This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the vulnerabilities it finds. There is no need to root the test device, as this tool focuses on vulnerabilities that can be exploited under otherwise secure conditions.
Requirements
Python 2.7.13 and 3.6 on OSX, Linux, and Windows
Installation
- git clone https://github.com/linkedin/qark
- cd qark
- pip install -r requirements.txt
- pip install . --user
- qark --help
Demo
