api_keys

Description

This plugin makes possible to identify Api keys, ip address, hash, token, etc.

At first, some regexes identifies the most remarkable string as AWS_API_Key, Google_API_Key etc. (full list can be found here)

Then a Neural Network Based is used to identify Automaticaly API Keys.

A Multilayer-Perceptron-based system, able to identify API Key strings with an accuracy of over 99%.

For technical details, check out my thesis (Automatic extraction of API Keys from Android applications) and, in particular, Chapter 3 of the work.

Automatic API Key detector was developed by https://github.com/alessandrodd

Usage

asthook <app> --api_keys <normal|full>