// Mobile Threat Intelligence Platform

Scan APKs for
Hidden Threats

DroidHog is the most advanced Android security scanner built for pentesters, bug bounty hunters and mobile security teams. Upload an APK — get a full threat report in seconds.

START SCANNING FREE LEARN MORE
droidhog — live scan output
0
Security Checks
0
Scanners
0
SDK CVE Mappings
0
Report Formats
// Capabilities
Everything a pentester needs
Secrets Detection
Finds AWS keys, Firebase tokens, JWT, OAuth secrets, DB URIs and 20+ more credential types hardcoded in the APK.
AWSFirebaseJWTStripe
Malware Indicators
Detects C2 domains, SMS interception, overlay attacks, ransomware patterns and banking trojan behaviour.
C2OverlayRATRansomware
Weak Cryptography
Flags DES, RC4, ECB mode, MD5/SHA1, static IVs, TrustAllCerts and SSLv3 usage.
DESECBMD5TrustAllCerts
Manifest Analysis
Checks debug mode, exported components, backup flags, dangerous permissions and missing security config.
DebuggableExportedPermissions
Intent Fuzzing
Lists all exported components with exact ready-to-paste adb commands for testing.
adbActivitiesServices
SDK Inventory
Identifies 30+ embedded SDKs and maps them to known CVEs automatically.
FacebookOkHttpJackson
CVSS Scoring
Every finding gets a dynamic CVSS score adjusted by context — exported + no permission = higher score.
CVSSRiskContext
PDF Reports
Generates branded client-ready PDF reports with remediation steps, CVE numbers and impact descriptions.
PDFPentestRemediation
CI/CD API
REST API for integrating DroidHog into GitHub Actions, GitLab CI and DevSecOps pipelines.
APIGitHub ActionsGitLab
// Pricing
Simple, transparent pricing
Free
$0/mo
  • 1 scan / month
  • APK resource scan
  • HTML report
GET STARTED
Premium
$30/mo
  • Everything in Pro
  • Live secret verify
  • API + CI/CD access
UPGRADE

Ready to find what's hiding in your APK?

Join security professionals using DroidHog to uncover secrets, malware and vulnerabilities in Android apps.

CREATE FREE ACCOUNT