Slicer – Tool To Automate The Boring Process Of APK Recon

A tool to automate the recon process on an APK file.

Slicer accepts a path to an extracted APK file and then returns all the activities, receivers, and services which are exported and have null permissions and can be externally provoked.

Note: The APK has to be extracted via jadx or apktool.


I started bug bounty like 3 weeks ago(in June 2020) and I have been trying my best on android apps. But I noticed one thing that in all the apps there were certain things which I have to do before diving in deep. So I just thought it would be nice to automate that process with a simple tool.

Why not drozer?

Well, drozer is a different beast. Even though it does finds out all the accessible components but I was tired of running those commands again and again.

Why not automate using drozer?

I actually wrote a bash script for running certain drozer commands so I won’t have to run them manually but there was still some boring stuff that had to be done. Like Checking the strings.xml for various API keys, testing if firebase DB was publically accessible or if those google API keys have setup any cap or anything on their usage and lot of other stuff.

Why not search all the files?

I think that a tool like grep or ripgrep would be much faster to search through all the files. So if there is something specific that you want to search it would be better to use those tools. But if you think that there is something which should be checked in all the android files then feel free to open an issue.

Check if the APK has set the android:allowbackup to true

Check if the APK has set the android:debuggable to true.

Return all the activities, services and broadcast receivers which are exported and have null permission set. This is decided on the basis of two things:

Check if the google API keys are publically accessible or not.

Return other API keys that are present in strings.xml and in AndroidManifest.xml

List all the file names present in /res/raw and res/xml directory.

Extracts all the URLs and paths.

It’s very simple to use. Following options are available:

I have not implemented the output flag yet because I think if you can redirect slicer output to a yaml file it will a proper format.

All the features implemented in this are things that I’ve learned in past few weeks, so if you think that there are various other things which should be checked in an APK then please open an issue for that feature and I’d be happy to implement that 🙂

If you’d like you can buy me some coffee:



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page