Katastima
APK Scanner

Configuration

How to configure the APK Scanner using configuration files.

Overview

To specify the default behavior of the APK Scanner (optional) configuration files can be provided.

If there are matching config options and command line parameters, the command line parameters override the specified config options.

To view the current in use configuration, you can use the config show command or view the configuration files in the source code.

CLI (apkscanner-cli.yaml)

apkscanner-cli_sample.yaml
verbose: false
quiet: false

apkscanner_config_file_path: "apkscanner.yaml"

console_output:
  enable_rich_output: true

scan_apk:
  verbose_all: false
  verbose_generic: false
  verbose_apk_info: false
  verbose_detected_libraries: true
  verbose_permissions: true
  verbose_signature_apksig: false
  verbose_signature_certificate: false
  verbose_signing_block: false

  store_as_json: "no"
  json_exclude_defaults: false
  json_output_directory: ""
  json_output_subdirectory: false
  json_output_with_apk: false

View the recent sample configuration.

quiet
boolean
Default to false - Do not print any program output (where possible).
  • Defaults to false
verbose
boolean
Default to false - Print additional verbose output; ignored when quiet is enabled.
  • Defaults to false
apkscanner_config_file_path
string
Path (absolute/relative) to the apkscanner-cli.yaml, containing APK Scanner configuration.
  • Defaults to apkscanner.yaml

console_output

enable_rich_output
boolean
Whether output should be rich, e.g.: bold, with color, etc.
  • Defaults to true

scan_apk

verbose_all
boolean
Enable all verbose prints when true, otherwise respect the other scoped verbose_* options.
  • Defaults to false
verbose_generic
boolean
Print generic information, such as information about the scan itself, e.g.: scan date, time, etc.
  • Defaults to false
verbose_apk_info
boolean
Print additional apk information, such as file name, sha256sum of file, etc.
  • Defaults to false
verbose_detected_libraries
boolean
Print full information of detected libraries.
  • Defaults to true
verbose_permissions
boolean
Print full information about requested permissions.
  • Defaults to true
verbose_signature_apksig
boolean
Print full information about the apksig signature verification.
  • Defaults to false
verbose_signature_certificate
boolean
Print full information about the certificate during signature verification, e.g.: issuer and subject principals, public key hashes, etc.
  • Defaults to false
verbose_signing_block
boolean
Print full information about signing blocks, e.g.: all ok blocks, dangerous blocks which were checked but not found, etc.
  • Defaults to false
store_as_json
no|yes|pretty
Store output result as json file.
  • Defaults to no
  • Supported values:
    • no
      • Do not store scan output as json file.
    • Yes
      • Store scan output as minified json file.
    • pretty
      • Store scan output as json file with human readable formatting.
json_exclude_defaults
boolean
Exclude default values when storing the scan result as json file.
While this may result in smaller json files, the resulting json files may be interpreted differently by consumers.
  • Defaults to false
json_output_directory
path
A directory where the scan output should be stored. The directory will be created, if it does not already exist.
Specifying an empty location will use the current working directory.
  • Defaults to ""
json_output_subdirectory
boolean
Store the scan output in a subdirectory within the output directory.
  • Defaults to false
json_output_with_apk
boolean
Store the scan output next to the APK file(s) (suffixed with '.json') instead of writing to a file within the specified output directory.
  • Defaults to false

APK Scanner (apkscanner.yaml)

apkscanner_sample.yaml
data:
  use_default_data: true
  certificate_denylist_path: ""
  certificate_denylist_export_path: "export/certificate_denylist.json"
  library_definition_path: ""
  library_definition_export_path: "export/libsmali.jsonl"
  library_information_path: ""
  library_information_export_path: "export/libinfo.jsonl"
  manifest_config_path: ""
  manifest_config_export_path: "export/manifest_config.json"
database:
  debug: false
  type: "none"
  mode: "default"
  path: "apkscanner"
scan:
  apk_reported_path_type: "default"

View the recent sample configuration.

data

use_default_data
boolean
Use bundled data for empty paths. This is useful, if you do not plan to use your own data and instead want to use what is coming with APK Scanner by default.
  • Defaults to true
certificate_denylist_path
path
Path to a JSON file, containing certificate definitions to be used for the deny list.
certificate_denylist_export_path
path
Path to a file, where certificate export results should be exported to.
  • Defaults to "export/certificate_denylist.json"
library_definition_path
path
Path to a JSON Lines file, containing library definitions to be used by the library scanner.
library_definition_export_path
path
Path to a file, where library definition export results should be exported to.
  • Defaults to "export/libsmali.jsonl"
library_information_path
path
Path to a JSON Lines file, containing library information to be used by the library scanner.
library_information_export_path
path
Path to a file, where library information export results should be exported to.
  • Defaults to "export/libinfo.jsonl"
manifest_config_path
path
Path to a JSON file, containing manifest configurations to be used by the manifest scanner.
manifest_config_export_path
path
Path to a file, where manifest export results should be exported to.
  • Defaults to "export/manifest_config.json"

database

debug
boolean
Print debug output for database transactions.
  • Defaults to false
type
string
The type of database to use.
  • Defaults to none
  • Supported values:
    • none
      • This disables database usage.
    • h2
mode
string
The mode to run the database in, if supported by the database type.
  • Defaults to default
  • Supported values (other than default):
    • For h2
      • memory - Run the database in memory mode, destroying the database after the application exits.
path
path
Path to the database, if supported by the database type.
  • Default to apkscanner

scan

apk_reported_path_type
string
Print debug output for database transactions.
  • Defaults to default
  • Supported values:
    • absolute: use absolute path of the file, e.g.: /opt/repo/file.apk.
    • filename: use file name only, e.g.: file.apk.
    • relative: use relative path from current working directory to the file, e.g.: repo/file.apk.
    • default: use current default (filename).

Usage

How to use APK Scanner.

General

An overview of general options for every APK Scanner command.