Example #1
0
    def target(self, queue):
        results = []
        #TODO: add documentation for available API calls. Sample shown below.
        # Here, we want to scan all decompiled files to see if any file contains the text "API_KEY"
        possibleFiles = common.text_scan(common.java_files, r'API_KEY')
        count = 0
        for f in possibleFiles:
            count += 1
            # The following call generates the progress bar in the terminal output
            pub.sendMessage('progress', bar=self.getName(), percent=round(count*100/len(possibleFiles)))

            # Mostly for logging. This goes in the log file generated under /logs
            common.logger.debug("Text found, " + str(f))

            # This will put individual results of the plugin scan in the HTML report.
            issue = ReportIssue()
            issue.setCategory(ExploitType.PLUGIN)
            issue.setDetails("The string 'API_KEY' appears in the file: %s\n%s" % (f[1], str(f[0])))
            issue.setFile(str(f[1]))
            issue.setSeverity(Severity.VULNERABILITY)
            results.append(issue)

            # This puts individual results of the plugin scan in the terminal output.
            issue = terminalPrint()
            issue.setLevel(Severity.VULNERABILITY)
            issue.setData("The string 'API_KEY' appears in the file: %s\n%s" % (f[1], str(f[0])))
            results.append(issue)

        # This is required to send the complete list of results (including the ones to be printed on terminal as well as
        # issues to be printed in tht HTML report) back to the main thread.
        queue.put(results)
Example #2
0
    def target(self, queue):
        results = []
        #TODO: add documentation for available API calls. Sample shown below.
        # Here, we want to scan all decompiled files to see if any file contains the text "pass"
        possibleFiles = common.text_scan(common.java_files, r'pass')
        count = 0
        for f in possibleFiles:
            count += 1
            # The following call generates the progress bar in the terminal output
            pub.sendMessage('progress', bar=self.getName(), percent=round(count*100/len(possibleFiles)))

            # Mostly for logging. This goes in the log file generated under /logs
            common.logger.debug("Text found, " + str(f))
            issue = ReportIssue()

            # This will put individual results of the plugin scan in the HTML report.
            issue.setCategory(ExploitType.PLUGIN)
            issue.setDetails("The string 'pass' appears in the file: %s\n%s" % (f[1], str(f[0])))
            issue.setFile(str(f[1]))
            issue.setSeverity(Severity.VULNERABILITY)
            results.append(issue)

            # This puts individual results of the plugin scan in the terminal output.
            issue = terminalPrint()
            issue.setLevel(Severity.VULNERABILITY)
            issue.setData("The string 'pass' appears in the file: %s\n%s" % (f[1], str(f[0])))
            results.append(issue)

        # This is required to send the complete list of results (including the ones to be printed on terminal as well as
        # issues to be printed in tht HTML report) back to the main thread.
        queue.put(results)
Example #3
0
    def target(self, queue):
        results = []
        possibleFiles = common.text_scan(common.java_files, r'API_KEY')
        count = 0
        for f in possibleFiles:
            count += 1
            pub.sendMessage('progress',
                            bar=self.getName(),
                            percent=round(count * 100 / len(possibleFiles)))
            common.logger.debug("Text found, " + str(f))
            issue = ReportIssue()
            issue.setCategory(ExploitType.PLUGIN)
            issue.setDetails(
                "The string 'API_KEY' appears in the file: %s\n%s" %
                (f[1], str(f[0])))
            issue.setFile(str(f[1]))
            issue.setSeverity(Severity.VULNERABILITY)
            results.append(issue)

            issue = terminalPrint()
            issue.setLevel(Severity.VULNERABILITY)
            issue.setData("The string 'API_KEY' appears in the file: %s\n%s" %
                          (f[1], str(f[0])))
            results.append(issue)

        queue.put(results)
Example #4
0
    def target(self, queue):
        permissions = self.getUserCreatedPermissions()

        # full path to app manifest
        manifest_path = qarkMain.find_manifest_in_source()

        # plugin scan results
        results = []
        count = 0
        for permission in permissions:
            count += 1
            # update progress bar
            pub.sendMessage('progress', bar=self.getName(), percent=round(count * 100 / len(permissions)))

            # put results in HTML report
            issue = ReportIssue()
            issue.setCategory(ExploitType.PLUGIN)
            issue.setSeverity(Severity.VULNERABILITY)
            issue.setFile(manifest_path)

            details = ""
            if self.isDangerousPermission(permission):
                # found permission with protection level set to "dangerous"
                details += "User created permission with DANGEROUS protection level: %s" % permission
            else:
                details += "User created permission: %s" % permission

            issue.setDetails(details)
            results.append(issue)

            # put results in terminal output
            issue = terminalPrint()
            issue.setLevel(Severity.VULNERABILITY)
            issue.setData(details)
            results.append(issue)

        # send all results back to main thread
        queue.put(results)
Example #5
0
    def target(self, queue):
        results = []
        possibleFiles = common.text_scan(common.java_files, r'pass')
        count = 0
        for f in possibleFiles:
            count += 1
            pub.sendMessage('progress', bar=self.getName(), percent=round(count*100/len(possibleFiles)))
            common.logger.debug("Text found, " + str(f))
            issue = ReportIssue()
            issue.setCategory(ExploitType.PLUGIN)
            issue.setDetails("The string 'pass' appears in the file: %s\n%s" % (f[1], str(f[0])))
            issue.setFile(str(f[1]))
            issue.setSeverity(Severity.VULNERABILITY)
            results.append(issue)

            issue = terminalPrint()
            issue.setLevel(Severity.VULNERABILITY)
            issue.setData("The string 'pass' appears in the file: %s\n%s" % (f[1], str(f[0])))
            results.append(issue)
        
        
        queue.put(results)
Example #6
0
def reportInfo(fileName, details, res):
    # put results in HTML report
    issue = ReportIssue()
    issue.setCategory(ExploitType.PLUGIN)
    issue.setSeverity(Severity.INFO)
    issue.setFile(fileName)
    issue.setDetails(details)
    res.append(issue)

    # put results in terminal output
    issue = terminalPrint()
    issue.setLevel(Severity.INFO)
    issue.setData(details)
    res.append(issue)
Example #7
0
    def target(self, queue):
        permissions = self.getUserCreatedPermissions()

        # full path to app manifest
        manifest_path = qarkMain.find_manifest_in_source()

        # plugin scan results
        results = []
        count = 0
        for permission in permissions:
            count += 1
            # update progress bar
            pub.sendMessage("progress", bar=self.getName(), percent=round(count * 100 / len(permissions)))

            # put results in HTML report
            issue = ReportIssue()
            issue.setCategory(ExploitType.PLUGIN)
            issue.setSeverity(Severity.VULNERABILITY)
            issue.setFile(manifest_path)

            details = ""
            if self.isDangerousPermission(permission):
                # found permission with protection level set to "dangerous"
                details += "User created permission with DANGEROUS protection level: %s" % permission
            else:
                details += "User created permission: %s" % permission

            issue.setDetails(details)
            results.append(issue)

            # put results in terminal output
            issue = terminalPrint()
            issue.setLevel(Severity.VULNERABILITY)
            issue.setData(details)
            results.append(issue)

        # send all results back to main thread
        queue.put(results)
Example #8
0
def reportInfo(fileName, details, res):
    # put results in HTML report
    issue = ReportIssue()
    issue.setCategory(ExploitType.PLUGIN)
    issue.setSeverity(Severity.INFO)
    issue.setFile(fileName)
    issue.setDetails(details)
    res.append(issue)

    # put results in terminal output
    issue = terminalPrint()
    issue.setLevel(Severity.INFO)
    issue.setData(details)
    res.append(issue)