def apkid_analysis(sha256):
es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
id=sha256,
body={'doc': {
'apkid_analysis': 1
}},
retry_on_conflict=5)
options = Options(
timeout=30,
verbose=False,
entry_max_scan_size=settings.DATA_UPLOAD_MAX_MEMORY_SIZE,
recursive=True,
)
output = OutputFormatter(
json_output=True,
output_dir=None,
rules_manager=RulesManager(),
include_types=False,
)
rules = options.rules_manager.load()
scanner = Scanner(rules, options)
with NamedTemporaryFile() as f:
f.write(default_storage.open(sha256).read())
f.seek(0)
res = scanner.scan_file(f.name)
try:
findings = output.build_json_output(res)['files']
es.update(index=settings.ELASTICSEARCH_APK_INDEX,
id=sha256,
body={'doc': {
'apkid': findings
}},
retry_on_conflict=5)
es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
id=sha256,
body={'doc': {
'apkid_analysis': 2
}},
retry_on_conflict=5)
except AttributeError:
findings = {}
es.update(index=settings.ELASTICSEARCH_APK_INDEX,
id=sha256,
body={'doc': {
'apkid': findings
}},
retry_on_conflict=5)
es.update(index=settings.ELASTICSEARCH_TASKS_INDEX,
id=sha256,
body={'doc': {
'apkid_analysis': -1
}},
retry_on_conflict=5)
del findings, rules, scanner, output, options, res
gc.collect()
return {'status': 'success', 'info': ''}
def apkid_analysis(app_dir, apk_file, apk_name):
"""APKiD Analysis of DEX files"""
if not settings.APKID_ENABLED:
return {}
if not os.path.exists(apk_file):
logger.error("APKiD - APK not found")
return {}
from apkid import __version__ as apkid_ver
from apkid.apkid import Scanner, Options
from apkid.output import OutputFormatter
from apkid.rules import RulesManager
logger.info("Running APKiD %s", apkid_ver)
options = Options(timeout=30,
verbose=False,
entry_max_scan_size=100 * 1024 * 1024,
recursive=True)
output = OutputFormatter(json_output=True,
output_dir=None,
rules_manager=RulesManager())
rules = options.rules_manager.load()
scanner = Scanner(rules, options)
res = scanner.scan_file(apk_file)
findings = output._build_json_output(res)['files']
sanitized = {}
for item in findings:
filename = item['filename']
sanitized[filename] = item['matches']
return sanitized
def apkid_analysis(app_dir, apk_file, apk_name):
"""APKID Analysis of DEX files."""
if not settings.APKID_ENABLED:
return {}
try:
import apkid
except ImportError:
logger.error('APKiD - Could not import APKiD')
return {}
if not os.path.exists(apk_file):
logger.error('APKiD - APK not found')
return {}
apkid_ver = apkid.__version__
from apkid.apkid import Scanner, Options
from apkid.output import OutputFormatter
from apkid.rules import RulesManager
logger.info('Running APKiD %s', apkid_ver)
options = Options(
timeout=30,
verbose=False,
entry_max_scan_size=settings.DATA_UPLOAD_MAX_MEMORY_SIZE,
recursive=True,
)
output = OutputFormatter(
json_output=True,
output_dir=None,
rules_manager=RulesManager(),
include_types=False,
)
rules = options.rules_manager.load()
scanner = Scanner(rules, options)
res = scanner.scan_file(apk_file)
try:
findings = output._build_json_output(res)['files']
except AttributeError:
# apkid >= 2.0.3
try:
findings = output.build_json_output(res)['files']
except AttributeError:
logger.error('yara-python dependency required by '
'APKiD is not installed properly. '
'Skipping APKiD analysis!')
findings = {}
sanitized = {}
for item in findings:
filename = item['filename']
if '!' in filename:
filename = filename.split('!', 1)[1]
sanitized[filename] = item['matches']
return sanitized
def apkid_analysis(app_dir, apk_file, apk_name):
"""APKID Analysis of DEX files."""
if not settings.APKID_ENABLED:
return {}
try:
import apkid
except ImportError:
logger.error('APKiD - Could not import APKiD')
return {}
if not os.path.exists(apk_file):
logger.error('APKiD - APK not found')
return {}
apkid_ver = apkid.__version__
from apkid.apkid import Scanner, Options
from apkid.output import OutputFormatter
from apkid.rules import RulesManager
logger.info('Running APKiD %s', apkid_ver)
options = Options(
timeout=30,
verbose=False,
entry_max_scan_size=100 * 1024 * 1024,
recursive=True,
)
output = OutputFormatter(
json_output=True,
output_dir=None,
rules_manager=RulesManager(),
include_types=False,
)
rules = options.rules_manager.load()
scanner = Scanner(rules, options)
res = scanner.scan_file(apk_file)
try:
findings = output._build_json_output(res)['files']
except AttributeError:
# apkid >= 2.0.3
findings = output.build_json_output(res)['files']
sanitized = {}
for item in findings:
filename = item['filename']
sanitized[filename] = item['matches']
return sanitized
def rules_manager():
return RulesManager()
from apkid.output import colorize_tag
from apkid.rules import RulesManager
def convert_readme():
print("[*] Converting Markdown README to reStructuredText")
import pypandoc
rst = pypandoc.convert_file('README.md', 'rst')
with open('README.rst', 'w+', encoding='utf-8') as f:
f.write(rst)
print(f"[*] Finished converting to README.rst ({len(rst)} bytes)")
if __name__ == '__main__':
print("[*] Compiling Yara files")
rules_manager = RulesManager()
rules = rules_manager.compile()
rules_count = rules_manager.save()
print(f"[*] Saved {rules_count} rules to {rules_manager.rules_path}")
print(f"[*] Rules hash: {rules_manager.hash}")
tag_to_identifiers: Dict[str, Set[str]] = {}
for rule in rules:
for t in rule.tags:
if t not in tag_to_identifiers:
tag_to_identifiers[t] = set()
tag_to_identifiers[t].add(rule.identifier)
tag_counts = dict([(k, len(v)) for k, v in tag_to_identifiers.items()])
print("[*] Rule tag counts:")
for tag in sorted(tag_counts.keys()):
count = tag_counts[tag]
