zsdlove / apkvulcheck Goto Github PK
View Code? Open in Web Editor NEWThis is a tool to help androidcoder to check the flaws in their projects.
This is a tool to help androidcoder to check the flaws in their projects.
##flag逻辑判断错误,所以app均被判断为未加固。需更改else中的条件为pass
并将flag初始为 false
def packerDetector(apkpath):
packerType=""
packersign=""
flag=False
zipfiles=zipfile.ZipFile(apkpath)
nameList=zipfiles.namelist()
for fileName in nameList:
for packer in packer_features.keys():
if packer in fileName:
flag=True
packerType=packer_features[packer]
packersign=packer
break
else:
pass
flake8 testing of https://github.com/zsdlove/ApkVulCheck on Python 3.7.0
$ flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics
./AndroidCodeCheck.py:94:2: F821 undefined name 'banner_begin'
banner_begin()
^
./AndroidCodeCheck.py:112:2: F821 undefined name 'banner_begin'
banner_begin()
^
./AndroidCodeCheck.py:113:2: F821 undefined name 'banner_finished'
banner_finished()
^
./AndroidCodeCheck.py:382:2: F821 undefined name 'banner_new'
banner_new()
^
4 F821 undefined name 'banner_begin'
4
❯ python AndroidCodeCheck.py --taskpath ~/Downloads/com.wingjoy.dynastyLife.apk
[init] - Decode the AndroidManifest.xml file Successfully!
outputpath=>/tmp/hades/result/com68825
[init] - Decompile the dex file Successfully.
Traceback (most recent call last):
File "AndroidCodeCheck.py", line 294, in <module>
startprocess()
File "/Users/s/Desktop/TestTools/ApkVulCheck/venv/lib/python3.8/site-packages/click/core.py", line 829, in __call__
return self.main(*args, **kwargs)
File "/Users/s/Desktop/TestTools/ApkVulCheck/venv/lib/python3.8/site-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/Users/s/Desktop/TestTools/ApkVulCheck/venv/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/Users/s/Desktop/TestTools/ApkVulCheck/venv/lib/python3.8/site-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "AndroidCodeCheck.py", line 285, in startprocess
apkAnalysis().fastScanEngine({
File "AndroidCodeCheck.py", line 27, in wrapper
ret=func(*args,**kwargs)
File "AndroidCodeCheck.py", line 152, in fastScanEngine
cptcheck.run()
File "/Users/s/Desktop/TestTools/ApkVulCheck/plugin/manifestAnalysis.py", line 138, in run
self.android_manifest_check()
File "/Users/s/Desktop/TestTools/ApkVulCheck/plugin/manifestAnalysis.py", line 122, in android_manifest_check
self.getUsesPermission(node) # usespermission
File "/Users/s/Desktop/TestTools/ApkVulCheck/plugin/manifestAnalysis.py", line 37, in getUsesPermission
logging.info("- [VulScanEngine] " + "申请的权限名为:" + node.getAttribute('android:name').encode("utf-8"))
TypeError: can only concatenate str (not "bytes") to str
root@kali202003:~/ApkVulCheck-master# python2 AndroidCodeCheck.py --taskpath fixxB14976.apk --output json
[init] - Decode the AndroidManifest.xml file Successfully!
outputpath=>/tmp/hades/result/fixxB1497658193
Exception in thread "main" org.jf.dexlib2.dexbacked.DexBackedDexFile$NotADexFile: Invalid magic value: 64 65 78 0a 30 33 37 00
at org.jf.dexlib2.dexbacked.DexBackedDexFile.verifyMagicAndByteOrder(DexBackedDexFile.java:151)
at org.jf.dexlib2.dexbacked.DexBackedDexFile.(DexBackedDexFile.java:70)
at org.jf.dexlib2.dexbacked.DexBackedDexFile.(DexBackedDexFile.java:96)
at org.jf.dexlib2.DexFileFactory.loadDexFile(DexFileFactory.java:79)
at org.jf.dexlib2.DexFileFactory.loadDexFile(DexFileFactory.java:54)
at org.jf.baksmali.main.main(main.java:247)
[init] - Decompile the dex file Successfully.
sh: 1: lib/aapt2: Exec format error
Traceback (most recent call last):
File "AndroidCodeCheck.py", line 294, in
startprocess()
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 829, in call
return self.main(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 782, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 1066, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 610, in invoke
return callback(*args, **kwargs)
File "AndroidCodeCheck.py", line 288, in startprocess
"output":kwargs.get("output")
File "AndroidCodeCheck.py", line 27, in wrapper
ret=func(*args,**kwargs)
File "AndroidCodeCheck.py", line 166, in fastScanEngine
apkname=os.popen("lib/aapt2 dump badging %s |grep application-label:" % filepath).read().replace("\n","").split(":")[1].replace("'","")
IndexError: list index out of range
Python3,正常运行后没有生成结果。
ApkVulCheck/lib/methodCallGenerator.py
332行 parser=SmaliParser("smalipath,"smali")
有错误
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.