Exemple #1
0
def apkid_analysis(sha256):
    es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
              id=sha256,
              body={'doc': {
                  'apkid_analysis': 1
              }},
              retry_on_conflict=5)
    options = Options(
        timeout=30,
        verbose=False,
        entry_max_scan_size=settings.DATA_UPLOAD_MAX_MEMORY_SIZE,
        recursive=True,
    )
    output = OutputFormatter(
        json_output=True,
        output_dir=None,
        rules_manager=RulesManager(),
        include_types=False,
    )
    rules = options.rules_manager.load()
    scanner = Scanner(rules, options)

    with NamedTemporaryFile() as f:
        f.write(default_storage.open(sha256).read())
        f.seek(0)
        res = scanner.scan_file(f.name)

    try:
        findings = output.build_json_output(res)['files']
        es.update(index=settings.ELASTICSEARCH_APK_INDEX,
                  id=sha256,
                  body={'doc': {
                      'apkid': findings
                  }},
                  retry_on_conflict=5)
        es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
                  id=sha256,
                  body={'doc': {
                      'apkid_analysis': 2
                  }},
                  retry_on_conflict=5)
    except AttributeError:
        findings = {}
        es.update(index=settings.ELASTICSEARCH_APK_INDEX,
                  id=sha256,
                  body={'doc': {
                      'apkid': findings
                  }},
                  retry_on_conflict=5)
        es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
                  id=sha256,
                  body={'doc': {
                      'apkid_analysis': -1
                  }},
                  retry_on_conflict=5)

    del findings, rules, scanner, output, options, res
    gc.collect()

    return {'status': 'success', 'info': ''}
def apkid_analysis(app_dir, apk_file, apk_name):
    """APKiD Analysis of DEX files"""
    if not settings.APKID_ENABLED:
        return {}
    if not os.path.exists(apk_file):
        logger.error("APKiD - APK not found")
        return {}
    from apkid import __version__ as apkid_ver
    from apkid.apkid import Scanner, Options
    from apkid.output import OutputFormatter
    from apkid.rules import RulesManager
    logger.info("Running APKiD %s", apkid_ver)
    options = Options(timeout=30,
                      verbose=False,
                      entry_max_scan_size=100 * 1024 * 1024,
                      recursive=True)
    output = OutputFormatter(json_output=True,
                             output_dir=None,
                             rules_manager=RulesManager())
    rules = options.rules_manager.load()
    scanner = Scanner(rules, options)
    res = scanner.scan_file(apk_file)
    findings = output._build_json_output(res)['files']
    sanitized = {}
    for item in findings:
        filename = item['filename']
        sanitized[filename] = item['matches']
    return sanitized
Exemple #3
0
def build_options(args) -> Options:
    return Options(timeout=args.timeout,
                   verbose=args.verbose,
                   json=args.json,
                   output_dir=args.output_dir,
                   typing=args.typing,
                   entry_max_scan_size=args.entry_max_scan_size,
                   scan_depth=args.scan_depth,
                   recursive=args.recursive)
def apkid_analysis(app_dir, apk_file, apk_name):
    """APKID Analysis of DEX files."""
    if not settings.APKID_ENABLED:
        return {}
    try:
        import apkid
    except ImportError:
        logger.error('APKiD - Could not import APKiD')
        return {}
    if not os.path.exists(apk_file):
        logger.error('APKiD - APK not found')
        return {}

    apkid_ver = apkid.__version__
    from apkid.apkid import Scanner, Options
    from apkid.output import OutputFormatter
    from apkid.rules import RulesManager

    logger.info('Running APKiD %s', apkid_ver)
    options = Options(
        timeout=30,
        verbose=False,
        entry_max_scan_size=settings.DATA_UPLOAD_MAX_MEMORY_SIZE,
        recursive=True,
    )
    output = OutputFormatter(
        json_output=True,
        output_dir=None,
        rules_manager=RulesManager(),
        include_types=False,
    )
    rules = options.rules_manager.load()
    scanner = Scanner(rules, options)
    res = scanner.scan_file(apk_file)
    try:
        findings = output._build_json_output(res)['files']
    except AttributeError:
        # apkid >= 2.0.3
        try:
            findings = output.build_json_output(res)['files']
        except AttributeError:
            logger.error('yara-python dependency required by '
                         'APKiD is not installed properly. '
                         'Skipping APKiD analysis!')
            findings = {}
    sanitized = {}
    for item in findings:
        filename = item['filename']
        if '!' in filename:
            filename = filename.split('!', 1)[1]
        sanitized[filename] = item['matches']
    return sanitized
def apkid_analysis(app_dir, apk_file, apk_name):
    """APKID Analysis of DEX files."""
    if not settings.APKID_ENABLED:
        return {}
    try:
        import apkid
    except ImportError:
        logger.error('APKiD - Could not import APKiD')
        return {}
    if not os.path.exists(apk_file):
        logger.error('APKiD - APK not found')
        return {}

    apkid_ver = apkid.__version__
    from apkid.apkid import Scanner, Options
    from apkid.output import OutputFormatter
    from apkid.rules import RulesManager

    logger.info('Running APKiD %s', apkid_ver)
    options = Options(
        timeout=30,
        verbose=False,
        entry_max_scan_size=100 * 1024 * 1024,
        recursive=True,
    )
    output = OutputFormatter(
        json_output=True,
        output_dir=None,
        rules_manager=RulesManager(),
        include_types=False,
    )
    rules = options.rules_manager.load()
    scanner = Scanner(rules, options)
    res = scanner.scan_file(apk_file)
    try:
        findings = output._build_json_output(res)['files']
    except AttributeError:
        # apkid >= 2.0.3
        findings = output.build_json_output(res)['files']
    sanitized = {}
    for item in findings:
        filename = item['filename']
        sanitized[filename] = item['matches']
    return sanitized
def apkid_analysis(app_dir, apk_file, apk_name):
    """APKiD Analysis of DEX files"""
    apkid_res = {}
    if not settings.APKID_ENABLED:
        return apkid_res
    if not os.path.exists(apk_file):
        logger.error("APKiD - APK not found")
        return {'error': True}
    from apkid import __version__ as apkid_ver
    from apkid.apkid import Scanner, Options
    logger.info("Running APKiD")
    dest_dir = os.path.join(app_dir, "apkid")
    options = Options(
        timeout=30,
        verbose=None,
        json=True,
        output_dir=dest_dir,
        typing=None,
        entry_max_scan_size=100 * 1024 * 1024,
        scan_depth=2,
        recursive=True
    )
    rules = options.rules_manager.load()
    scanner = Scanner(rules, options)
    scanner.scan(apk_file)
    file_name = filename_from_path(apk_file)
    report_file = file_name + "_apkid.json"
    report = os.path.join(dest_dir, report_file)
    with open(report, 'r') as flip:
        result = json.load(flip)
    for filep, res in result.items():
        try:
            dex_file = filep.rsplit("!", 1)[1]
        except Exception:
            dex_file = apk_name
        apkid_res[dex_file] = res
    return apkid_res
Exemple #7
0
def options():
    return Options()