ohmyg0sh 1.70.0 
ohmyg0sh: ^1.70.0 copied to clipboard
APK security scanner that detects hardcoded API keys and credentials before they reach production.
Changelog #
All notable changes to this project will be documented in this file.
1.70.0 - 2025-10-08 #
Added #
- Detect Mapbox public/secret tokens and Supabase publishable/secret keys via bundled patterns (config/regexes.json, lib/config/regexes.json)
Changed #
- Stamp generated reports with generator metadata and upstream repository links (OhMyG0sh.generateReport)
- Stream JAXB suppression improvements to hide noisy
ERROR - finished with errorslines while preserving progress output (OhMyG0sh.decompile)
1.69.777+69 - 2025-10-07 #
Fixed #
- Resolve bundled configs via package: URIs for pub global installs (OhMyG0sh._loadPatterns(), OhMyG0sh._loadNotKeyHacks())
- Ship default patterns/filters with the package for global CLI (lib/config/regexes.json, lib/config/notkeyhacks.json)
- README notes for output file naming and config resolution (README.md)
Chore #
- Bump version to 1.69.777+69 (pubspec.yaml)
- Add .pubignore and ensure CHANGELOG.md is included (.pubignore)
- Ignore RELEASE_STEP.md in VCS (.gitignore)
Docs #
- Standardize doc comments across library, CLI, core engine, scanner, example, and tests
1.69.777 - 2025-10-07 #
Added #
- Initial release of ohmyg0sh APK security scanner
- APK decompilation using jadx 1.5.3
- Regex-based detection for 50+ API key and secret patterns
- Configurable detection rules via
config/regexes.json - False-positive filtering via
config/notkeyhacks.json - JSON and text output formats
- Docker image for easy deployment
- Continue-on-error mode for jadx failures
- Comprehensive pattern library including:
- AWS, Google Cloud, Azure credentials
- Social media API keys (Facebook, Twitter, Slack)
- Payment services (Stripe, PayPal, Square)
- Database connection strings
- Private keys and certificates
- Automatic cleanup of temporary files
- Detailed logging for troubleshooting
Security #
- Scans Java, Kotlin, Smali, XML, JavaScript, and text files
- Package name extraction from AndroidManifest.xml
- Pattern matching with context-aware filtering
Documentation #
- Complete README with installation and usage examples
- Docker Hub deployment guide
- Troubleshooting section
- Contributing guidelines
Metadata
6
likes
160
points
11
downloads
Publisher
unverified uploader
Weekly Downloads
Metadata
APK security scanner that detects hardcoded API keys and credentials before they reach production.
Repository (GitHub)
View/report issues
Topics
#security #scanner #apk #regex #dart
Documentation
License
MIT (license)
