aeondave/androguard
offensive-tools/rev/androguard/SKILL.md
Auth/lab ref: Python toolkit for Android APK, DEX, resources, manifest, and certificate analysis.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill androguardInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 8, 2026, 4:00 AM127.8s1 file scanned
SKILL.md
- name:
- androguard
- description:
- Auth/lab ref: Python toolkit for Android APK, DEX, resources, manifest, and certificate analysis.
- license:
- Apache-2.0
- compatibility:
- Linux, macOS, Windows; Python 3.
- author:
- AeonDave
- version:
- 1.0
Androguard
Scriptable Android static analysis for APK, DEX, XML, and resources.
When to use Androguard
Use Androguard when you need:
- structured extraction of package metadata and app components
- repeatable Python-driven APK triage across many samples
- manifest, permission, certificate, or resource inspection without a GUI
- basic code and string analysis before deeper reversing
Use jadx for human-readable code browsing. Use Androguard when you want automation and structured output.
Installation
pip install androguard
Official project notes that 4.x is the actively developed line and differs significantly from the older 3.3.5 branch.
Canonical Python Workflow
from androguard.misc import AnalyzeAPK
apk, dex, analysis = AnalyzeAPK("app.apk")
print(apk.get_package())
print(apk.get_app_name())
print(apk.get_permissions())
print(apk.get_activities())
print(apk.get_services())
print(apk.get_receivers())
This is the fastest route for repeatable APK metadata extraction.
High-Value Triage Tasks
Package, permissions, and components
from androguard.misc import AnalyzeAPK
apk, dex, analysis = AnalyzeAPK("app.apk")
print("Package:", apk.get_package())
print("Permissions:", apk.get_permissions())
print("Activities:", apk.get_activities())
print("Services:", apk.get_services())
print("Receivers:", apk.get_receivers())
File inventory inside the APK
for name in apk.get_files():
print(name)
Useful for spotting:
- embedded native libraries
- config files
- cert bundles
- assets with hardcoded secrets or models
Certificate and signing clues
Use Androguard when you need to script certificate extraction or compare multiple APKs for shared signing material.
Strings and code analysis
Use the analysis object when you need to inspect methods, classes, or search strings programmatically instead of manually hunting in a GUI.
Practical Workflow
- Start with Androguard for package/components/permissions/files
- Open the same sample in
jadxfor readable code review - Move to
apktoolif you need patch-and-rebuild - Add
adbor Frida later for dynamic validation
Practical Notes
- Upstream docs explicitly note ongoing documentation refresh; prefer current GitHub pages and examples over old blog posts.
- The project supports APK, DEX, ODEX, binary XML, resources, disassembly, and a basic decompiler.
- Use it when you need batchable analysis or a Python-native pipeline.
Caveats
- Documentation is in transition; APIs may differ from older tutorials.
- Decompiled output is not as convenient as
jadxfor large manual reviews. - Use it for structured extraction first, not as the only source of truth for complicated control flow.
Resources
No bundled scripts/, references/, or assets/.
Use upstream examples and current GitHub Pages docs for version-specific API details.
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026