本文整理汇总了Python中MobSF.utils.python_list函数的典型用法代码示例。如果您正苦于以下问题:Python python_list函数的具体用法?Python python_list怎么用?Python python_list使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了python_list函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: get_context_from_db_entry_ios
def get_context_from_db_entry_ios(db_entry):
"""Return the context for IOS ZIP from DB"""
try:
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title': db_entry[0].TITLE,
'name': db_entry[0].APPNAMEX,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'plist': db_entry[0].INFOPLIST,
'bin_name': db_entry[0].BINNAME,
'id': db_entry[0].IDF,
'ver': db_entry[0].VERSION,
'sdk': db_entry[0].SDK,
'pltfm': db_entry[0].PLTFM,
'min': db_entry[0].MINX,
'files': python_list(db_entry[0].FILES),
'file_analysis': db_entry[0].SFILESX,
'api': python_dict(db_entry[0].API),
'insecure': python_dict(db_entry[0].CODEANAL),
'urls': python_list(db_entry[0].URLnFile),
'domains': python_dict(db_entry[0].DOMAINS),
'emails': python_list(db_entry[0].EmailnFile),
'permissions': python_list(db_entry[0].PERMISSIONS),
'insecure_connections': python_list(db_entry[0].INSECCON)
}
return context
except:
PrintException("[ERROR] Fetching from DB")
开发者ID:goodhal,项目名称:Mobile-Security-Framework-MobSF,代码行数:31,代码来源:db_interaction.py
示例2: get_context_from_db_entry_ipa
def get_context_from_db_entry_ipa(db_entry):
"""Return the context for IPA from DB"""
try:
print("\n[INFO] Analysis is already Done. Fetching data from the DB...")
context = {
'title': db_entry[0].TITLE,
'file_name': db_entry[0].FILE_NAME,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'plist': db_entry[0].INFOPLIST,
'bin_name': db_entry[0].BINNAME,
'id': db_entry[0].IDF,
'build': db_entry[0].BUILD,
'version': db_entry[0].VERSION,
'sdk': db_entry[0].SDK,
'pltfm': db_entry[0].PLTFM,
'min': db_entry[0].MINX,
'bin_anal': python_list(db_entry[0].BIN_ANAL),
'libs': python_list(db_entry[0].LIBS),
'files': python_list(db_entry[0].FILES),
'file_analysis': python_list(db_entry[0].SFILESX),
'strings': python_list(db_entry[0].STRINGS),
'permissions': python_list(db_entry[0].PERMISSIONS),
'insecure_connections': python_list(db_entry[0].INSECCON),
'bundle_name': db_entry[0].BUNDLE_NAME,
'bundle_url_types': python_list(db_entry[0].BUNDLE_URL_TYPES),
'bundle_supported_platforms': python_list(db_entry[0].BUNDLE_SUPPORTED_PLATFORMS),
'bundle_localizations': python_list(db_entry[0].BUNDLE_LOCALIZATIONS),
}
return context
except:
PrintException("[ERROR] Fetching from DB")
开发者ID:EsteveM,项目名称:Mobile-Security-Framework-MobSF,代码行数:35,代码来源:db_interaction.py
示例3: get_context_from_db_entry_ipa
def get_context_from_db_entry_ipa(db_entry):
"""Return the context for IPA from DB"""
try:
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title': db_entry[0].TITLE,
'name': db_entry[0].APPNAMEX,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'plist': db_entry[0].INFOPLIST,
'bin_name': db_entry[0].BINNAME,
'id': db_entry[0].IDF,
'ver': db_entry[0].VERSION,
'sdk': db_entry[0].SDK,
'pltfm': db_entry[0].PLTFM,
'min': db_entry[0].MINX,
'bin_anal': db_entry[0].BIN_ANAL,
'libs': db_entry[0].LIBS,
'files': python_list(db_entry[0].FILES),
'file_analysis': db_entry[0].SFILESX,
'strings': python_list(db_entry[0].STRINGS),
'permissions': python_list(db_entry[0].PERMISSIONS),
'insecure_connections': python_list(db_entry[0].INSECCON)
}
return context
except:
PrintException("[ERROR] Fetching from DB")
开发者ID:goodhal,项目名称:Mobile-Security-Framework-MobSF,代码行数:29,代码来源:db_interaction.py
示例4: get_context_from_db_entry
def get_context_from_db_entry(db_entry):
"""Return the context for APK/ZIP from DB"""
try:
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title': db_entry[0].TITLE,
'name': db_entry[0].APP_NAME,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'packagename': db_entry[0].PACKAGENAME,
'mainactivity': db_entry[0].MAINACTIVITY,
'targetsdk': db_entry[0].TARGET_SDK,
'maxsdk': db_entry[0].MAX_SDK,
'minsdk': db_entry[0].MIN_SDK,
'androvername': db_entry[0].ANDROVERNAME,
'androver': db_entry[0].ANDROVER,
'manifest': python_list(db_entry[0].MANIFEST_ANAL),
'permissions': python_dict(db_entry[0].PERMISSIONS),
'binary_analysis': python_list(db_entry[0].BIN_ANALYSIS),
'files': python_list(db_entry[0].FILES),
'certz': db_entry[0].CERTZ,
'activities': python_list(db_entry[0].ACTIVITIES),
'receivers': python_list(db_entry[0].RECEIVERS),
'providers': python_list(db_entry[0].PROVIDERS),
'services': python_list(db_entry[0].SERVICES),
'libraries': python_list(db_entry[0].LIBRARIES),
'browsable_activities': python_dict(db_entry[0].BROWSABLE),
'act_count': db_entry[0].CNT_ACT,
'prov_count': db_entry[0].CNT_PRO,
'serv_count': db_entry[0].CNT_SER,
'bro_count': db_entry[0].CNT_BRO,
'certinfo': db_entry[0].CERT_INFO,
'issued': db_entry[0].ISSUED,
'native': db_entry[0].NATIVE,
'dynamic': db_entry[0].DYNAMIC,
'reflection': db_entry[0].REFLECT,
'crypto': db_entry[0].CRYPTO,
'obfus': db_entry[0].OBFUS,
'api': db_entry[0].API,
'dang': db_entry[0].DANG,
'urls': db_entry[0].URLS,
'domains': python_dict(db_entry[0].DOMAINS),
'emails': db_entry[0].EMAILS,
'strings': python_list(db_entry[0].STRINGS),
'zipped': db_entry[0].ZIPPED,
'mani': db_entry[0].MANI,
'e_act': db_entry[0].E_ACT,
'e_ser': db_entry[0].E_SER,
'e_bro': db_entry[0].E_BRO,
'e_cnt': db_entry[0].E_CNT,
}
return context
except:
PrintException("[ERROR] Fetching from DB")
开发者ID:AndroidTamer,项目名称:Mobile-Security-Framework-MobSF,代码行数:57,代码来源:db_interaction.py
示例5: ActivityTester
def ActivityTester(request):
print "\n[INFO] Activity Tester"
try:
MD5 = request.POST['md5']
PKG = request.POST['pkg']
m = re.match('^[0-9a-f]{32}$', MD5)
if m:
if re.findall(";|\$\(|\|\||&&", PKG):
print "[ATTACK] Possible RCE"
return HttpResponseRedirect('/error/')
if request.method == 'POST':
DIR = settings.BASE_DIR
APP_DIR = os.path.join(settings.UPLD_DIR, MD5 + '/')
TOOLS_DIR = os.path.join(
DIR, 'DynamicAnalyzer/tools/') # TOOLS DIR
SCRDIR = os.path.join(APP_DIR, 'screenshots-apk/')
data = {}
adb = getADB(TOOLS_DIR)
DB = StaticAnalyzerAndroid.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching Activity List from DB"
ACTIVITIES = python_list(DB[0].ACTIVITIES)
if ACTIVITIES:
n = 0
print "\n[INFO] Starting Activity Tester..."
print "\n[INFO] " + str(len(ACTIVITIES)) + " Activities Identified"
for line in ACTIVITIES:
try:
n += 1
print "\n[INFO] Launching Activity - " + str(n) + ". " + line
subprocess.call(
[adb, "-s", getIdentifier(), "shell", "am", "start", "-n", PKG + "/" + line])
Wait(4)
subprocess.call(
[adb, "-s", getIdentifier(), "shell", "screencap", "-p", "/data/local/screen.png"])
#? get appended from Air :-() if activity names are used
subprocess.call(
[adb, "-s", getIdentifier(), "pull", "/data/local/screen.png", SCRDIR + "act-" + str(n) + ".png"])
print "\n[INFO] Activity Screenshot Taken"
subprocess.call(
[adb, "-s", getIdentifier(), "shell", "am", "force-stop", PKG])
print "\n[INFO] Stopping App"
except:
PrintException("Activity Tester")
data = {'acttest': 'done'}
else:
print "\n[INFO] Activity Tester - No Activity Found!"
data = {'acttest': 'noact'}
return HttpResponse(json.dumps(data), content_type='application/json')
else:
print "\n[ERROR] Entry does not exist in DB."
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
except:
PrintException("[ERROR] Activity Tester")
return HttpResponseRedirect('/error/')
开发者ID:AndroidTamer,项目名称:Mobile-Security-Framework-MobSF,代码行数:59,代码来源:android.py
示例6: get_context_from_db_entry_ios
def get_context_from_db_entry_ios(db_entry):
"""Return the context for IOS ZIP from DB"""
try:
logger.info("Analysis is already Done. Fetching data from the DB...")
context = {
'title': db_entry[0].TITLE,
'file_name': db_entry[0].FILE_NAME,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'plist': db_entry[0].INFOPLIST,
'bin_name': db_entry[0].BINNAME,
'id': db_entry[0].IDF,
'build': db_entry[0].BUILD,
'version': db_entry[0].VERSION,
'sdk': db_entry[0].SDK,
'pltfm': db_entry[0].PLTFM,
'min': db_entry[0].MINX,
'files': python_list(db_entry[0].FILES),
'file_analysis': python_list(db_entry[0].SFILESX),
'api': python_dict(db_entry[0].API),
'insecure': python_dict(db_entry[0].CODEANAL),
'urls': python_list(db_entry[0].URLnFile),
'domains': python_dict(db_entry[0].DOMAINS),
'emails': python_list(db_entry[0].EmailnFile),
'permissions': python_list(db_entry[0].PERMISSIONS),
'insecure_connections': python_list(db_entry[0].INSECCON),
'bundle_name': db_entry[0].BUNDLE_NAME,
'bundle_url_types': python_list(db_entry[0].BUNDLE_URL_TYPES),
'bundle_supported_platforms': python_list(db_entry[0].BUNDLE_SUPPORTED_PLATFORMS),
'bundle_localizations': python_list(db_entry[0].BUNDLE_LOCALIZATIONS),
'appstore_details': python_dict(db_entry[0].APPSTORE_DETAILS),
'firebase': python_list(db_entry[0].FIREBASE),
}
return context
except:
PrintException("Fetching from DB")
开发者ID:security-geeks,项目名称:Mobile-Security-Framework-MobSF,代码行数:38,代码来源:db_interaction.py
示例7: StaticAnalyzer_iOS
def StaticAnalyzer_iOS(request):
try:
#Input validation
print "[INFO] iOS Static Analysis Started"
TYP=request.GET['type']
RESCAN= str(request.GET.get('rescan', 0))
m=re.match('^[0-9a-f]{32}$',request.GET['checksum'])
if ((m) and (request.GET['name'].lower().endswith('.ipa') or request.GET['name'].lower().endswith('.zip')) and (TYP in ['ipa', 'ios'])):
DIR=settings.BASE_DIR #BASE DIR
APP_NAME=request.GET['name'] #APP ORGINAL NAME
MD5=request.GET['checksum'] #MD5
APP_DIR=os.path.join(settings.UPLD_DIR, MD5+'/') #APP DIRECTORY
TOOLS_DIR=os.path.join(DIR, 'StaticAnalyzer/tools/mac/') #TOOLS DIR
if TYP=='ipa':
#DB
DB=StaticAnalyzerIPA.objects.filter(MD5=MD5)
if DB.exists() and RESCAN=='0':
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title' : DB[0].TITLE,
'name' : DB[0].APPNAMEX,
'size' : DB[0].SIZE,
'md5': DB[0].MD5,
'sha1' : DB[0].SHA1,
'sha256' : DB[0].SHA256,
'plist' : DB[0].INFOPLIST,
'bin_name' : DB[0].BINNAME,
'id' : DB[0].IDF,
'ver' : DB[0].VERSION,
'sdk' : DB[0].SDK,
'pltfm' : DB[0].PLTFM,
'min' : DB[0].MINX,
'bin_anal' : DB[0].BIN_ANAL,
'libs' : DB[0].LIBS,
'files' : python_list(DB[0].FILES),
'file_analysis' : DB[0].SFILESX,
'strings' : DB[0].STRINGS,
}
else:
print "[INFO] iOS Binary (IPA) Analysis Started"
APP_FILE=MD5 + '.ipa' #NEW FILENAME
APP_PATH=APP_DIR+APP_FILE #APP PATH
BIN_DIR=os.path.join(APP_DIR,"Payload/")
#ANALYSIS BEGINS
SIZE=str(FileSize(APP_PATH)) + 'MB' #FILE SIZE
SHA1, SHA256= HashGen(APP_PATH) #SHA1 & SHA256 HASHES
print "[INFO] Extracting IPA"
Unzip(APP_PATH,APP_DIR) #EXTRACT IPA
FILES,SFILES=iOS_ListFiles(BIN_DIR,MD5,True,'ipa') #Get Files, normalize + to x, and convert binary plist -> xml
INFO_PLIST,BIN_NAME,ID,VER,SDK,PLTFM,MIN,LIBS,BIN_ANAL,STRINGS=BinaryAnalysis(BIN_DIR,TOOLS_DIR,APP_DIR)
#Saving to DB
print "\n[INFO] Connecting to DB"
if RESCAN=='1':
print "\n[INFO] Updating Database..."
StaticAnalyzerIPA.objects.filter(MD5=MD5).update(TITLE='Static Analysis',APPNAMEX=APP_NAME,SIZE=SIZE,MD5=MD5,SHA1=SHA1,SHA256=SHA256,INFOPLIST=INFO_PLIST,BINNAME=BIN_NAME,IDF=ID,VERSION=VER,SDK=SDK,PLTFM=PLTFM,MINX=MIN,BIN_ANAL=BIN_ANAL,LIBS=LIBS,FILES=FILES,SFILESX=SFILES,STRINGS=STRINGS)
elif RESCAN=='0':
print "\n[INFO] Saving to Database"
STATIC_DB=StaticAnalyzerIPA(TITLE='Static Analysis',APPNAMEX=APP_NAME,SIZE=SIZE,MD5=MD5,SHA1=SHA1,SHA256=SHA256,INFOPLIST=INFO_PLIST,BINNAME=BIN_NAME,IDF=ID,VERSION=VER,SDK=SDK,PLTFM=PLTFM,MINX=MIN,BIN_ANAL=BIN_ANAL,LIBS=LIBS,FILES=FILES,SFILESX=SFILES,STRINGS=STRINGS)
STATIC_DB.save()
context = {
'title' : 'Static Analysis',
'name' : APP_NAME,
'size' : SIZE,
'md5': MD5,
'sha1' : SHA1,
'sha256' : SHA256,
'plist' : INFO_PLIST,
'bin_name' : BIN_NAME,
'id' : ID,
'ver' : VER,
'sdk' : SDK,
'pltfm' : PLTFM,
'min' : MIN,
'bin_anal' : BIN_ANAL,
'libs' : LIBS,
'files' : FILES,
'file_analysis' : SFILES,
'strings' : STRINGS,
}
template="ios_binary_analysis.html"
return render(request,template,context)
elif TYP=='ios':
DB=StaticAnalyzerIOSZIP.objects.filter(MD5=MD5)
if DB.exists() and RESCAN=='0':
print "\n[INFO] Analysis is already Done. Fetching data from the DB..."
context = {
'title' : DB[0].TITLE,
'name' : DB[0].APPNAMEX,
'size' : DB[0].SIZE,
'md5': DB[0].MD5,
'sha1' : DB[0].SHA1,
'sha256' : DB[0].SHA256,
'plist' : DB[0].INFOPLIST,
'bin_name' : DB[0].BINNAME,
'id' : DB[0].IDF,
'ver' : DB[0].VERSION,
'sdk' : DB[0].SDK,
'pltfm' : DB[0].PLTFM,
'min' : DB[0].MINX,
'bin_anal' : DB[0].BIN_ANAL,
#.........这里部分代码省略.........
开发者ID:AiGangJingYe,项目名称:Mobile-Security-Framework-MobSF,代码行数:101,代码来源:ios.py
示例8: Report
def Report(request):
print "\n[INFO] Dynamic Analysis Report Generation"
try:
if request.method == "GET":
MD5 = request.GET["md5"]
PKG = request.GET["pkg"]
if re.findall(";|\$\(|\|\||&&", PKG):
print "[ATTACK] Possible RCE"
return HttpResponseRedirect("/error/")
m = re.match("^[0-9a-f]{32}$", MD5)
if m:
DIR = settings.BASE_DIR
APP_DIR = os.path.join(settings.UPLD_DIR, MD5 + "/") # APP DIRECTORY
DWD_DIR = settings.DWD_DIR
DRDMONAPISLOC = os.path.join(APP_DIR, "x_logcat.txt") # Use check_outputs instead later.
API_NET, API_BASE64, API_FILEIO, API_BINDER, API_CRYPTO, API_DEVICEINFO, API_CNTVL, API_SMS, API_SYSPROP, API_DEXLOADER, API_RELECT, API_ACNTMNGER, API_CMD = APIAnalysis(
PKG, DRDMONAPISLOC
)
URL, DOMAINS, EMAIL, HTTP, XML, SQLiteDB, OtherFiles = RunAnalysis(APP_DIR, MD5, PKG)
Download(MD5, DWD_DIR, APP_DIR, PKG)
# Only After Download Process is Done
IMGS = []
ACTIMGS = []
ACT = {}
EXPACTIMGS = []
EXPACT = {}
if os.path.exists(os.path.join(DWD_DIR, MD5 + "-screenshots-apk/")):
try:
for img in os.listdir(os.path.join(DWD_DIR, MD5 + "-screenshots-apk/")):
if img.endswith(".png"):
if img.startswith("act"):
ACTIMGS.append(img)
elif img.startswith("expact"):
EXPACTIMGS.append(img)
else:
IMGS.append(img)
DB = StaticAnalyzerAndroid.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching Exported Activity & Activity List from DB"
EXPORTED_ACT = python_list(DB[0].EXPORTED_ACT)
ACTDESC = python_list(DB[0].ACTIVITIES)
if ACTIMGS:
if len(ACTIMGS) == len(ACTDESC):
ACT = dict(zip(ACTIMGS, ACTDESC))
if EXPACTIMGS:
if len(EXPACTIMGS) == len(EXPORTED_ACT):
EXPACT = dict(zip(EXPACTIMGS, EXPORTED_ACT))
else:
print "\n[WARNING] Entry does not exists in the DB."
except:
PrintException("[ERROR] Screenshot Sorting")
context = {
"emails": EMAIL,
"urls": URL,
"domains": DOMAINS,
"md5": MD5,
"http": HTTP,
"xml": XML,
"sqlite": SQLiteDB,
"others": OtherFiles,
"imgs": IMGS,
"acttest": ACT,
"expacttest": EXPACT,
"net": API_NET,
"base64": API_BASE64,
"crypto": API_CRYPTO,
"fileio": API_FILEIO,
"binder": API_BINDER,
"divinfo": API_DEVICEINFO,
"cntval": API_CNTVL,
"sms": API_SMS,
"sysprop": API_SYSPROP,
"dexload": API_DEXLOADER,
"reflect": API_RELECT,
"sysman": API_ACNTMNGER,
"process": API_CMD,
"pkg": PKG,
"title": "Dynamic Analysis",
}
template = "dynamic_analysis.html"
return render(request, template, context)
else:
return HttpResponseRedirect("/error/")
else:
return HttpResponseRedirect("/error/")
except:
PrintException("[ERROR] Dynamic Analysis Report Generation")
return HttpResponseRedirect("/error/")
开发者ID:CplusHua,项目名称:Mobile-Security-Framework-MobSF,代码行数:89,代码来源:views.py
示例9: ExportedActivityTester
def ExportedActivityTester(request):
print "\n[INFO] Exported Activity Tester"
try:
MD5 = request.POST["md5"]
PKG = request.POST["pkg"]
m = re.match("^[0-9a-f]{32}$", MD5)
if m:
if re.findall(";|\$\(|\|\||&&", PKG):
print "[ATTACK] Possible RCE"
return HttpResponseRedirect("/error/")
if request.method == "POST":
DIR = settings.BASE_DIR
APP_DIR = os.path.join(settings.UPLD_DIR, MD5 + "/")
TOOLS_DIR = os.path.join(DIR, "DynamicAnalyzer/tools/") # TOOLS DIR
SCRDIR = os.path.join(APP_DIR, "screenshots-apk/")
data = {}
adb = getADB(TOOLS_DIR)
DB = StaticAnalyzerAndroid.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching Exported Activity List from DB"
EXPORTED_ACT = python_list(DB[0].EXPORTED_ACT)
if EXPORTED_ACT:
n = 0
print "\n[INFO] Starting Exported Activity Tester..."
print "\n[INFO] " + str(len(EXPORTED_ACT)) + " Exported Activities Identified"
for line in EXPORTED_ACT:
try:
n += 1
print "\n[INFO] Launching Exported Activity - " + str(n) + ". " + line
subprocess.call(
[adb, "-s", getIdentifier(), "shell", "am", "start", "-n", PKG + "/" + line]
)
Wait(4)
subprocess.call(
[adb, "-s", getIdentifier(), "shell", "screencap", "-p", "/data/local/screen.png"]
)
# ? get appended from Air :-() if activity names are used
subprocess.call(
[
adb,
"-s",
getIdentifier(),
"pull",
"/data/local/screen.png",
SCRDIR + "expact-" + str(n) + ".png",
]
)
print "\n[INFO] Activity Screenshot Taken"
subprocess.call([adb, "-s", getIdentifier(), "shell", "am", "force-stop", PKG])
print "\n[INFO] Stopping App"
except:
PrintException("[ERROR] Exported Activity Tester")
data = {"expacttest": "done"}
else:
print "\n[INFO] Exported Activity Tester - No Activity Found!"
data = {"expacttest": "noact"}
return HttpResponse(json.dumps(data), content_type="application/json")
else:
print "\n[ERROR] Entry does not exist in DB."
return HttpResponseRedirect("/error/")
else:
return HttpResponseRedirect("/error/")
else:
return HttpResponseRedirect("/error/")
except:
PrintException("ERROR] Exported Activity Tester")
return HttpResponseRedirect("/error/")
开发者ID:CplusHua,项目名称:Mobile-Security-Framework-MobSF,代码行数:68,代码来源:views.py
示例10: PDF
def PDF(request):
try:
MD5=request.GET['md5']
TYP=request.GET['type']
m=re.match('^[0-9a-f]{32}$',MD5)
if m:
if TYP in ['APK','ANDZIP']:
DB=StaticAnalyzerAndroid.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching data from DB for PDF Report Generation (Android)"
context = {
'title' : DB[0].TITLE,
'name' : DB[0].APP_NAME,
'size' : DB[0].SIZE,
'md5': DB[0].MD5,
'sha1' : DB[0].SHA1,
'sha256' : DB[0].SHA256,
'packagename' : DB[0].PACKAGENAME,
'mainactivity' : DB[0].MAINACTIVITY,
'targetsdk' : DB[0].TARGET_SDK,
'maxsdk' : DB[0].MAX_SDK,
'minsdk' : DB[0].MIN_SDK,
'androvername' : DB[0].ANDROVERNAME,
'androver': DB[0].ANDROVER,
'manifest': DB[0].MANIFEST_ANAL,
'permissions' : DB[0].PERMISSIONS,
'files' : python_list(DB[0].FILES),
'certz' : DB[0].CERTZ,
'activities' : python_list(DB[0].ACTIVITIES),
'receivers' : python_list(DB[0].RECEIVERS),
'providers' : python_list(DB[0].PROVIDERS),
'services' : python_list(DB[0].SERVICES),
'libraries' : python_list(DB[0].LIBRARIES),
'act_count' : DB[0].CNT_ACT,
'prov_count' : DB[0].CNT_PRO,
'serv_count' : DB[0].CNT_SER,
'bro_count' : DB[0].CNT_BRO,
'certinfo': DB[0].CERT_INFO,
'issued':DB[0].ISSUED,
'native' : DB[0].NATIVE,
'dynamic' : DB[0].DYNAMIC,
'reflection' : DB[0].REFLECT,
'crypto': DB[0].CRYPTO,
'obfus': DB[0].OBFUS,
'api': DB[0].API,
'dang': DB[0].DANG,
'urls': DB[0].URLS,
'domains': python_dict(DB[0].DOMAINS),
'emails': DB[0].EMAILS,
'strings': python_list(DB[0].STRINGS),
'zipped' : DB[0].ZIPPED,
'mani': DB[0].MANI
}
if TYP=='APK':
template= get_template("static_analysis_pdf.html")
else:
template= get_template("static_analysis_zip_pdf.html")
elif re.findall('IPA|IOSZIP',TYP):
if TYP=='IPA':
DB=StaticAnalyzerIPA.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching data from DB for PDF Report Generation (IOS IPA)"
context = {
'title' : DB[0].TITLE,
'name' : DB[0].APPNAMEX,
'size' : DB[0].SIZE,
'md5': DB[0].MD5,
'sha1' : DB[0].SHA1,
'sha256' : DB[0].SHA256,
'plist' : DB[0].INFOPLIST,
'bin_name' : DB[0].BINNAME,
'id' : DB[0].IDF,
'ver' : DB[0].VERSION,
'sdk' : DB[0].SDK,
'pltfm' : DB[0].PLTFM,
'min' : DB[0].MINX,
'bin_anal' : DB[0].BIN_ANAL,
'libs' : DB[0].LIBS,
'files' : python_list(DB[0].FILES),
'file_analysis' : DB[0].SFILESX,
'strings' : DB[0].STRINGS
}
template= get_template("ios_binary_analysis_pdf.html")
elif TYP=='IOSZIP':
DB=StaticAnalyzerIOSZIP.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching data from DB for PDF Report Generation (IOS ZIP)"
context = {
'title' : DB[0].TITLE,
'name' : DB[0].APPNAMEX,
'size' : DB[0].SIZE,
'md5': DB[0].MD5,
'sha1' : DB[0].SHA1,
'sha256' : DB[0].SHA256,
'plist' : DB[0].INFOPLIST,
'bin_name' : DB[0].BINNAME,
'id' : DB[0].IDF,
'ver' : DB[0].VERSION,
'sdk' : DB[0].SDK,
'pltfm' : DB[0].PLTFM,
#.........这里部分代码省略.........
开发者ID:AiGangJingYe,项目名称:Mobile-Security-Framework-MobSF,代码行数:101,代码来源:shared_func.py
示例11: api_analysis
def api_analysis(package, location):
"""API Analysis"""
api_analysis_result = {}
logger.info("Dynamic API Analysis")
dat = ""
api_base64 = []
api_fileio = []
api_reflect = []
api_sysprop = []
api_cntvl = []
api_binder = []
api_crypto = []
api_acntmnger = []
api_deviceinfo = []
api_net = []
api_dexloader = []
api_cmd = []
api_sms = []
try:
with open(location, "r", encoding="utf-8") as flip:
dat = flip.readlines()
res_id = "Droidmon-apimonitor-" + package + ":"
for line in dat:
if res_id in line:
# print "LINE: " + line
_, value = line.split(res_id, 1)
# print "PARAM is :" + param
# print "Value is :"+ value
try:
apis = json.loads(value, strict=False)
ret = ''
args = ''
mtd = str(apis["method"])
clss = str(apis["class"])
# print "Called Class: " + CLS
# print "Called Method: " + MTD
if apis.get('return'):
ret = str(apis["return"])
# print "Return Data: " + RET
else:
# print "No Return Data"
ret = "No Return Data"
if apis.get('args'):
args = str(apis["args"])
# print "Passed Arguments" + ARGS
else:
# print "No Arguments Passed"
args = "No Arguments Passed"
# XSS Safe
call_data = "</br>METHOD: " + \
escape(mtd) + "</br>ARGUMENTS: " + escape(args) + \
"</br>RETURN DATA: " + escape(ret)
if re.findall("android.util.Base64", clss):
# Base64 Decode
if "decode" in mtd:
args_list = python_list(args)
if isBase64(args_list[0]):
call_data += '</br><span class="label label-info">' +\
'Decoded String:</span> ' + \
escape(base64.b64decode(args_list[0]))
api_base64.append(call_data)
if re.findall('libcore.io|android.app.SharedPreferencesImpl\$EditorImpl', clss):
api_fileio.append(call_data)
if re.findall('java.lang.reflect', clss):
api_reflect.append(call_data)
if re.findall('android.content.ContentResolver|android.location.Location|android.media.AudioRecord|android.media.MediaRecorder|android.os.SystemProperties', clss):
api_sysprop.append(call_data)
if re.findall('android.app.Activity|android.app.ContextImpl|android.app.ActivityThread', clss):
api_binder.append(call_data)
if re.findall('javax.crypto.spec.SecretKeySpec|javax.crypto.Cipher|javax.crypto.Mac', clss):
api_crypto.append(call_data)
if re.findall('android.accounts.AccountManager|android.app.ApplicationPackageManager|android.app.NotificationManager|android.net.ConnectivityManager|android.content.BroadcastReceiver', clss):
api_acntmnger.append(call_data)
if re.findall('android.telephony.TelephonyManager|android.net.wifi.WifiInfo|android.os.Debug', clss):
api_deviceinfo.append(call_data)
if re.findall('dalvik.system.BaseDexClassLoader|dalvik.system.DexFile|dalvik.system.DexClassLoader|dalvik.system.PathClassLoader', clss):
api_dexloader.append(call_data)
if re.findall('java.lang.Runtime|java.lang.ProcessBuilder|java.io.FileOutputStream|java.io.FileInputStream|android.os.Process', clss):
api_cmd.append(call_data)
if re.findall('android.content.ContentValues', clss):
api_cntvl.append(call_data)
if re.findall('android.telephony.SmsManager', clss):
api_sms.append(call_data)
if re.findall('java.net.URL|org.apache.http.impl.client.AbstractHttpClient', clss):
api_net.append(call_data)
except:
PrintException("Parsing JSON Failed for: " + value)
except:
PrintException("Dynamic API Analysis")
api_analysis_result["api_net"] = list(set(api_net))
api_analysis_result["api_base64"] = list(set(api_base64))
api_analysis_result["api_fileio"] = list(set(api_fileio))
api_analysis_result["api_binder"] = list(set(api_binder))
api_analysis_result["api_crypto"] = list(set(api_crypto))
api_analysis_result["api_deviceinfo"] = list(set(api_deviceinfo))
api_analysis_result["api_cntvl"] = list(set(api_cntvl))
api_analysis_result["api_sms"] = list(set(api_sms))
api_analysis_result["api_sysprop"] = list(set(api_sysprop))
api_analysis_result["api_dexloader"] = list(set(api_dexloader))
#.........这里部分代码省略.........
开发者ID:security-geeks,项目名称:Mobile-Security-Framework-MobSF,代码行数:101,代码来源:analysis.py
示例12: activity_tester
def activity_tester(request):
"""Activity Tester"""
print("\n[INFO] Activity Tester")
try:
md5_hash = request.POST['md5']
package = request.POST['pkg']
if re.match('^[0-9a-f]{32}$', md5_hash):
if re.findall(r";|\$\(|\|\||&&", package):
print("[ATTACK] Possible RCE")
return HttpResponseRedirect('/error/')
if request.method == 'POST':
base_dir = settings.BASE_DIR
app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
screen_dir = os.path.join(app_dir, 'screenshots-apk/')
if not os.path.exists(screen_dir):
os.makedirs(screen_dir)
data = {}
adb = getADB()
static_android_db = StaticAnalyzerAndroid.objects.filter(
MD5=md5_hash)
if static_android_db.exists():
print("\n[INFO] Fetching Activity List from DB")
activities = python_list(static_android_db[0].ACTIVITIES)
if activities:
act_no = 0
print("\n[INFO] Starting Activity Tester...")
print("\n[INFO] " + str(len(activities)) +
" Activities Identified")
for line in activities:
try:
act_no += 1
print("\n[INFO] Launching Activity - " +
str(act_no) + ". " + line)
adb_command(
["am", "start", "-n", package + "/" + line], True)
# AVD is much slower, it should get extra time
if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
wait(8)
else:
wait(4)
adb_command(
["screencap", "-p", "/data/local/screen.png"], True)
#? get appended from Air :-() if activity names are used
adb_command(["pull", "/data/local/screen.png",
screen_dir + "act-" + str(act_no) + ".png"])
print("\n[INFO] Activity Screenshot Taken")
adb_command(
["am", "force-stop", package], True)
print("\n[INFO] Stopping App")
except:
PrintException("Activity Tester")
data = {'acttest': 'done'}
else:
print("\n[INFO] Activity Tester - No Activity Found!")
data = {'acttest': 'noact'}
return HttpResponse(json.dumps(data), content_type='application/json')
else:
print("\n[ERROR] Entry does not exist in DB.")
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
except:
PrintException("[ERROR] Activity Tester")
return HttpResponseRedirect('/error/')
开发者ID:EsteveM,项目名称:Mobile-Security-Framework-MobSF,代码行数:66,代码来源:dynamic.py
示例13: PDF
def PDF(request):
try:
MD5 = request.GET['md5']
TYP = request.GET['type']
m = re.match('^[0-9a-f]{32}$', MD5)
if m:
if TYP in ['APK', 'ANDZIP']:
DB = StaticAnalyzerAndroid.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching data from DB for PDF Report Generation (Android)"
context = get_context_from_db_entry(DB)
if TYP == 'APK':
template = get_template("pdf/static_analysis_pdf.html")
else:
template = get_template(
"pdf/static_analysis_zip_pdf.html")
else:
return HttpResponse(json.dumps({"report": "Report not Found"}),
content_type="application/json; charset=utf-8")
elif re.findall('IPA|IOSZIP', TYP):
if TYP == 'IPA':
DB = StaticAnalyzerIPA.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching data from DB for PDF Report Generation (IOS IPA)"
context = get_context_from_db_entry_ipa(DB)
template = get_template(
"pdf/ios_binary_analysis_pdf.html")
else:
return HttpResponse(json.dumps({"report": "Report not Found"}),
content_type="application/json; charset=utf-8")
elif TYP == 'IOSZIP':
DB = StaticAnalyzerIOSZIP.objects.filter(MD5=MD5)
if DB.exists():
print "\n[INFO] Fetching data from DB for PDF Report Generation (IOS ZIP)"
context = get_context_from_db_entry_ios(DB)
template = get_template(
"pdf/ios_source_analysis_pdf.html")
else:
return HttpResponse(json.dumps({"report": "Report not Found"}),
content_type="application/json; charset=utf-8")
elif re.findall('APPX', TYP):
if TYP == 'APPX':
db_entry = StaticAnalyzerWindows.objects.filter( # pylint: disable-msg=E1101
MD5=MD5
)
if db_entry.exists():
print "\n[INFO] Fetching data from DB for PDF Report Generation (APPX)"
context = {
'title': db_entry[0].TITLE,
'name': db_entry[0].APP_NAME,
'pub_name': db_entry[0].PUB_NAME,
'size': db_entry[0].SIZE,
'md5': db_entry[0].MD5,
'sha1': db_entry[0].SHA1,
'sha256': db_entry[0].SHA256,
'bin_name': db_entry[0].BINNAME,
'version': db_entry[0].VERSION,
'arch': db_entry[0].ARCH,
'compiler_version': db_entry[0].COMPILER_VERSION,
'visual_studio_version': db_entry[0].VISUAL_STUDIO_VERSION,
'visual_studio_edition': db_entry[0].VISUAL_STUDIO_EDITION,
'target_os': db_entry[0].TARGET_OS,
'appx_dll_version': db_entry[0].APPX_DLL_VERSION,
'proj_guid': db_entry[0].PROJ_GUID,
'opti_tool': db_entry[0].OPTI_TOOL,
'target_run': db_entry[0].TARGET_RUN,
'files': python_list(db_entry[0].FILES),
'strings': python_list(db_entry[0].STRINGS),
'bin_an_results': python_list(db_entry[0].BIN_AN_RESULTS),
'bin_an_warnings': python_list(db_entry[0].BIN_AN_WARNINGS)
}
template = get_template(
"pdf/windows_binary_analysis_pdf.html")
else:
return HttpResponse(json.dumps({"type": "Type is not Allowed"}),
content_type="application/json; charset=utf-8")
html = template.render(context)
tr
|
客服电话
APP下载
官方微信
请发表评论