diff --git a/pkgs/tools/security/apkleaks/default.nix b/pkgs/tools/security/apkleaks/default.nix
new file mode 100644
index 000000000000..133601e4025f
--- /dev/null
+++ b/pkgs/tools/security/apkleaks/default.nix
@@ -0,0 +1,37 @@
+{ lib
+, fetchFromGitHub
+, jadx
+, python3
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "apkleaks";
+  version = "2.6.1";
+
+  disabled = python3.pythonOlder "3.6";
+
+  src = fetchFromGitHub {
+    owner = "dwisiswant0";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0ysciv643p8gkqw2wp7zy4n07hihdcyil8d20lj86cpgga71rd64";
+  };
+
+  propagatedBuildInputs = with python3.pkgs; [
+    jadx
+    pyaxmlparser
+    setuptools
+  ];
+
+  # Project has no tests
+  doCheck = false;
+
+  pythonImportsCheck = [ "apkleaks" ];
+
+  meta = with lib; {
+    description = "Scanning APK file for URIs, endpoints and secrets";
+    homepage = "https://github.com/dwisiswant0/apkleaks";
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 94b72017beb1..5d0b49207a6f 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1170,6 +1170,8 @@ with pkgs;
 
   apkid = callPackage ../development/tools/apkid { };
 
+  apkleaks = callPackage ../tools/security/apkleaks { };
+
   apksigcopier = callPackage ../development/tools/apksigcopier { };
 
   apksigner = callPackage ../development/tools/apksigner {