apkingo
May 26, 2026 ยท View on GitHub
apkingo is an APK analysis tool written in Go. It extracts information from Android applications, such as permissions, metadata, certificate details, version code, supported CPU architectures, and integrates with VirusTotal and Koodous for malware detection.
Features
Core Analysis
- General Info: Package name, version name, version code, main activity, SDK versions, supported CPU architectures
- Localized Names: Extract app names in specific locales with the
-localeflag (e.g.,-locale zh-CN) - Hashes: MD5, SHA1, SHA256
- Permissions: Complete list of requested permissions
- Metadata: Application metadata
- Certificate: Serial, thumbprint, validity, issuer, subject
File Format Support
- XAPK/APKS Support: Automatically detects and extracts APKs from Android App Bundle archives
- Directory Analysis: Batch analyze multiple APKs in a directory with the
-dirflag
Offline Analysis
- No Play Store Required: Use the
-no-play-storeflag to analyze APKs without internet access (useful in restricted network environments, air-gapped systems, or regions with limited connectivity)
External Intelligence
- Play Store Integration: Scrapes application info from Google Play Store
- VirusTotal Analysis (requires VirusTotal API key):
- Malware detection stats with highlighted red flags
- Popular threat classification (e.g., "trojan.pegasus/chrysaor")
- File reputation score
- Community detection (Sigma, YARA, IDS)
- File tags and characteristics
- VirusTotal Androguard (automatic with VirusTotal API key):
- Complete APK structure analysis
- Activities, Services, Providers, Receivers
- Libraries and SDK versions
- Dangerous permissions highlighted in red
- Koodous Integration (requires Koodous API key):
- Malware detection status
- Community rating and trust score
- Positive/Negative votes
- Repository information when available
Output & Export
- Enhanced Terminal Output: Colored results with bold red warnings for malware indicators
- JSON Export: Pretty-printed analysis export including all VirusTotal/Koodous data
Installation
From GitHub Releases
Download the pre-compiled binary for your system from the Releases page.
From Source
go install github.com/andpalmier/apkingo/cmd/apkingo@latest
From Homebrew
brew tap andpalmier/tap
brew install apkingo
Usage
Using Docker (Recommended)
You can run apkingo directly using Docker without installing Go or downloading binaries.
# Analyze an APK (mount the directory containing the APK)
docker run --rm -v $(pwd):/mnt ghcr.io/andpalmier/apkingo -apk /mnt/target.apk
# Analyze an XAPK file
docker run --rm -v $(pwd):/mnt ghcr.io/andpalmier/apkingo -apk /mnt/app.xapk
# Analyze all APKs in a directory
docker run --rm -v $(pwd):/mnt ghcr.io/andpalmier/apkingo -dir /mnt
# Analyze and export JSON report
docker run --rm -v $(pwd):/mnt ghcr.io/andpalmier/apkingo -apk /mnt/target.apk -json /mnt/report.json
CLI Usage
# Analyze a single APK
apkingo -apk <path_to_apk>
# Analyze an XAPK/APKS file
apkingo -apk <path_to_xapk>
# Analyze all APKs in a directory
apkingo -dir <path_to_directory>
# Analyze with API keys and export JSON
apkingo -apk <path_to_apk> -vtapi <VT_KEY> -kapi <KOODOUS_KEY> -json report.json
Locale Examples
Extract the app name in a specific language:
# Default (English or app default)
apkingo -apk target.apk
# Simplified Chinese
apkingo -apk target.apk -locale zh-CN
# Japanese
apkingo -apk target.apk -locale ja
# Combine with Play Store locale for fully localized analysis
apkingo -apk target.apk -country cn -locale zh-CN
API Keys
For enhanced analysis, you can provide API keys for VirusTotal and Koodous either via command-line flags or environment variables:
Environment Variables (Recommended):
export VT_API_KEY="your_virustotal_api_key"
export KOODOUS_API_KEY="your_koodous_api_key"
apkingo -apk <path_to_apk>
Command-Line Flags:
apkingo -apk <path_to_apk> -vtapi <YOUR_VT_KEY> -kapi <YOUR_KOODOUS_KEY>
Options
| Flag | Description |
|---|---|
-apk | Path to APK or XAPK file to analyze (required) |
-dir | Analyze all APKs in a directory |
-json | Path to export analysis in JSON format |
-country | Country code of the Play Store (default: "us") |
-locale | Locale for localized app name extraction (e.g., en, zh-CN) |
-vtapi | VirusTotal API key (can also use VT_API_KEY env var) |
-kapi | Koodous API key (can also use KOODOUS_API_KEY env var) |
-no-play-store | Skip Play Store scraping for offline analysis |
-vtupload | Upload the APK to VirusTotal after analysis (interactive prompt) |
Example
apkingo -apk <path_to_apk>
Screenshot
apkingo analyzing an Android malware:
3rd party libraries and API documentation
- shogo82148/androidbinary: GitHub repo and Go reference
- avast/apkverifier: GitHub repo and Go reference
- fatih/color: GitHub repo and Go reference
- n0madic/google-play-scraper: GitHub repo and Go reference
- parnurzeal/gorequest: GitHub repo and Go reference
- VirusTotal/vt-go: GitHub repo and Go reference
- VirusTotal API documentation
- Koodous API documentation