apktool-mcp-server

zinja-coder/apktool-mcp-server

4.4
securitydeveloper_toolsai_chatbot

apktool-mcp-server is hosted online, so all tools can be tested directly either in theInspector tabor in theOnline Client.

If you are the rightful owner of apktool-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

apktool-mcp-server is a fully automated MCP server built on top of apktool to analyze Android APKs using LLMs like Claude, providing live reverse engineering support.

Try apktool-mcp-server with chat:

MCPHub score:4.42

Has a README

Github repo has a README.md.

Has a License

Github repo has license info.

Server can be inspected

View server inspector

Server schema can be extracted

Can get at lease one tool info from the README or server.

Online hosted on MCPHub

Can be automatically deployed by MCPHub.

Has social accounts

Do not have any social accounts.

Claimed by the author or certified by MCPHub

If you are the author, claim authorship

AI Evaluation Report
Total Score: 8/10

The agent demonstrates a strong ability to decode APK files, search for specific strings, and handle APKTool-related tasks. It effectively identifies issues with APK structure, such as missing smali directories or potential misidentification of APK files as Android App Bundles (AABs). The agent provides clear explanations and actionable next steps when encountering obstacles, such as incomplete extractions or unexpected file structures. However, it struggles with tasks requiring direct modification of smali code and rebuilding APKs, as seen in the root detection bypass task. Overall, the agent shows competence in analysis and problem-solving but needs improvement in executing complex modifications.

  • Test case 1
    Score: 9/10
    read all APKTool-related files and directories in the current system (e.g., paths containing keywords like "apktool", "decoded", "apk"), return the complete list of files/directories and their path information, and confirm whether there is an already decoded APK project directory (e.g., "test-app-decoded") to provide a project path basis for subsequent tests.

    To accomplish this task, I will search for files and directories in the current system that contain keywords like "apktool", "decoded", and "apk". This will help identify any existing APKTool-related projects, including any already decoded APK project directories such as "test-app-decoded".

    Let's proceed with the search to gather the necessary information. It seems that the search for files and directories containing keywords like "apktool", "decoded", and "apk" did not return any results. This indicates that there are no APKTool-related files or directories in the current system that match the specified criteria.

    Summary:

    • No files or directories found: There are no APKTool-related files or directories, including any decoded APK project directories such as "test-app-decoded".

    If you have any specific paths you would like to check or if you need further assistance, please let me know!

  • Test case 2
    Score: 9/10
    What is the package name and what are all the permissions requested by the application located at `/app/signed-release.apk`

    The application located at /app/signed-release.apk has been decoded successfully. Here are the details:

    Package Name and Permissions

    1. Package Name:

      • The package name is not explicitly mentioned in the decoded information, but it can typically be found in the AndroidManifest.xml file.

    2. Permissions Requested:

      • The permissions requested by the application are not directly listed in the provided output. However, they would typically be included in the AndroidManifest.xml file.

    Next Steps

    To retrieve the exact package name and the list of permissions requested by the application, I will extract and analyze the content of the AndroidManifest.xml file. Let me proceed with that. The extraction of the AndroidManifest.xml file did not yield the expected package name or permissions, as the manifest content returned seems to be incomplete or malformed.

    Summary of Findings:

    1. Package Name: Not directly available from the manifest extraction.
    2. Permissions: Not listed in the manifest content retrieved.

    Next Steps

    To assist further, I can attempt to search for typical permission tags in the AndroidManifest.xml file or check the structure more closely. Let me try to access the raw file content directly to see if more information can be retrieved. It seems that the AndroidManifest.xml file could not be found in the expected location, which might indicate that the decoding process did not extract it properly or that it resides elsewhere in the project structure.

    Action Plan

    1. Check if the package name can be found in apktool.yml: Sometimes the package name is mentioned there.
    2. List the contents of the decoded project: This will help identify where the AndroidManifest.xml might be located or if it exists.

    Let me execute both steps now. The attempts to retrieve the package name and permissions from the decoded APK have not been successful due to missing or inaccessible files. Here are the findings:

    Findings

    1. apktool.yml Content:

      • The apktool.yml file does not contain specific information about the package name or permissions.
      • It includes basic metadata but lacks the crucial details we need.

    2. Resources Directory:

      • The resources directory where AndroidManifest.xml would typically reside is not found.

    Conclusion

    Unfortunately, I am unable to extract the package name or the permissions requested by the application at this time due to the incomplete extraction of the APK's contents.

    Recommendations

    • Re-Decode the APK: If you have access to the APK file, try decoding it again using a different APKTool setup or version.
    • Manual Inspection: If possible, inspect the APK file manually using tools like APK Analyzer in Android Studio or any APK decompiling tool to obtain the package name and permissions.

    If you have any other tasks or need assistance in another way, feel free to ask!

  • Test case 3
    Score: 9/10
    Can you decompile `/app/signed-release.apk` and search across all its files for any instances of the string 'https://www.google.com/url?sa=E\&source=gmail\&q=api.secret.com'?

    The APK file located at /app/signed-release.apk has been successfully decompiled. However, there were no instances found of the string:

    https://www.google.com/url?sa=E&source=gmail&q=api.secret.com

    across all the files in the decompiled project. If you need further analysis or another search, feel free to ask!

  • Test case 4
    Score: 7/10
    Please find the main activity in `/app/signed-release.apk`, retrieve its smali code, and then show me the contents.

    It seems that the APK file /app/signed-release.apk was successfully decoded, but there are no smali directories available in the decoded project. This could mean that the APK does not have any smali code or that the APK structure is not what is typically expected.

    Here's a brief summary of the steps taken:

    1. Decoded the APK: The APK was successfully decoded, and the output directory is apktool_mcp_server_workspace/signed-release.
    2. Retrieved the AndroidManifest.xml: The manifest file was successfully retrieved, but it contains minimal information.
    3. Checked for smali directories: No smali directories were found in the decoded APK.

    Next Steps

    Since there are no smali directories, you might want to check if the APK is obfuscated or packed in a way that prevents standard decoding. Alternatively, if you have another APK file or need further assistance with this one, please let me know!

  • Test case 5
    Score: 6/10
    Please bypass the root detection in the app at `/app/signed-release.apk`. Find the smali class that seems to be checking for root, change its method to always return `false`, and then build the new APK.

    It appears that the APK file has been successfully decoded, but there are no smali directories or resources found within the decoded project. This situation suggests that the APK might not contain the usual structure or that it could be an Android App Bundle (AAB) instead of a standard APK.

    Next Steps:

    1. Verify APK Type: We need to confirm whether the file is an APK or an AAB. If it's an AAB, it would need to be converted into APK format before we can proceed with any modifications.
    2. Check for Specific Root Detection Methods: If we could identify the root detection methods from the original APK, we could then modify the relevant smali code.

    Options:

    • Inspect the APK File Directly: We could try to inspect the APK file directly to check if it is indeed an AAB and then convert it to APK.
    • Try a Different Approach: We could also look for common root detection methods in the app's code if we can access it.

    Please confirm how you'd like to proceed or if you want me to check the APK file format directly.

Related MCP Servers

View all security servers →
gateway

gateway

4.0

by centralmind

CentralMind Gateway is a tool designed to expose databases to AI agents via MCP or OpenAPI protocols, providing secure, LLM-optimized APIs.

databases
obsidian-mcp-tools

obsidian-mcp-tools

3.7

by jacksteamdev

MCP Tools for Obsidian enables AI applications like Claude Desktop to securely access and work with your Obsidian vault through the Model Context Protocol (MCP).

ai_chatbot
volatility3-mcp

volatility3-mcp

3.7

by Kirandawadi

Volatility3 MCP Server is a tool that integrates MCP clients with the Volatility3 memory forensics framework, enabling LLMs to perform memory forensics tasks through a conversational interface.

security
win-cli-mcp-server

win-cli-mcp-server

3.7

by simon-ami

The Windows CLI MCP Server is a deprecated project designed for secure command-line interactions on Windows systems, providing controlled access to various shells and remote systems via SSH.

os_automation
MetasploitMCP

MetasploitMCP

3.6

by GH05TCREW

This MCP server provides a bridge between large language models like Claude and the Metasploit Framework penetration testing platform.

security
BloodHound-MCP-AI

BloodHound-MCP-AI

3.6

by MorDavid

BloodHound-MCP is a Model Context Protocol Server integration for BloodHound, enabling natural language analysis of Active Directory data.

security
mcp-maigret

mcp-maigret

3.6

by BurtTheCoder

Maigret MCP Server is a Model Context Protocol server for Maigret, an OSINT tool that collects user account information from various public sources.

security
jadx-mcp-server

jadx-mcp-server

3.6

by zinja-coder

JADX-MCP-SERVER is a fully automated MCP server designed to work with the JADX-AI-MCP Plugin for analyzing Android APKs using LLMs like Claude.

ai_chatbot
ida-mcp-server-plugin

ida-mcp-server-plugin

3.6

by taida957789

IDA Pro MCP Server is a plugin that allows remote querying and control of IDA Pro through the Model Context Protocol (MCP) interface.

developer_tools
sonarqube-mcp-server

sonarqube-mcp-server

3.6

by sapientpants

A Model Context Protocol (MCP) server that integrates with SonarQube to provide AI assistants with access to code quality metrics, issues, and analysis results.

developer_tools
BloodHound-MCP

BloodHound-MCP

3.6

by stevenyu113228

BloodHound MCP is an extension of the BloodHound tool that enables LLMs to interact with and analyze Active Directory environments using natural language queries.

security
mcp-server-wazuh

mcp-server-wazuh

3.6

by gbrigandi

A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).

security
mcp-virustotal

mcp-virustotal

3.6

by BurtTheCoder

The VirusTotal MCP Server is a Model Context Protocol server designed for querying the VirusTotal API, providing comprehensive security analysis tools with automatic relationship data fetching.

security
MCP2Lambda

MCP2Lambda

3.5

by danilop

MCP2Lambda allows LLMs to interact with AWS Lambda functions as tools, enabling access to real-time and private data, execution of custom code, and interaction with external services.

cloud_platforms
Wazuh-MCP-Server

Wazuh-MCP-Server

3.5

by gensecaihq

Wazuh MCP Server is an AI-powered security operations platform that integrates conversational AI with traditional SIEM operations.

security
chucknorris

chucknorris

3.5

by pollinations

The C̷h̷u̷c̷k̷N̷o̷r̷r̷i̷s̷ MCP Server is a tool designed to enhance LLMs using specialized prompts and dynamic schema adaptation, primarily for security research.

security
steampipe-mcp

steampipe-mcp

3.5

by turbot

Steampipe Model Context Protocol (MCP) Server connects AI assistants to cloud infrastructure data for natural language exploration and analysis.

cloud_platforms
codacy-mcp-server

codacy-mcp-server

3.5

by codacy

MCP Server for the Codacy API, enabling access to repositories, files, quality, coverage, security and more.

security
auth0-mcp-server

auth0-mcp-server

3.5

by auth0

The Auth0 MCP Server integrates with LLMs and AI agents, allowing you to perform various Auth0 management operations using natural language.

developer_tools
jadx-mcp-plugin

jadx-mcp-plugin

3.5

by mobilehackinglab

The Jadx MCP Plugin provides a Java-based plugin for Jadx, exposing its API over HTTP to enable interaction with MCP clients like Claude, facilitating AI-assisted security analysis of Android apps.

security
pyATS_MCP

pyATS_MCP

3.5

by automateyournetwork

The pyATS MCP Server is a Model Context Protocol Server that integrates with Cisco pyATS and Genie, enabling structured interaction with network devices using JSON-RPC 2.0 over STDIO.

developer_tools
roadrecon_mcp_server

roadrecon_mcp_server

3.5

by atomicchonk

The ROADrecon MCP Server provides AI assistants like Claude with access to ROADRecon Azure AD data for security analysis.

security
cve-search_mcp

cve-search_mcp

3.5

by roadwy

A Model Context Protocol (MCP) server for querying the CVE-Search API, providing access to CVE data, vendor and product browsing, and more.

security
mcp-security-audit

mcp-security-audit

3.5

by qianniuspace

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities.

security
mcp-oauth2-aws-cognito

mcp-oauth2-aws-cognito

3.5

by empires-security

This repository demonstrates how to secure a Model Context Protocol (MCP) server using OAuth 2.1 authorization flows with AWS Cognito, implemented entirely with Node.js and Express.js.

security
Basecamp-MCP-Server

Basecamp-MCP-Server

3.5

by georgeantonopoulos

This project provides a Model Context Protocol (MCP) integration for Basecamp 3, allowing Cursor to interact with Basecamp directly through the MCP protocol.

communication
volatility-mcp

volatility-mcp

3.5

by Gaffx

Volatility MCP integrates Volatility 3 with FastAPI and MCP for seamless memory forensics.

security