Using the BeVigil API (free mobile application security testing tool) it’s possible to Identify vulnerabilities or secrets in apps by deep analysis using android app scanner.
First find the application id by searching for the application in the Google Store (https://play.google.com/store/apps ), the application id will be in the url.
https://bevigil.com/osint/api-keys
iron@MacBook-Pro ~ % curl --location --request GET '<http://osint.bevigil.com/api/com.trustwave.MSS.SecurityConsole/all-assets/>' --header 'X-Access-Token: wJDCFh********' | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 14329 100 14329 0 0 14452 0 --:--:-- --:--:-- --:--:-- 25911
{
"package_id": "com.trustwave.MSS.SecurityConsole",
"assets": {
"email": [
"assets/flutter_assets/assets/img/[email protected]",
"assets/flutter_assets/assets/img/[email protected]",
"assets/flutter_assets/assets/img/[email protected]",
"assets/flutter_assets/assets/img/[email protected]",
"assets/img/[email protected]",
"assets/img/[email protected]",
"assets/img/[email protected]",
"assets/img/[email protected]"
],
"file_path": [
"/v1/{resource=**}:getAcl",
"/v2/{resource=**}",
"/v2/{resource=**}:getAcl",
"/v2/acls/{resource=**}:getAcl",
"/cmdline",
"/raw/",
"/topics/"
],
"host": [
"play.google.com"
],
"relative_endpoint": [
"org/threeten/bp/TZDB.dat",
"assets/icon/app-icon.png",
"assets/icon/fusion-icon-round.png",
"assets/icon/tw-icon-white.png",
"assets/icon/tw-icon.png",
"assets/img/Banner_Bottom.png",
"packages/intl_phone_field/assets/flags/zm.png",
"packages/intl_phone_field/assets/flags/zw.png",
"packages/material_design_icons_flutter/lib/fonts/materialdesignicons-webfont.ttf"
],
"rest_api": [
"America/Argentina/Buenos_Aires",
"America/Indiana/Indianapolis",
"packages/cupertino_icons/CupertinoIcons",
"packages/font_awesome_flutter/FontAwesomeBrands",
"packages/font_awesome_flutter/FontAwesomeRegular",
"packages/font_awesome_flutter/FontAwesomeSolid"
],
"url": [
"<https://play.google.com/store>",
"content://com.teslacoilsw.notifier/unread_count",
"content://com.sonymobile.home.resourceprovider/badge",
"content://me.everything.badger/apps",
"content://com.huawei.android.launcher.settings/badge/",
"content://com.android.badge/badge",
"content://com.sec.badge/apps?notify=true",
"content://com.android.launcher3.cornermark.unreadbadge"
]
}
}
iron@MacBook-Pro ~ % curl --location --request GET '<http://osint.bevigil.com/api/com.amazon.mShop.android.shopping/S3-buckets/>' --header 'X-Access-Token: wJDCF*******' | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 3396 100 3396 0 0 3711 0 --:--:-- --:--:-- --:--:-- 7303
{
"package_id": "com.amazon.mShop.android.shopping",
"s3_buckets": [
"<https://s3-us-west-1.amazonaws.com/a9-visual-search-config/android/development/18.6/ARViewConfig>....",
"<https://s3-us-west-1.amazonaws.com/a9-visual-search-config/android/production/18.8/ARViewConfig.json>",
"<https://a9-visual-search-config.s3.us-west-1.amazonaws.com/ARProductPreview/VTOLipsFaceRouterTable>",
"<https://a9-visual-search-config.s3.us-west-1.amazonaws.com/ARProductPreview/VTOThumbnail>",
"<https://a9-visual-search-config.s3.us-west-1.amazonaws.com/ARProductPreview/StaticData>",
"<https://s3.amazonaws.com/camera-search-failure-landing-page/Barcodes.png>",
"<https://s3.amazonaws.com/camera-search-failure-landing-page/HandMadeGiftShop.png>",
"<https://s3.amazonaws.com/camera-search-failure-landing-page/DiscoverPetsInterestingFinds.png>",
"<https://s3.amazonaws.com/camera-search-failure-landing-page/InterestingFinds.png>",
"<https://s3.amazonaws.com/camera-search-failure-landing-page/LaunchPad.png>",
"<https://s3.amazonaws.com/camera-search-failure-landing-page/Home.png>",
"<https://s3.amazonaws.com/camera-search-failure-landing-page/PrimeWardrobe.png>",
"<https://s3-us-west-2.amazonaws.com/a9vs-stylesnap-ios/HeaderImages/headerImage1.png>",
"<https://s3-us-west-2.amazonaws.com/a9vs-stylesnap-ios/HeaderImages/headerImage2.png>",
"<https://s3-us-west-2.amazonaws.com/a9vs-stylesnap-ios/HeaderImages/headerImage3.png>",
"<https://s3-us-west-2.amazonaws.com/a9vs-stylesnap-ios/HeaderImages/headerImage4.png>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/33.png>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/35.png>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/4.png>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/93.jpg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/94.jpg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/19.png>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/87.jpg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/81.jpg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/82.jpg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/83.jpg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/73.JPG>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/74.jpeg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/77.jpeg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/79.jpg>",
"<https://a9vs-stylesnap-ios.s3-us-west-2.amazonaws.com/ExploreLooks/Images/39.png>",
"<https://asl-test-adhoc-1.s3.amazonaws.com/prod>",
"<https://a9-visual-search-config.s3-us-west-1.amazonaws.com/mars/arview/android/>",
"<https://s3-us-west-1.amazonaws.com/a9vs-growth/a9vs-marketing-config/temporary/A9VSMarketingConfi>...",
"<https://a9-visual-search-config.s3-us-west-1.amazonaws.com/ARProductPreview/IBL_filament.zip>",
"<https://a9-visual-search-config.s3-us-west-1.amazonaws.com/ARProductPreview/IBL.zip>",
"<https://s3-us-west-2.amazonaws.com/firefly-ios/ARProductPreview/IBL.zip>",
"<https://a9-visual-search-config.s3-us-west-1.amazonaws.com/ARProductPreview/IBL_VTOLip_filament.zip>",
"<https://a9-visual-search-config.s3-us-west-1.amazonaws.com/ARProductPreview/IBL_VTOG_filament.zip>"
]
}
iron@MacBook-Pro ~ % curl --location --request GET '<http://osint.bevigil.com/api/whatsapp/S3-keyword/>' --header 'X-Access-Token: wJDC****************' | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 6201 100 6201 0 0 4295 0 0:00:01 0:00:01 --:--:-- 3880k
{
"keyword": "whatsapp",
"s3_buckets": [
"<https://scholr-static.s3.amazonaws.com/MobileApp/app_logo.png&utm_source=whatsapp&utm_medium=cpc&>...",
"<https://quickride-bucket.s3.ap-south-1.amazonaws.com/whatsapp-logo.jpg>",
"<https://magicpin-image-assets.s3-ap-southeast-1.amazonaws.com/Remarketing-Pics/Rmkt/whatsapp_prom>...",
"<https://nira-generators.s3.ap-south-1.amazonaws.com/whatsapp_referral.jpeg>",
"<https://o1-image-uploads.s3.ap-south-1.amazonaws.com/orderOnWhatsapp/OrderOnwhatsapp.png>",
"<https://stackbybucketprod.s3-ap-southeast-1.amazonaws.com/whatsapp.png>",
"<https://s3.amazonaws.com/whatsappstickers/>",
"<https://s3.amazonaws.com/whatsappstickers/decorator-assets/1-general/15-specs.webp","is>...",
"<https://s3.amazonaws.com/whatsappstickers/decorator-assets/1-general/14-cowboyhat.webp",&quo>...",
"<https://s3.amazonaws.com/whatsappstickers/decorator-assets/7-age-candle/0-age_candle.webp",&>...",
"<https://o1-image-uploads.s3.ap-south-1.amazonaws.com/orderOnWhatsapp/OrderOnwhatsapp.png>",
"<https://s3.ap-south-1.amazonaws.com/www.nuo.exchange/mobile-assets/whatsapp_background.png"}>...",
"<https://s3.ap-south-1.amazonaws.com/www.nuo.exchange/mobile-assets/whatsapp_background.png"}>]"
]
}
curl --location --request GET '<http://osint.bevigil.com/api/com.trustwave.MSS.SecurityConsole/report/>' --header 'X-Access-Token: wJDC********' | jq .