the tools needed in Android Application Security Assessment, Android Forensics, Android Malware Analysis.

Why Appie was created ?

Just because i wanted something awesome instead of traditional virtual machines.

Difference between Appie and existing environments ?

  • Tools contained in Appie are running on host machine instead of running on virtual machine.
  • Less Space Needed(Only around 1.5GB required compared to atleast 10 GB of Virual Machine)
  • As the name suggests it is completely Portable i.e it can be carried on USB Stick or on your own smartphone and your pentesting environment will go wherever you go without any configuring changes.
  • Awesome Interface :)

What Does Appie Mean ?

In the search for an awesome name, i found Appie which stands for Android Pentesting Portable Integrated Environment and the most important thing the name define itself.

Getting Started

  • Download the file.
  • Open the installer file and then complete installation process.
  • Go through the Usage

I have also started a series on Android Application Security for the ones who wants to learn about android application security. In that series i have used Appie extensively.

Which tools are included in Appie ?

Usage

  • Apktool can be used by the keyword apktool.
  • AndroBugs Framework can be used by the keyword androbugs
  • Androwarn Usage

    Type androwarn in the console to open androwarn directory and then see usage for it’s usage.

  • Androguard Usage

    There are several files in androguard project. You can look about their individual usage on their website. For example, if you wanted to use androgui then just type androgui on the terminal.

  • To open atom, type atom in the terminal and it will open Atom text editor in other half of the terminal. It has been customized like this to have a better experience while testing. No hassle of Tabs/Windows.
  • Type bytecodeviewer to open ByteCodeViewer.
  • Burpsuite

    Type burpuite in the Appie console to open up BurpSuite.

  • Drozer Usage
    • Type in drozer console connect and drozer application will load up in the right half.
  • eclipse can be used to launch Eclipse IDE for Android Application Development.
  • use firefox to open up Mozilla Firefox.
  • Jd-GUI Usage
    • Type jdgui in the console and a new tab will open with JD-GUI in it .
  • Type jadx to use jadx.

  • Pidcat Usage

    In order view logcat entries for org.owasp.goatdroid.fourgoats, type pidcat org.owasp.goatdroid.fourgoats in Appie and you would see something similar.

    • Use sqlitebrowser to open SQLite Database Browser.
  • Type sqlmap to use SQLmap.

  • Volatility Usage

    Type volatility in the console to use this.

  • Wireshark Usage

    Type wireshark in Appie console to open wireshark within Appie.

Frequently Asked Questions

Q. When it will be available for Linux/Mac?

Currently this is only available for windows but yes i am figuring out something for Linux/Mac as well. But for now you can run Appie on Win7/Win8 Virtual machine. Appie doesn’t need any software pre-installed on the machine, it contain all the environments like Java Runtime Environment, Python Environment neccessary for it’s running.

Q. I am interested in Android Security and willing to learn it. Do you know any resources where i could start ?

Yes. Actually myself have started an Android Application Security Series in which i have started from the very basics and explained each vulnerability in detail. Hope you will find it useful:)

Q. How can i work in FullScreen in Appie ?

Just press Alt + Enter while using Appie to go in FullScreen Mode and do the same to come back in normal mode.

Q. How could i resize Appie ?

If you move your cursor along it edges then outer boundary start appearing and you can resize using it but this procedure is something everyone is not able to follow.

There is an alternative way to do this

  • Right click on the top bar and then click on settings.
  • Then a new window will appear then uncheck “Hide caption Always” and then save settings as given below.
  • Then Appie would look something like this.
  • You can now resize the window as you would like. After that you can again go to setting and check that option again and save settings.

Appie will save your current windows size and will open as it is when you open next time.

Q. Why is Appie throwing up red flags with being malware?

Actually Appie is packed by UPX which is identified as malware by some antivirus softwares. You can scan Appie.exe with virtustotal.com and see the result. As an alternative there is a Appie.bat file in the same directory which upon running won’t show any warnings.

Q. ADB is not running properly.

Actually in order to run adb with your emualtor, you need to set the path of Android SDK Tools in your emulator.

Android SDK TOOLS Path:- path_to_appie/bin/adt/sdk/

If you are using Genymotion Device as your emulator then follow the procedure below.

  • First go to Genymotion then click on settings.
  • Then in the ADB tab, select “Use Custom Android SDK Tools”
  • Then select the path of sdk folder which is located at path_to_appie/bin/adt/sdk/

Demo Video

Below is short demonstration video of Appie.

Download

Follow Appie on Facebook and Twitter for updates about Appie and Android Security.

Download Appie

Found this project interesting? Donate via Paypal or Bitcoin




Bitcoin : 183W2Nbmx6LX8KYEAXxJ5mSze23ZD5tAWh

Feedback

Your feedback is really important to me, without feedback of community Appie would have not existed. If you have any suggestion for tool, feature, or something which would make Appie more awesome, then please fill out the form below.

What they are saying ?

Appie has received awesome response which is something i never expected. See how is Appie being talked about on Internet.

  • ESET one of the famous antivirus providers has written an article about “Analyzing Mailcious Apps with Appie“.

    This is how they decribed Appie in their article “A tool recently released that facilitates this type of analysis is Appie, Android Pentesting Portable Integrated Environment. In addition to an attractive and intuitive user interface, this application provides the basic materials to begin the study of an apk file. It is a lightweight tool suite, whose portability allows us to rapidly assemble a testing laboratory in any Windows.”

    Here is the link to that article.

Thanks everyone for their love to Appie. I will continue to make Appie more awesome :)

Aditya Agrawal
aditya@manifestsecurity.com |


License

All software included is bundled with own license
The MIT License (MIT)

Copyright (c) 2015 Aditya Agrawal

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.