Example #1
0
    def get_json_report(self):
        """
        Get quark report including summary and detail with json format.

        :return: json report
        """

        w = Weight(
            self.quark_analysis.score_sum, self.quark_analysis.weight_sum
        )
        warning = w.calculate()

        # Filter out color code in threat level
        for level in ["Low Risk", "Moderate Risk", "High Risk"]:
            if level in warning:
                warning = level

        return {
            "md5": self.apkinfo.md5,
            "apk_filename": self.apkinfo.filename,
            "size_bytes": self.apkinfo.filesize,
            "threat_level": warning,
            "total_score": self.quark_analysis.score_sum,
            "crimes": self.quark_analysis.json_report,
        }
Example #2
0
    def test_calculate(self, data):
        score_sum, weight_sum = data
        weight_obj = Weight(score_sum, weight_sum)

        assert weight_obj.calculate() in [
            "\x1b[92mLow Risk\x1b[0m",
            "\x1b[33mModerate Risk\x1b[0m",
            "\x1b[91mHigh Risk\x1b[0m",
        ]
Example #3
0
    def test_calculate_with_value_error(self, expected_failed_data):
        score_sum, weight_sum = expected_failed_data

        weight_obj = Weight(score_sum, weight_sum)

        assert weight_obj.calculate() in [
            "\x1b[92mLow Risk\x1b[0m",
            "\x1b[33mModerate Risk\x1b[0m",
            "\x1b[91mHigh Risk\x1b[0m",
        ]
Example #4
0
    def test_calculate_with_unexpected_data(self, unexpected_data):
        score_sum, weight_sum = unexpected_data

        weight_obj = Weight(score_sum, weight_sum)

        assert weight_obj.calculate() in [
            "\x1b[92mLow Risk\x1b[0m",
            "\x1b[33mModerate Risk\x1b[0m",
            "\x1b[91mHigh Risk\x1b[0m",
        ]
Example #5
0
    def test_init(self, expected_data):
        score_sum, weight_sum = expected_data

        weight_obj = Weight(score_sum, weight_sum)

        with pytest.raises(TypeError):
            _ = Weight()

        assert weight_obj.score_sum == score_sum
        assert weight_obj.weight_sum == weight_sum
Example #6
0
    def test_init(self, data):
        score_sum, weight_sum = data

        weight_obj = Weight(score_sum, weight_sum)

        with pytest.raises(TypeError):
            weight_obj_no_argu = Weight()

        assert weight_obj.score_sum == score_sum
        assert weight_obj.weight_sum == weight_sum
        assert isinstance(weight_obj, Weight)
Example #7
0
def entry_point(summary, detail, apk, rule):
    """Quark is an Obfuscation-Neglect Android Malware Scoring System"""

    if summary:
        # show summary report
        # Load APK
        data = XRule(apk)

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            rule_checker = RuleObject(rulepath)

            # Run the checker
            data.run(rule_checker)

            data.show_summary_report(rule_checker)

        w = Weight(data.score_sum, data.weight_sum)
        print_warning(w.calculate())
        print_info("Total Score: " + str(data.score_sum))
        print(data.tb)

    if detail:
        # show summary report

        # Load APK
        data = XRule(apk)

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            print(rulepath)
            rule_checker = RuleObject(rulepath)

            # Run the checker
            data.run(rule_checker)

            data.show_detail_report(rule_checker)
            print_success("OK")
Example #8
0
    def generate_report(self, result):

        if not result:
            json_report = {
                "sample": self.apk_hash,
                "size": os.path.getsize(self.apk),
                "apk-name": self.apk_name,
                "analysis_status": 2,
            }
            with open( REPORT_PATH + name, "w+") as report_file:
                json.dump(json_report, report_file, indent=4)
        
            report_file.close()

            return json_report
            
        

        w = Weight(self.data.score_sum, self.data.weight_sum)
        risk = self._check_risk(w.calculate())

        json_report={
            "sample": self.apk_hash,
            "apk-name": self.apk_name,
            "size": os.path.getsize(self.apk),
            "warnning": risk,
            "total-score": self.data.score_sum,
            "crimes": self.json_crimes,
            "analysis_status": 1,
        }
        name = self.apk_hash + ".json"
        report_path = REPORT_PATH + name
        with open( REPORT_PATH + name, "w+") as report_file:
            json.dump(json_report, report_file, indent=4)
        
        report_file.close()

        return json_report
Example #9
0
def entry_point(summary, detail, apk, folder, rule, output, graph,
                classification, threshold):
    """Quark is an Obfuscation-Neglect Android Malware Scoring System"""

    if apk:
        # Load APK
        datas = []
        datas.append(Quark(apk))

    elif folder:
        # Load APK Files from specific folder
        datas = []
        for roots, dirs, files in os.walk(str(folder)):
            for f in files:
                if f.endswith(".apk"):
                    datas.append(Quark(os.path.join(roots, f)))
    else:
        # Set folder to be "./" & Load folder
        folder = "./"
        datas = []
        for roots, dirs, files in os.walk(str(folder)):
            for f in files:
                if f.endswith(".apk"):
                    datas.append(Quark(os.path.join(roots, f)))

    if summary:
        # Show summary report

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            if single_rule.endswith("json"):
                rulepath = os.path.join(rule, single_rule)
                rule_checker = QuarkRule(rulepath)

                # Run the checker
                for data in datas:
                    data.run(rule_checker)

                    data.show_summary_report(rule_checker, threshold)

        for data in datas:
            w = Weight(data.quark_analysis.score_sum,
                       data.quark_analysis.weight_sum)
            print_warning(w.calculate())
            print_info("Total Score: " + str(data.quark_analysis.score_sum))
            print(data.quark_analysis.summary_report_table)

            if classification:
                data.show_rule_classification()
            if graph:
                data.show_call_graph()

    if detail:
        # Show detail report

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            if single_rule.endswith("json"):
                rulepath = os.path.join(rule, single_rule)
                print(rulepath)
                rule_checker = QuarkRule(rulepath)

                # Run the checker
                for data in datas:
                    data.run(rule_checker)

                    data.show_detail_report(rule_checker)
                    print_success("OK")

        for data in datas:
            if classification:
                data.show_rule_classification()
            if graph:
                data.show_call_graph()

    if output:
        # show json report

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            if single_rule.endswith("json"):
                rulepath = os.path.join(rule, single_rule)
                rule_checker = QuarkRule(rulepath)

                # Run the checker
                for data in datas:
                    data.run(rule_checker)

                    data.generate_json_report(rule_checker)

        for data in datas:
            json_report = data.get_json_report()

            with open(output, "w") as file:
                json.dump(json_report, file, indent=4)
                file.close()
Example #10
0
def entry_point(jreport, reports, generate, summary, detail, apk, rule):
    """Quark is an Obfuscation-Neglect Android Malware Scoring System"""

    if generate:
        # Generate rules
        # Load rules
        rules_list = os.listdir(rule)

        # Load apks
        apk_list = os.listdir(apk)

        # Pretty Table Output
        tb = PrettyTable()
        tb.field_names = ["Count", "Rule No.", "crime", "confidence"]
        tb.align = "l"

        filted_rules = []
        # count filting rule amount
        rule_count = 0
        for apk_file in apk_list:
            apk_file = os.path.join(apk, apk_file)
            data = XRule(apk_file)
            print("Analyzing {} ====".format(apk_file))

            for single_rule in tqdm(rules_list):
                rulepath = os.path.join(rule, single_rule)
                rule_checker = RuleObject(rulepath)

                # Run the checker
                data.run(rule_checker)

                confidence = data.get_conf(rule_checker)
                # only get 100% confidence
                if confidence > 4:

                    tb.add_row([
                        rule_count, single_rule, rule_checker.crime,
                        str(confidence * 20) + "%"
                    ])
                    rule_count += 1
                    filted_rules.append(single_rule)

        # open rule list file
        LIST_FILE_PATH = "../android_rule/quark_android_rule/data/"
        with open(LIST_FILE_PATH + "rule_list", "w+") as rule_list_file:
            rule_list_file.writelines("%s\n" % line for line in filted_rules)

        rule_list_file.close()
        print(tb)
    if reports:
        # show summary report
        # Load APK

        # Load rules
        rules_list = os.listdir(rule)

        # Loads apks
        apk_list = []
        try:
            apk_list = os.listdir(apk)
        except:

            a = apk.split('/')[-1]
            apk = apk.replace(a, "")
            apk_list = [a]
            pass

        for apk_file in apk_list:
            json_crimes = []
            apk_file = os.path.join(apk, apk_file)
            print("now analyze: " + apk_file)
            data = XRule(apk_file)
            for single_rule in tqdm(rules_list):

                rulepath = os.path.join(rule, single_rule)
                rule_checker = RuleObject(rulepath)

                # Run the checker
                try:
                    data.run(rule_checker)
                except:
                    pass

                data.show_summary_report(rule_checker)

                crime, confidence, score, weight = data.get_json_report(
                    rule_checker)
                if crime == "":
                    continue
                json_crime = {
                    "_id": str(uuid.uuid4()),
                    "rule": crime,
                    "permissions": rule_checker.x1_permission,
                    "methods": rule_checker.x2n3n4_comb,
                    "confidence": confidence,
                    "score": score,
                    "weight": weight
                }
                check = True
                if json_crime["confidence"] > 0:
                    for j in json_crimes:
                        if j["permissions"].sort(
                        ) == json_crime["permissions"].sort():
                            if j["methods"][0] == json_crime["methods"][
                                    1] and j["methods"][1] == json_crime[
                                        "methods"][0]:
                                # count += 1
                                check = False
                                break
                    if check:
                        json_crimes.append(json_crime)

            w = Weight(data.score_sum, data.weight_sum)
            print_warning(w.calculate())
            print_info("Total Score: " + str(data.score_sum))

            # If command --json output report by json
            if jreport:
                sha512 = FileHash("sha512")
                f_hash = sha512.hash_file(apk_file)
                path = "/Users/pock/quark/quark-engine-web/data/report/"
                json_report = {
                    "_id": str(uuid.uuid4()),
                    "sample": f_hash,
                    "apk-name": apk_file.split('/')[-1],
                    "size": os.path.getsize(apk_file),
                    "warnning": w.calculate(),
                    "total-score": data.score_sum,
                    "last-update": datetime.datetime.now().strftime("%c"),
                    "crimes": json_crimes
                }

                name = "report_" + f_hash + ".json"
                with open(path + name, "w+") as report_file:
                    json.dump(json_report, report_file, indent=4)

                report_file.close()
        # print(data.tb)

    if summary:
        # show summary report
        # Load APK
        data = XRule(apk)

        # Load rules
        rules_list = os.listdir(rule)

        json_crimes = []
        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            rule_checker = RuleObject(rulepath)

            # Run the checker
            data.run(rule_checker)

            data.show_summary_report(rule_checker)

            crime, confidence, score, weight = data.get_json_report(
                rule_checker)
            json_crime = {
                "rule": crime,
                "permissions": rule_checker.x1_permission,
                "methods": rule_checker.x2n3n4_comb,
                "confidence": confidence,
                "score": score,
                "weight": weight
            }
            if json_crime["confidence"] > 0:
                json_crimes.append(json_crime)

        w = Weight(data.score_sum, data.weight_sum)
        print_warning(w.calculate())
        print_info("Total Score: " + str(data.score_sum))

        # If command --json output report by json
        if jreport:
            sha512 = FileHash("sha512")
            f_hash = sha512.hash_file(apk)
            path = "/Users/pock/quark/quark-engine-web/data/report/"
            json_report = {
                "sample": f_hash,
                "apk-name": apk.split('/')[-1],
                "size": os.path.getsize(apk),
                "warnning": w.calculate(),
                "total-score": data.score_sum,
                "crimes": json_crimes
            }

            name = "report_" + f_hash + ".json"
            with open(path + name, "w+") as report_file:
                json.dump(json_report, report_file, indent=4)
            print(json.dumps(json_report, indent=4))
            report_file.close()
        print(data.tb)

    if detail:
        # show summary report

        # Load APK
        data = XRule(apk)

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            print(rulepath)
            rule_checker = RuleObject(rulepath)

            # Run the checker
            data.run(rule_checker)

            data.show_detail_report(rule_checker)
            print_success("OK")
Example #11
0
def entry_point(summary, detail, apk, rule, output, graph, classification):
    """Quark is an Obfuscation-Neglect Android Malware Scoring System"""

    if summary:
        # show summary report
        # Load APK
        data = Quark(apk)

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            if single_rule.endswith("json"):
                rulepath = os.path.join(rule, single_rule)
                rule_checker = QuarkRule(rulepath)

                # Run the checker
                data.run(rule_checker)

                data.show_summary_report(rule_checker)

        w = Weight(data.quark_analysis.score_sum,
                   data.quark_analysis.weight_sum)
        print_warning(w.calculate())
        print_info("Total Score: " + str(data.quark_analysis.score_sum))
        print(data.quark_analysis.summary_report_table)

        if classification:
            data.show_rule_classification()
        if graph:
            data.show_call_graph()

    if detail:
        # show summary report

        # Load APK
        data = Quark(apk)

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            if single_rule.endswith("json"):
                rulepath = os.path.join(rule, single_rule)
                print(rulepath)
                rule_checker = QuarkRule(rulepath)

                # Run the checker
                data.run(rule_checker)

                data.show_detail_report(rule_checker)
                print_success("OK")

        if classification:
            data.show_rule_classification()
        if graph:
            data.show_call_graph()

    if output:
        # show json report

        # Load APK
        data = Quark(apk)

        # Load rules
        rules_list = os.listdir(rule)

        for single_rule in tqdm(rules_list):
            if single_rule.endswith("json"):
                rulepath = os.path.join(rule, single_rule)
                rule_checker = QuarkRule(rulepath)

                # Run the checker
                data.run(rule_checker)

                data.generate_json_report(rule_checker)

        json_report = data.get_json_report()

        with open(output, "w") as f:
            json.dump(json_report, f, indent=4)
            f.close()
Example #12
0
def entry_point(
    summary,
    detail,
    rule_generation,
    apk,
    rule,
    output,
    webreport,
    graph,
    classification,
    threshold,
    list,
    permission,
    label,
    comparison,
    core_library,
    num_of_process,
):
    """Quark is an Obfuscation-Neglect Android Malware Scoring System"""
    # Load rules
    rule_buffer_list = []
    rule_filter = summary or detail

    # Determine the location of rules
    if rule_filter and rule_filter.endswith("json"):
        if not os.path.isfile(rule_filter):
            print_warning(
                f"Specified rule not found.\n"
                f"If you want to specify one of the rules of Quark-Rule, "
                f"use {yellow(f'{config.DIR_PATH}/{rule_filter}')} "
                f"as an argument.")
            return

        rule_path_list = [rule_filter]
    else:
        rule_path_list = [
            os.path.join(dir_path, file)
            for dir_path, _, file_list in os.walk(rule) for file in file_list
            if file.endswith("json")
        ]

    # Load rules into memory
    update_rule_buffer(rule_buffer_list, rule_path_list)

    # Determine if the user provide a rule label
    if (rule_filter and rule_filter != "all_rules"
            and not rule_filter.endswith("json")):
        rule_checker_list = [
            rule_checker for rule_checker in rule_buffer_list
            if rule_filter in rule_checker.label
        ]
    else:
        rule_checker_list = rule_buffer_list

    if comparison:

        # selection of labels on which it will be done the comparison on radar chart
        # first look for all label found in the rule list
        all_labels = set()  # array type, e.g. ['network', 'collection']

        for rule_checker in rule_checker_list:
            all_labels.update(rule_checker.label)

        # let user choose a list of label on which it will be performed the analysis
        selected_label = np.array(
            select_label_menu(all_labels, min_labels=5, max_labels=15))

        # perform label based analysis on the apk_
        malware_confidences = {}
        for apk_ in apk:
            data = (ParallelQuark(apk_, core_library, num_of_process)
                    if num_of_process > 1 else Quark(apk_, core_library))
            all_labels = {}
            # dictionary containing
            # key: label
            # value: list of confidence values
            # $ print(all_rules["accessibility service"])
            # > [60, 40, 60, 40, 60, 40]

            # analyse malware only on rules where appears label selected
            rule_checker_list = [
                rule_checker for rule_checker in rule_buffer_list
                if len(np.intersect1d(rule_checker.label, selected_label)) != 0
            ]

            if num_of_process > 1:
                data.apply_rules(rule_checker_list)

            for rule_checker in tqdm(rule_checker_list):
                # Run the checker
                data.run(rule_checker)
                confidence = rule_checker.check_item.count(True) * 20
                labels = (rule_checker.label
                          )  # array type, e.g. ['network', 'collection']
                for single_label in labels:
                    if single_label in all_labels:
                        all_labels[single_label].append(confidence)
                    else:
                        all_labels[single_label] = [confidence]

            # extrapolate data used to plot radar chart
            radar_data = {}
            for _label in selected_label:
                confidences = np.array(all_labels[_label])
                # on radar data use the maximum confidence for a certain label
                radar_data[_label] = np.max(confidences)

            radar_confidence = [
                value_ for _label, value_ in radar_data.items()
            ]
            malware_confidences[apk_.split("/")[-1]] = radar_confidence

        show_comparison_graph(
            title=f"Malicious Actions Comparison Between {len(apk)} Malwares",
            lables=selected_label,
            malware_confidences=malware_confidences,
            font_size=22,
        )

        return

    # Load APK
    data = (ParallelQuark(apk[0], core_library, num_of_process)
            if num_of_process > 1 else Quark(apk[0], core_library))

    if label:
        all_labels = {}
        # dictionary containing
        # key: label
        # value: list of confidence values
        # $ print(all_rules["accessibility service"])
        # > [60, 40, 60, 40, 60, 40]

        if num_of_process > 1:
            data.apply_rules(rule_buffer_list)

        for rule_checker in tqdm(rule_buffer_list):
            # Run the checker
            data.run(rule_checker)
            confidence = rule_checker.check_item.count(True) * 20
            labels = (rule_checker.label
                      )  # array type, e.g. ['network', 'collection']
            for single_label in labels:
                if single_label in all_labels:
                    all_labels[single_label].append(confidence)
                else:
                    all_labels[single_label] = [confidence]

        # get how many label with max confidence >= 80%
        counter_high_confidence = sum(
            max(value) >= 80 for single_label, value in all_labels.items())

        print_info(f"Total Label found: {yellow(len(all_labels))}")
        print_info(
            f"Rules with label which max confidence >= 80%: {yellow(counter_high_confidence)}"
        )

        data.show_label_report(rule, all_labels, label)
        print(data.quark_analysis.label_report_table)

    # Show summary report
    if summary:

        if isinstance(data, ParallelQuark):
            data.apply_rules(rule_checker_list)

        for rule_checker in tqdm(rule_checker_list):
            # Run the checker
            data.run(rule_checker)

            data.show_summary_report(rule_checker, threshold)

        w = Weight(data.quark_analysis.score_sum,
                   data.quark_analysis.weight_sum)
        print_warning(w.calculate())
        print_info(f"Total Score: {data.quark_analysis.score_sum}")
        print(data.quark_analysis.summary_report_table)

        if classification:
            data.show_rule_classification()
        if graph:
            data.show_call_graph(graph)

    # Show detail report
    if detail:
        threshold_number = int(threshold) if threshold else 0

        if isinstance(data, ParallelQuark):
            data.apply_rules(rule_checker_list)

        for rule_checker in tqdm(rule_checker_list):
            # Run the checker
            data.run(rule_checker)

            confidence = rule_checker.check_item.count(True) * 20

            if confidence >= threshold_number:
                print(f"Rulepath: "
                      f"{os.path.join(rule, rule_checker.rule_filename)}")
                print(f"Rule crime: {rule_checker.crime}")
                data.show_detail_report(rule_checker)
                print_success("OK")

        if classification:
            data.show_rule_classification()
        if graph:
            data.show_call_graph()

    if rule_generation:
        generator = RuleGeneration(apk[0], rule_generation)

        if webreport:
            if ".html" not in webreport:
                webreport = f"{webreport}.html"
            webreport_file = os.path.join(rule_generation, webreport)
            generator.generate_rule(web_editor=webreport_file)
        else:
            generator.generate_rule()

    # Show JSON report
    if output:
        if isinstance(data, ParallelQuark):
            data.apply_rules(rule_buffer_list)

        for rule_checker in tqdm(rule_buffer_list):
            # Run the checker
            data.run(rule_checker)

            data.generate_json_report(rule_checker)

        json_report = data.get_json_report()

        with open(output, "w") as file:
            json.dump(json_report, file, indent=4)
            file.close()

    # Generate web report
    if webreport:
        if summary or detail:
            for rule_checker in tqdm(rule_buffer_list):
                data.generate_json_report(rule_checker)

            json_report = data.get_json_report()
            report_html = ReportGenerator(
                json_report).get_analysis_report_html()

            if ".html" not in webreport:
                webreport = f"{webreport}.html"

            with open(webreport, "w") as file:
                file.write(report_html)
                file.close()

    if list:

        if list == "all":
            for all_method in data.apkinfo.all_methods:
                print(all_method.full_name)
        if list == "native":
            for api in data.apkinfo.android_apis:
                print(api.full_name)
        if list == "custom":
            for custom_method in data.apkinfo.custom_methods:
                print(custom_method.full_name)

    if permission:

        for p in data.apkinfo.permissions:
            print(p)

    if isinstance(data, ParallelQuark):
        data.close()
Example #13
0
def entry_point(
    summary, detail, apk, rule, output, graph, classification, threshold, list
):
    """Quark is an Obfuscation-Neglect Android Malware Scoring System"""

    # Load APK
    data = Quark(apk)

    # Load rules
    rules_list = [x for x in os.listdir(rule) if x.endswith("json")]

    # Show summary report
    if summary:

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            rule_checker = QuarkRule(rulepath)

            # Run the checker
            data.run(rule_checker)

            data.show_summary_report(rule_checker, threshold)

        w = Weight(data.quark_analysis.score_sum, data.quark_analysis.weight_sum)
        print_warning(w.calculate())
        print_info("Total Score: " + str(data.quark_analysis.score_sum))
        print(data.quark_analysis.summary_report_table)

        if classification:
            data.show_rule_classification()
        if graph:
            data.show_call_graph()

    # Show detail report
    if detail:

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            print(rulepath)
            rule_checker = QuarkRule(rulepath)

            # Run the checker
            data.run(rule_checker)

            data.show_detail_report(rule_checker)
            print_success("OK")

        if classification:
            data.show_rule_classification()
        if graph:
            data.show_call_graph()

    # Show JSON report
    if output:

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            rule_checker = QuarkRule(rulepath)

            # Run the checker
            data.run(rule_checker)

            data.generate_json_report(rule_checker)

        json_report = data.get_json_report()

        with open(output, "w") as file:
            json.dump(json_report, file, indent=4)
            file.close()

    if list:

        for api in data.apkinfo.android_apis:
            print(api.full_name)
Example #14
0
def entry_point(
    summary,
    detail,
    apk,
    rule,
    output,
    graph,
    classification,
    threshold,
    list,
    permission,
    label,
):
    """Quark is an Obfuscation-Neglect Android Malware Scoring System"""

    # Load APK
    data = Quark(apk)

    # Load rules
    rules_list = [x for x in os.listdir(rule) if x.endswith("json")]

    if label:
        all_labels = {}
        # dictionary containing
        # key: label
        # value: list of confidence values
        # $ print(all_rules["accessibility service"])
        # > [60, 40, 60, 40, 60, 40]

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            rule_checker = QuarkRule(rulepath)
            # Run the checker
            data.run(rule_checker)
            confidence = rule_checker.check_item.count(True) * 20
            labels = rule_checker._label  # array type, e.g. ['network', 'collection']
            for single_label in labels:
                if single_label in all_labels:
                    all_labels[single_label].append(confidence)
                else:
                    all_labels[single_label] = [confidence]

        # get how many label with max confidence >= 80%
        counter_high_confidence = 0
        for single_label in all_labels:
            if max(all_labels[single_label]) >= 80:
                counter_high_confidence += 1

        print_info("Total Label found: " + yellow(str(len(all_labels))))
        print_info("Rules with label which max confidence >= 80%: " +
                   yellow(str(counter_high_confidence)))

        data.show_label_report(rule, all_labels, label)
        print(data.quark_analysis.label_report_table)

    # Show summary report
    if summary:

        if summary == "all_rules":
            label_flag = False
        elif summary.endswith("json"):
            rules_list = [summary]
            label_flag = False
        else:
            label_flag = True

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            rule_checker = QuarkRule(rulepath)

            labels = rule_checker._label
            if label_flag:
                if summary not in labels:
                    continue

            # Run the checker
            data.run(rule_checker)

            data.show_summary_report(rule_checker, threshold)

        w = Weight(data.quark_analysis.score_sum,
                   data.quark_analysis.weight_sum)
        print_warning(w.calculate())
        print_info("Total Score: " + str(data.quark_analysis.score_sum))
        print(data.quark_analysis.summary_report_table)

        if classification:
            data.show_rule_classification()
        if graph:
            data.show_call_graph()

    # Show detail report
    if detail:

        if detail == "all_rules":
            label_flag = False
        elif detail.endswith("json"):
            rules_list = [detail]
            label_flag = False
        else:
            label_flag = True

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            rule_checker = QuarkRule(rulepath)

            labels = rule_checker._label
            if label_flag:
                if detail not in labels:
                    continue

            # Run the checker
            data.run(rule_checker)

            print("Rulepath: " + rulepath)
            print("Rule crime: " + rule_checker._crime)
            data.show_detail_report(rule_checker)
            print_success("OK")

        if classification:
            data.show_rule_classification()
        if graph:
            data.show_call_graph()

    # Show JSON report
    if output:

        for single_rule in tqdm(rules_list):
            rulepath = os.path.join(rule, single_rule)
            rule_checker = QuarkRule(rulepath)

            # Run the checker
            data.run(rule_checker)

            data.generate_json_report(rule_checker)

        json_report = data.get_json_report()

        with open(output, "w") as file:
            json.dump(json_report, file, indent=4)
            file.close()

    if list:

        if list == "all":
            for all_method in data.apkinfo.all_methods:
                print(all_method.full_name)
        if list == "native":
            for api in data.apkinfo.android_apis:
                print(api.full_name)
        if list == "custom":
            for custom_method in data.apkinfo.custom_methods:
                print(custom_method.full_name)

    if permission:

        for p in data.apkinfo.permissions:
            print(p)