# Install apkleaks with Homebrew, Nix

Scanning APK file for URIs, endpoints & secrets. Version 2.6.3 via Homebrew; verified 2026-04-22.

## Install

```sh
sudo av install brew:apkleaks
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install apkleaks
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#apkleaks
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ap/apkleaks/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:apkleaks
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/apkleaks>
- **Version:** 2.6.3
- **Source summary:** Scanning APK file for URIs, endpoints & secrets
- **Homepage:** <https://github.com/dwisiswant0/apkleaks>
- **Repository:** <https://github.com/dwisiswant0/apkleaks>
- **Upstream docs:** <https://github.com/dwisiswant0/apkleaks#readme>
- **License:** Apache-2.0
- **Source archive:** <https://files.pythonhosted.org/packages/1e/e6/203661abe151dbc59096de65d6f0cf392d1aad3acba32f4e9f3f389acad0/apkleaks-2.6.3.tar.gz>
- **Last updated:** 2026-04-22T09:24:28Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- apkleaks (cli)
- apkleaks (alias)

## Dependencies

- jadx
- python@3.14

## Uses from macOS

- libxml2
- libxslt

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 2.6.3
- Package-manager updated: 2026-04-22
- Local data: ok
- Upstream repository: https://github.com/dwisiswant0/apkleaks
- info: No cached GitHub release or tag data was available.
## Project history and usage

APKLeaks is a Python CLI for scanning APK files for URIs, endpoints, and secrets. It is part Android reverse-engineering helper, part bug-bounty reconnaissance tool, and part regex-based secret scanner.

### Project history

The public GitHub repository was created in May 2020. Its README positions the tool around APK scanning and documents installation from PyPI, source, and Docker, with jadx used as the disassembler when available.

The README credits apkurlgrep as an inspiration and acknowledges pattern sources and related tooling such as truffleHogRegexes, LinkFinder, gf patterns, dex2jar, and a standalone APK parser. That makes the project a packaging point for several mobile-reconnaissance ideas rather than a pure APK parser.

### Adoption history

The project is distributed through PyPI, Docker, and source installation according to its README. The supplied package metadata also records Homebrew and Nix packages, showing that the tool crossed from Python security circles into general CLI package indexes.

GitHub repository metadata showed more than 6k stars and hundreds of forks at research time, which is unusually high for a narrow APK scanner and reflects adoption in mobile-security and bug-bounty workflows.

### How it is used

The common invocation is apkleaks -f path/to/file.apk, with optional output file selection, JSON output, custom pattern JSON via --pattern, and disassembler arguments passed through with --args. If no output path is supplied, the README says it generates a result file automatically.

APKLeaks does not document a fixed user config file. Pattern customization is an explicit per-run path to a JSON rules file, while the default regexes live inside the project repository.

### Why package nerds care

APKLeaks is interesting as a small packaged security CLI because it composes other tools and pattern corpora behind a simple command. Package users care less about a library API and more about whether pipx, brew, nix, or Docker can put a scanner in PATH quickly during APK triage.

Its release stream also shows maintenance for platform compatibility, including Python 3.12 and 3.13 support and a move to pyproject.toml in the 2.6.x series.

### Timeline

- 2020: Public dwisiswant0/apkleaks repository created on GitHub.
- 2021: 2.6.0 release added token and identifier patterns such as GitHub access tokens, Discord bot tokens, JWTs, and CTF flag patterns.
- 2024: 2.6.2 added Python 3.12 support.
- 2024: 2.6.3 migrated to pyproject.toml and fixed Python 3.13 compatibility.

### Related projects

- APKLeaks relies on jadx for APK decompilation and credits apkurlgrep, truffleHogRegexes, LinkFinder, gf, dex2jar, and a standalone APK parser as influences or resources.

### Sources

- <https://api.github.com/repos/dwisiswant0/apkleaks>
- <https://api.github.com/repos/dwisiswant0/apkleaks/releases>
- <https://github.com/dwisiswant0/apkleaks#readme>
- source_facts.package-manager


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** apkleaks
- **Version Scheme:** 0
- **Revision:** 2
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - apkleaks: normalized package name match | nixpkgs package indexes: pkgs/by-name/ap/apkleaks/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [jadx](https://www.automicvault.com/pkg/brew/jadx/) - Runtime dependency declared by Homebrew.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [bbot](https://www.automicvault.com/pkg/brew/bbot/) - Shares av.db curated category or tags: cli, scanner, security.
- [berglas](https://www.automicvault.com/pkg/brew/berglas/) - Shares av.db curated category or tags: cli, secrets, security.
- [blackbox](https://www.automicvault.com/pkg/brew/blackbox/) - Shares av.db curated category or tags: cli, secrets, security.
- [doppler](https://www.automicvault.com/pkg/brew/doppler/) - Shares av.db curated category or tags: cli, secrets, security.
- [fnox](https://www.automicvault.com/pkg/brew/fnox/) - Shares av.db curated category or tags: cli, secrets, security.
- [git-crypt](https://www.automicvault.com/pkg/brew/git-crypt/) - Shares av.db curated category or tags: cli, secrets, security.
- [git-secret](https://www.automicvault.com/pkg/brew/git-secret/) - Shares av.db curated category or tags: cli, secrets, security.
- [go-passbolt-cli](https://www.automicvault.com/pkg/brew/go-passbolt-cli/) - Shares av.db curated category or tags: cli, secrets, security.
- [cycode](https://www.automicvault.com/pkg/brew/cycode/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, python, python-3-14, scanning, secrets.
- [detect-secrets](https://www.automicvault.com/pkg/brew/detect-secrets/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, python, python-3-14, scanning, secrets.
- [keyring](https://www.automicvault.com/pkg/brew/keyring/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, python, python-3-14, secrets, security.

## Combined YAML source

View the package source record on GitHub. [combined/apkleaks.yml](https://github.com/automic-vault/db/blob/main/combined/apkleaks.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
