def write_manifest(data): """ Writes an issue to the report. Takes in the section to which the data is to be written, the severity of the data and finally the actual vulnerability to be reported """ if common.reportInitSuccess: try: if os.path.exists( common.getConfig("rootDir") + "/report/report.html"): pre_rendered = open( common.getConfig("rootDir") + "/report/report.html", 'r').read() pre_rendered_html = BeautifulSoup(pre_rendered, 'html5lib') new_code_div = pre_rendered_html.new_tag("code") new_code_div['class'] = "xml" new_code_div.string = data pre_rendered_html.find("pre", id="rawmanifest").append(new_code_div) with open( common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html.prettify())) fh.close() except Exception as e: common.logger.debug("Error writing manifest: " + str(e))
def write_counters(): try: if os.path.exists(common.getConfig("rootDir") + "/report/report.html"): pre_rendered = open(common.getConfig("rootDir") + "/report/report.html",'r').read() pre_rendered_html = BeautifulSoup(pre_rendered,'html5lib') warnings = len(re.findall(r'badger-warning', str(pre_rendered_html))) information = len(re.findall(r'badger-success', str(pre_rendered_html))) vulnerabilities = len(re.findall(r'badger-danger', str(pre_rendered_html))) debug = len(re.findall(r'debug-level', str(pre_rendered_html))) new_div_tag = pre_rendered_html.new_tag("div") new_div_tag.string = str(vulnerabilities) pre_rendered_html.find("h1", id="vulnerability_count").append(new_div_tag) new_div_tag1 = pre_rendered_html.new_tag("div") new_div_tag1.string = str(warnings) pre_rendered_html.find("h1", id="warning_count").append(new_div_tag1) new_div_tag2 = pre_rendered_html.new_tag("div") new_div_tag2.string = str(information) pre_rendered_html.find("h1", id="information_count").append(new_div_tag2) new_div_tag3 = pre_rendered_html.new_tag("div") new_div_tag3.string = str(debug) pre_rendered_html.find("h1", id="debug_count").append(new_div_tag3) with open(common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html.prettify())) fh.close() except Exception as e: common.logger.debug("Error in write_counters: " + str(e))
def write_badger(identity, sev, data, extra=None): if common.reportInitSuccess: try: if os.path.exists(common.getConfig("rootDir") + "/report/report.html"): pre_rendered = open(common.getConfig("rootDir") + "/report/report.html",'r').read() pre_rendered_html = BeautifulSoup(pre_rendered,'html5lib') new_div_tag = pre_rendered_html.new_tag("div") new_div_tag['class'] = badger[sev] new_div_tag['data-badger'] = severity[sev] new_strong_tag = pre_rendered_html.new_tag("strong") new_strong_tag.string = data new_ul_tag = pre_rendered_html.new_tag("ul") if extra is not None: if isinstance(extra, dict): for key,val in extra.items(): for i in extra[key]: if isinstance(i, list) : if len(i)>0: firstelement = True new_ul_tag_depth_1 = pre_rendered_html.new_tag("ul") new_li_tag = pre_rendered_html.new_tag("li") for j in i: if firstelement: new_li_tag.string = j firstelement = False else: new_li_tag_depth_1 = pre_rendered_html.new_tag("li") new_li_tag_depth_1.string = j new_ul_tag_depth_1.append(new_li_tag_depth_1) new_li_tag.append(new_ul_tag_depth_1) new_ul_tag.append(new_li_tag) else: new_li_tag = pre_rendered_html.new_tag("li") new_li_tag.string = i new_ul_tag.append(new_li_tag) elif isinstance(extra, list): for i in extra: new_li_tag = pre_rendered_html.new_tag("li") new_li_tag.string = i new_ul_tag.append(new_li_tag) elif isinstance(extra, str): new_li_tag = pre_rendered_html.new_tag("li") new_li_tag.string = extra new_ul_tag.append(new_li_tag) else: logger.debug("Not a valid type of object in terminalPrint extras") new_div_tag.append(new_strong_tag) new_div_tag.append(new_ul_tag) pre_rendered_html.find("div", id=identity).insert(0, new_div_tag) with open(common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html.prettify())) fh.close() except Exception as e: common.logger.debug("Error badger don't care: " + str(e))
def is_android_sdk_installed(): """ Verify if Android SDK is installed and available for use by QARK """ if common.getConfig('AndroidSDKPath'): os.environ["PATH"] += os.pathsep + common.getConfig('AndroidSDKPath') +'/tools' + os.pathsep + common.getConfig('AndroidSDKPath') +'/platform-tools' + os.pathsep + common.getConfig('AndroidSDKPath') +'/tools/lib' os.environ["ANDROID_HOME"] = common.getConfig('AndroidSDKPath') return True else: return False
def is_android_sdk_installed(): """ Verify if Android SDK is installed and available for use by QARK """ if common.getConfig('AndroidSDKPath'): os.environ["PATH"] += os.pathsep + common.getConfig( 'AndroidSDKPath') + '/tools' + os.pathsep + common.getConfig( 'AndroidSDKPath' ) + '/platform-tools' + os.pathsep + common.getConfig( 'AndroidSDKPath') + '/tools/lib' os.environ["ANDROID_HOME"] = common.getConfig('AndroidSDKPath') return True else: return False
def build_apk(path): """ Builds the APK when path the the source is available """ print "------------ Building Exploit APK ------------" currentDir = common.getConfig("rootDir") os.chdir(currentDir + "/build/" + path) properties = open("local.properties", "w+") os.chdir(currentDir) properties.write("sdk.dir=" + common.getConfig("AndroidSDKPath")) properties.close() os.chdir(currentDir + "/build/" + path) p1 = Popen(["./gradlew", "assembleDebug"], stdout=PIPE, stdin=PIPE, stderr=STDOUT, bufsize=1) for line in iter(p1.stdout.readline, b""): print line,
def buildAPK(path): """ Builds the APK when path the the source is available """ print "------------ Building Exploit APK ------------" currentDir = common.getConfig("rootDir") os.chdir(currentDir + "/build/" + path) properties = open('local.properties','w+') os.chdir(currentDir) properties.write('sdk.dir='+common.getConfig('AndroidSDKPath')) properties.close() os.chdir(currentDir + "/build/" + path) p1 = Popen(['./gradlew',"assembleDebug"], stdout=PIPE, stdin=PIPE, stderr=STDOUT, bufsize=1) for line in iter(p1.stdout.readline, b''): print line,
def getAndroidSDKManager(): """ Gets the location of SDK manager through CLI while in interactive mode, or via settings.properties if running headlessly """ print common.term.yellow + str( common.config.get( 'qarkhelper', 'ANDROID_SDK_INFO')).decode('string-escape').format(t=common.term) print common.term.cyan choice = raw_input( common.config.get('qarkhelper', 'GET_ANDROID_SDK_MANAGER_PROMPT')) if str(choice).lower() == 'y': downloadSDK() else: AndroidSDKPath = raw_input( common.config.get('qarkhelper', 'ANDROID_SDK_MANAGER_PATH_PROMPT')) common.writeKey('AndroidSDKPath', AndroidSDKPath) while not ( os.path.exists(common.getConfig('AndroidSDKPath') + "/tools")): logger.error( str( common.config.get( 'qarkhelper', 'ANDROID_SDK_MANAGER_PATH_PROMPT_AGAIN')).decode( 'string-escape')) print common.term.cyan AndroidSDKPath = raw_input( common.config.get('qarkhelper', 'ANDROID_SDK_MANAGER_PATH_PROMPT')) common.writeKey('AndroidSDKPath', AndroidSDKPath) common.logger.debug("Located SDK")
def createUsing(replacementData): """ Core of the exploit generation\n Takes in a dictionary with (exploittype,replacement value) data, processes them to find all substitutions, and looks up the config.properties to identify all applicable files that require substution """ path = common.getConfig("rootDir") + '/build/qark' data = dict(replacementData) for key,value in data.iteritems(): if key==exploitType.BROADCAST_INTENT: exploit_type="BROADCAST_INTENT" elif key==exploitType.ACTIVITY: exploit_type="ACTIVITY" elif key==exploitType.INTENT: exploit_type="INTENT" elif key==exploitType.MANIFEST: exploit_type="MANIFEST" elif key==exploitType.PERMISSION: exploit_type="PERMISSION" elif key==exploitType.RECEIVER: exploit_type="RECEIVER" elif key==exploitType.SERVICE: exploit_type="SERVICE" for instance in value: replacement_keys = dict(common.config.items('exploit')) for type_key,type_value in replacement_keys.iteritems(): if exploit_type in str(type_key).upper(): replacement_files = dict(common.config.items(type_value)) for file_key,file_value in replacement_files.iteritems(): modifyTemplate2(path + file_value, type_value, instance)
def reset(): """ Flushes the contents of the report """ try: common.reportDir = common.getConfig("rootDir") + "/report" if common.args.reportDir is not None: common.reportDir = common.args.reportDir + "/report" # common.writeKey("reportDir",report_dir); if os.path.exists(common.reportDir): shutil.rmtree(common.reportDir) shutil.copytree(common.getConfig("rootDir") + "/template3", common.reportDir) os.rename(common.reportDir + "/index.html", common.reportDir + "/report.html") except Exception as e: common.logger.debug("Error when trying to reset report")
def list_all_apk(): result = [] adb = common.getConfig('AndroidSDKPath') + "platform-tools/adb" st = os.stat(adb) os.chmod(adb, st.st_mode | stat.S_IEXEC) while True: p1 = Popen([adb, 'devices'], stdout=PIPE, stdin=PIPE, stderr=STDOUT) a = 0 error = False for line in p1.stdout: a = a+1 if "daemon not running. starting it now on port" in line: error = True # If atleast one device is connected if a >2 and not error: break else: common.logger.warning("Waiting for a device to be connected...") time.sleep(5) p0 = Popen([adb, 'shell', 'pm', 'list', 'packages', '-f'], stdout=PIPE, stdin=PIPE, stderr=STDOUT) index = 0 for line in p0.stdout: path = str(line).find('=') result.append(str(line)[8:path]) index+=1 return result
def reset(): """ Flushes the contents of the report """ try: common.reportDir = common.getConfig("rootDir") + "/report" if common.args.reportdir is not None : common.reportDir = common.args.reportdir + "/report" # report_dir = common.args.reportdir # common.writeKey("reportDir",report_dir); if os.path.exists(common.reportDir): shutil.rmtree(common.reportDir) shutil.copytree(common.getConfig("rootDir") + "/template3", common.reportDir) os.rename(common.reportDir + "/index.html", common.reportDir + "/report.html") except Exception as e: common.logger.debug("Error when trying to reset report")
def build_apk(path): """ Builds the APK when path the the source is available """ print "------------ Building Exploit APK ------------" currentDir = common.getConfig( "rootDir") if common.buildLocation == '' else common.buildLocation os.chdir(currentDir + "/build/" + path) properties = open('local.properties', 'w+') os.chdir(currentDir) properties.write('sdk.dir=' + common.getConfig('AndroidSDKPath')) properties.close() os.chdir(currentDir + "/build/" + path) # adb expects settings.properties. # If building from a different directory need to copy it over to the new build directory if common.buildLocation != '': try: settings_properties_path = os.path.abspath( os.path.join(os.path.dirname(__file__), '../settings.properties')) destination = '{}/{}/{}'.format(os.path.abspath(currentDir), 'build/', path) shutil.copy(settings_properties_path, destination) shutil.copy(settings_properties_path, common.buildLocation) common.logger.info('TRIED COPYING %s TO %s', settings_properties_path, destination) except Exception as e: common.logger.exception( 'COPYING SETTINGS.PROPERTIES FROM QARK DIRECTORY FAILED') settings_properties_path = os.path.abspath( os.path.join(os.path.dirname(__file__), '../settings.properties')) common.logger.debug('TRIED COPYING %s TO %s', settings_properties_path, os.path.join(currentDir, "/build/", path)) common.logger.debug('currentDir: %s', currentDir) p1 = Popen(['./gradlew', "assembleDebug"], stdout=PIPE, stdin=PIPE, stderr=STDOUT, bufsize=1) for line in iter(p1.stdout.readline, b''): print line,
def pull_apk(pathOnDevice): adb = common.getConfig('AndroidSDKPath') + "platform-tools/adb" st = os.stat(adb) os.chmod(adb, st.st_mode | stat.S_IEXEC) if not os.path.exists('temp' + "/"): os.makedirs('temp' + "/") p0 = Popen([adb, 'pull', pathOnDevice, 'temp/'+str(pathOnDevice).split('/')[-1]], stdout=PIPE, stdin=PIPE, stderr=STDOUT) for line in p0.stdout: print line, return 'temp/'+str(pathOnDevice).split('/')[-1]
def buildAPK(path): """ Builds the APK when path the the source is available """ print "------------ Building Exploit APK ------------" currentDir = common.getConfig("rootDir") os.chdir(currentDir + "/build/" + path) properties = open('local.properties', 'w+') os.chdir(currentDir) properties.write('sdk.dir=' + common.getConfig('AndroidSDKPath')) properties.close() os.chdir(currentDir + "/build/" + path) p1 = Popen(['./gradlew', "assembleDebug"], stdout=PIPE, stdin=PIPE, stderr=STDOUT, bufsize=1) for line in iter(p1.stdout.readline, b''): print line,
def downloadSDK(): """ Download the SDK from Google """ url = " https://dl.google.com/android/android-sdk_r24.0.2-macosx.zip" file_name = url.split('/')[-1] u = urllib2.urlopen(url) f = open(common.getConfig("rootDir") + "/" + file_name, 'wb') meta = u.info() file_size = int(meta.getheaders("Content-Length")[0]) common.logger.debug( "Downloading: %s \r\n FileName: %s \r\n FileSize: \r\n %s" % (url, file_name, file_size)) block_sz = file_size / 100 count = 0 while True: buffer = u.read(block_sz) if not buffer: break f.write(buffer) count = count + 1 if count % 10 == 0: sys.stdout.write('\r[{0}] {1}%'.format('#' * (count / 10), count)) sys.stdout.flush() f.close() androidSDKZIP = f.name print common.term.cyan + str( common.config.get('qarkhelper', 'FILE_DOWNLOADED_TO') ) + androidSDKZIP.decode('string-escape').format(t=common.term) print common.term.cyan + str(common.config.get( 'qarkhelper', 'UNPACKING')) + androidSDKZIP.decode('string-escape').format( t=common.term) zf = zipfile.ZipFile(androidSDKZIP) for filename in [zf.namelist()]: try: if not os.path.exists(androidSDKZIP.rsplit(".", 1)[0]): os.makedirs(androidSDKZIP.rsplit(".", 1)[0]) zf.extractall( androidSDKZIP.rsplit(".", 1)[0] + "/", zf.namelist(), ) except KeyError: logger.error('Oops!! %s doesnt look like a valid APK', filename) else: logger.info('Done') #We dont need the ZIP file anymore os.remove(androidSDKZIP) common.writeKey('AndroidSDKPath', androidSDKZIP.rsplit(".", 1)[0] + "/android-sdk-macosx/") runSDKManager()
def write(identity, data, tag=None): try: if os.path.exists(common.getConfig("rootDir") + "/report/report.html"): pre_rendered = open(common.getConfig("rootDir") + "/report/report.html",'r').read() pre_rendered_html = BeautifulSoup(pre_rendered,'html5lib') if tag is not None: new_span_tag = pre_rendered_html.new_tag(tag) new_span_tag['class'] = "debug-level" else: new_span_tag = pre_rendered_html.new_tag("span") new_span_tag.string = str(data) pre_rendered_html.find("span", id=identity).append(new_span_tag) with open(common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html.prettify())) fh.close() except Exception as e: common.reportInitSuccess=False common.logger.debug("Report writing error: " + str(e))
def write_manifest(data): """ Writes an issue to the report. Takes in the section to which the data is to be written, the severity of the data and finally the actual vulnerability to be reported """ if common.reportInitSuccess: try: if os.path.exists(common.getConfig("rootDir") + "/report/report.html"): pre_rendered = open(common.getConfig("rootDir") + "/report/report.html",'r').read() pre_rendered_html = BeautifulSoup(pre_rendered,'html5lib') new_code_div = pre_rendered_html.new_tag("code") new_code_div['class'] = "xml" new_code_div.string = data pre_rendered_html.find("pre", id="rawmanifest").append(new_code_div) with open(common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html.prettify())) fh.close() except Exception as e: common.logger.debug("Error writing manifest: " + str(e))
def write_counters(): try: if os.path.exists(common.getConfig("rootDir") + "/report/report.html"): pre_rendered = open( common.getConfig("rootDir") + "/report/report.html", 'r').read() pre_rendered_html = BeautifulSoup(pre_rendered, 'html5lib') warnings = len( re.findall(r'badger-warning', str(pre_rendered_html))) information = len( re.findall(r'badger-success', str(pre_rendered_html))) vulnerabilities = len( re.findall(r'badger-danger', str(pre_rendered_html))) debug = len(re.findall(r'debug-level', str(pre_rendered_html))) new_div_tag = pre_rendered_html.new_tag("div") new_div_tag.string = str(vulnerabilities) pre_rendered_html.find( "h1", id="vulnerability_count").append(new_div_tag) new_div_tag1 = pre_rendered_html.new_tag("div") new_div_tag1.string = str(warnings) pre_rendered_html.find("h1", id="warning_count").append(new_div_tag1) new_div_tag2 = pre_rendered_html.new_tag("div") new_div_tag2.string = str(information) pre_rendered_html.find("h1", id="information_count").append(new_div_tag2) new_div_tag3 = pre_rendered_html.new_tag("div") new_div_tag3.string = str(debug) pre_rendered_html.find("h1", id="debug_count").append(new_div_tag3) with open( common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html.prettify())) fh.close() except Exception as e: common.logger.debug("Error in write_counters: " + str(e))
def run_sdk_manager(): """ Runs the SDK manager """ flag_no_ui = " --no-ui" android = common.getConfig('AndroidSDKPath') + "tools/android" # need to have execute permission on the android executable st = os.stat(android) os.chmod(android, st.st_mode | stat.S_IEXEC) # Android list sdk android_cmd1 = android + "list" + "sdk" + "-a" args1 = shlex.split(android_cmd1) p0 = Popen([android, 'list', 'sdk', '-a'], stdout=PIPE, stdin=PIPE, stderr=STDOUT) # regexpattern = re.compile(r'Android SDK Platform-tools|Android SDK Build-tools|SDK Platform Android 5.0.1|Android Support Repository|Android Support Library') regexpattern = re.compile( r'SDK Platform Android 5.0.1, API 21, revision 2|Android SDK Build-tools, revision 21.1.2|Android Support Repository|Android Support Library|Android SDK Platform-tools' ) selected_filters_list = [] for line in p0.stdout: if regexpattern.search(line): common.logger.debug( 'Selected the following packages for installation:\r\n') common.logger.debug(str(line.rstrip())) selected_filters_list.append(line.rstrip().split('-')[0].strip()) if len(selected_filters_list) == 5: # We have the basic filters needed to compile the exploit APL at this point. break # Android install build tools with selected filters in headless mode selected_filters = myString = ",".join(selected_filters_list) print selected_filters p1 = Popen([ android, 'update', 'sdk', '-a', '--filter', selected_filters, '--no-ui' ], stdout=PIPE, stdin=PIPE, stderr=STDOUT, bufsize=1) if not common.interactive_mode: p1.stdin.write(common.args.acceptterms) else: p1.stdin.write("y\n") for line in iter(p1.stdout.readline, b''): print line, if "Do you accept the license" in line: p1.stdin.flush() p1.stdin.write("y\n") output, err = p1.communicate("y\n") common.set_environment_variables()
def write(identity, data, tag=None): try: if os.path.exists(common.getConfig("rootDir") + "/report/report.html"): pre_rendered = open( common.getConfig("rootDir") + "/report/report.html", 'r').read() pre_rendered_html = BeautifulSoup(pre_rendered, 'html5lib') if tag is not None: new_span_tag = pre_rendered_html.new_tag(tag) new_span_tag['class'] = "debug-level" else: new_span_tag = pre_rendered_html.new_tag("span") new_span_tag.string = str(data) pre_rendered_html.find("span", id=identity).append(new_span_tag) with open(common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html.prettify())) fh.close() except Exception as e: common.reportInitSuccess = False common.logger.debug("Report writing error: " + str(e))
def run_sdk_manager(): """ Runs the SDK manager """ flag_no_ui = " --no-ui" android = common.getConfig("AndroidSDKPath") + "tools/android" # need to have execute permission on the android executable st = os.stat(android) os.chmod(android, st.st_mode | stat.S_IEXEC) # Android list sdk android_cmd1 = android + "list" + "sdk" + "-a" args1 = shlex.split(android_cmd1) p0 = Popen([android, "list", "sdk", "-a"], stdout=PIPE, stdin=PIPE, stderr=STDOUT) # regexpattern = re.compile(r'Android SDK Platform-tools|Android SDK Build-tools|SDK Platform Android 5.0.1|Android Support Repository|Android Support Library') regexpattern = re.compile( r"SDK Platform Android 5.0.1, API 21, revision 2|Android SDK Build-tools, revision 21.1.2|Android Support Repository|Android Support Library|Android SDK Platform-tools" ) selected_filters_list = [] for line in p0.stdout: if regexpattern.search(line): common.logger.debug("Selected the following packages for installation:\r\n") common.logger.debug(str(line.rstrip())) selected_filters_list.append(line.rstrip().split("-")[0].strip()) if len(selected_filters_list) == 5: # We have the basic filters needed to compile the exploit APL at this point. break # Android install build tools with selected filters in headless mode selected_filters = myString = ",".join(selected_filters_list) print selected_filters p1 = Popen( [android, "update", "sdk", "-a", "--filter", selected_filters, "--no-ui"], stdout=PIPE, stdin=PIPE, stderr=STDOUT, bufsize=1, ) if not common.interactive_mode: p1.stdin.write(common.args.acceptterms) else: p1.stdin.write("y\n") for line in iter(p1.stdout.readline, b""): print line, if "Do you accept the license" in line: p1.stdin.flush() p1.stdin.write("y\n") output, err = p1.communicate("y\n") common.set_environment_variables()
def reset(): """ Flushes the contents of the report """ try: if os.path.exists(common.getConfig("rootDir") + "/report"): shutil.rmtree(common.getConfig("rootDir") + "/report") shutil.copytree(common.getConfig("rootDir") + "/template3", common.getConfig("rootDir") + "/report") os.rename(common.getConfig("rootDir") + "/report/index.html", common.getConfig("rootDir") + "/report/report.html") except Exception as e: common.logger.debug("Error when trying to reset report")
def getAndroidSDKManager(): """ Gets the location of SDK manager through CLI while in interactive mode, or via settings.properties if running headlessly """ print common.term.yellow + str(common.config.get('qarkhelper','ANDROID_SDK_INFO')).decode('string-escape').format(t=common.term) print common.term.cyan choice=raw_input(common.config.get('qarkhelper','GET_ANDROID_SDK_MANAGER_PROMPT')) if str(choice).lower()=='y': downloadSDK() else: AndroidSDKPath=raw_input(common.config.get('qarkhelper','ANDROID_SDK_MANAGER_PATH_PROMPT')) common.writeKey('AndroidSDKPath', AndroidSDKPath) while not (os.path.exists(common.getConfig('AndroidSDKPath') + "/tools")): logger.error(str(common.config.get('qarkhelper','ANDROID_SDK_MANAGER_PATH_PROMPT_AGAIN')).decode('string-escape')) print common.term.cyan AndroidSDKPath=raw_input(common.config.get('qarkhelper','ANDROID_SDK_MANAGER_PATH_PROMPT')) common.writeKey('AndroidSDKPath', AndroidSDKPath) common.logger.debug("Located SDK")
def downloadSDK(): """ Download the SDK from Google """ url = " https://dl.google.com/android/android-sdk_r24.0.2-macosx.zip" file_name = url.split('/')[-1] u = urllib2.urlopen(url) f = open(common.getConfig("rootDir") + "/" + file_name, 'wb') meta = u.info() file_size = int(meta.getheaders("Content-Length")[0]) common.logger.debug("Downloading: %s \r\n FileName: %s \r\n FileSize: \r\n %s" % (url, file_name, file_size)) block_sz = file_size/100 count = 0 while True: buffer = u.read(block_sz) if not buffer: break f.write(buffer) count = count + 1 if count%10==0: sys.stdout.write('\r[{0}] {1}%'.format('#'*(count/10), count)) sys.stdout.flush() f.close() androidSDKZIP = f.name print common.term.cyan + str(common.config.get('qarkhelper','FILE_DOWNLOADED_TO')) + androidSDKZIP.decode('string-escape').format(t=common.term) print common.term.cyan + str(common.config.get('qarkhelper','UNPACKING')) + androidSDKZIP.decode('string-escape').format(t=common.term) zf = zipfile.ZipFile(androidSDKZIP) for filename in [ zf.namelist()]: try: if not os.path.exists(androidSDKZIP.rsplit(".",1)[0]): os.makedirs(androidSDKZIP.rsplit(".",1)[0]) zf.extractall(androidSDKZIP.rsplit(".",1)[0] + "/", zf.namelist(), ) except KeyError: logger.error('Oops!! %s doesnt look like a valid APK', filename) else: logger.info('Done') #We dont need the ZIP file anymore os.remove(androidSDKZIP) common.writeKey('AndroidSDKPath', androidSDKZIP.rsplit(".",1)[0] + "/android-sdk-macosx/") runSDKManager()
def reset(): """ Flushes the contents of the report """ try: if os.path.exists(common.getConfig("rootDir") + "/report"): shutil.rmtree(common.getConfig("rootDir") + "/report") shutil.copytree( common.getConfig("rootDir") + "/template3", common.getConfig("rootDir") + "/report") os.rename( common.getConfig("rootDir") + "/report/index.html", common.getConfig("rootDir") + "/report/report.html") except Exception as e: common.logger.debug("Error when trying to reset report")
def uninstall(package): print "trying to uninstall " + package result = [] adb = common.getConfig('AndroidSDKPath') + "platform-tools/adb" st = os.stat(adb) os.chmod(adb, st.st_mode | stat.S_IEXEC) while True: p1 = Popen([adb, 'devices'], stdout=PIPE, stdin=PIPE, stderr=STDOUT) a = 0 for line in p1.stdout: a = a+1 # If atleast one device is connected if a >2 : break else: common.logger.warning("Waiting for a device to be connected...") time.sleep(5) uninstall = Popen([adb, 'shell', 'pm', 'uninstall', package], stdout=PIPE, stdin=PIPE, stderr=STDOUT) for line in uninstall.stdout: if "Failure" in line: package = re.sub('-\d$', '', package) uninstall_try_again = Popen([adb, 'shell', 'pm', 'uninstall', package], stdout=PIPE, stdin=PIPE, stderr=STDOUT) return
parser.error("Please provide a valid Debug level (10,20,30,40,50,60)") exploit_choice = 1 if common.args.version: version() if common.args.basesdk is not None: common.writeKey('AndroidSDKPath', str(common.args.basesdk).strip()) ####################################### #Reset any old report report.reset() common.set_environment_variables() #Copy the exploit code into a separate temp directory if not os.path.exists(common.getConfig("rootDir") + "/build"): shutil.copytree(common.getConfig("rootDir") + "/exploitAPKs", common.getConfig("rootDir") + "/build") common.logger.info(common.config.get('qarkhelper', 'STARTUP')) if not sdkManager.is_android_sdk_installed(): sdkManager.get_android_sdk_manager() else: common.logger.info( common.config.get('qarkhelper', 'SDK_INSTALLATION_IDENTIFIED')) common.minSdkVersion=1 def read_files(filename,rex): things_to_inspect=[] with open(filename) as f: content=f.readlines()
def write_adb_commands(identity, sev, data, extra=None, infobartext=None): try: if os.path.exists(common.getConfig("rootDir") + "/report/report.html"): pre_rendered = open( common.getConfig("rootDir") + "/report/report.html", 'r').read() pre_rendered_html = BeautifulSoup(pre_rendered, 'html5lib') new_div_tag = pre_rendered_html.new_tag("div") new_div_tag['class'] = badger[sev] if infobartext is not None: new_div_tag['data-badger'] = infobartext else: new_div_tag['data-badger'] = severity[sev] new_strong_tag = pre_rendered_html.new_tag("kbd") new_strong_tag.string = data new_ul_tag = pre_rendered_html.new_tag("ul") if extra is not None: if isinstance(extra, dict): for key, val in extra.items(): for i in extra[key]: if isinstance(i, list): if len(i) > 0: firstelement = True new_ul_tag_depth_1 = pre_rendered_html.new_tag( "ul") new_li_tag = pre_rendered_html.new_tag( "li") for j in i: if firstelement: new_li_tag.string = j firstelement = False else: new_li_tag_depth_1 = pre_rendered_html.new_tag( "li") new_li_tag_depth_1.string = j new_ul_tag_depth_1.append( new_li_tag_depth_1) new_li_tag.append(new_ul_tag_depth_1) new_ul_tag.append(new_li_tag) else: new_li_tag = pre_rendered_html.new_tag("li") new_li_tag.string = i new_ul_tag.append(new_li_tag) elif isinstance(extra, list): for i in extra: new_li_tag = pre_rendered_html.new_tag("li") new_li_tag.string = i new_ul_tag.append(new_li_tag) elif isinstance(extra, str): new_li_tag = pre_rendered_html.new_tag("li") new_li_tag.string = extra new_ul_tag.append(new_li_tag) else: logger.debug( "Not a valid type of object in terminalPrint extras") new_div_tag.append(new_strong_tag) new_div_tag.append(new_ul_tag) pre_rendered_html.find("div", id=identity).insert(0, new_div_tag) with open(common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html.prettify())) fh.close() except Exception as e: common.logger.debug("Error writing ADB commands to report: " + str(e))
parser.error("Please provide a valid Debug level (10,20,30,40,50,60)") exploit_choice = 1 if common.args.version: version() if common.args.basesdk is not None: common.writeKey('AndroidSDKPath', str(common.args.basesdk).strip()) ####################################### #Reset any old report report.reset() common.set_environment_variables() #Copy the exploit code into a separate temp directory if not os.path.exists(common.getConfig("rootDir") + "/build"): shutil.copytree(common.getConfig("rootDir") + "/exploitAPKs", common.getConfig("rootDir") + "/build") common.logger.info(common.config.get('qarkhelper', 'STARTUP')) if not sdkManager.is_android_sdk_installed(): sdkManager.get_android_sdk_manager() else: common.logger.info( common.config.get('qarkhelper', 'SDK_INSTALLATION_IDENTIFIED')) common.minSdkVersion=1 #Begin common.logger.info('Initializing QARK\n') common.checkJavaVersion()
def writeSection(sec, data_list): try: pre_rendered = open( common.getConfig("rootDir") + "/report/report.html", 'r').read() pre_rendered_html2 = BeautifulSoup(pre_rendered, 'html5lib') list_of_files = [] #Gather unique files for item in data_list: if isinstance(item, ReportIssue): if item.getFile() in list_of_files: pass else: list_of_files.append(item.getFile()) #Consolidate issues by filename for file in list_of_files: issues = {} details = [] file_name = "No Filename provided" for item in data_list: if isinstance(item, ReportIssue): if file == item.getFile(): file_name = str(item.getFile()) if item.getDetails() is not None: details.append(item.getDetails()) for key, value in item.getExtras().iteritems(): issues[key] = value #Construct HTML blob new_tag_webview_issue = pre_rendered_html2.new_tag("div") new_tag_webview_issue['class'] = str(section[sec] + "-issue") new_div_image_tag = pre_rendered_html2.new_tag("div") new_div_image_tag['class'] = "blockquote-box clearfix" new_div_image_square_tag = pre_rendered_html2.new_tag("div") new_div_image_square_tag['class'] = "square pull-left" new_glyphicon_tag = pre_rendered_html2.new_tag("span") new_glyphicon_tag['class'] = "glyphicon glyphicon-list-alt white" new_div_image_square_tag.append(new_glyphicon_tag) new_div_image_tag.append(new_div_image_square_tag) new_tag_h4 = pre_rendered_html2.new_tag("h6") new_div_image_tag.append(new_tag_h4) new_code_tag = pre_rendered_html2.new_tag("code") new_p_class = pre_rendered_html2.new_tag("p") new_p_class['class'] = "clip-ellipsis" if len(file_name) > 85: trim = 75 else: trim = 0 new_code_tag.string = '...{}'.format(file_name[-trim:]) new_p_class.append(new_code_tag) new_div_image_tag.append(new_p_class) br_tag = pre_rendered_html2.new_tag("br") new_div_image_tag.append(br_tag) new_div_image_tag.append(br_tag) new_tag_div = pre_rendered_html2.new_tag("div") new_tag_div['class'] = "span4 collapse-group" new_br_tag_1 = pre_rendered_html2.new_tag("br/") new_tag_div.insert(0, new_br_tag_1) new_tag_p = pre_rendered_html2.new_tag("p") new_tag_div.append(new_tag_p) new_div_image_tag.append(new_tag_div) new_tag_a = pre_rendered_html2.new_tag("a") new_tag_a['class'] = "collapse-button" new_tag_a.string = "View details >>" new_tag_p.append(new_tag_a) new_tag_p_details = pre_rendered_html2.new_tag("div") new_tag_p_details['class'] = "collapse" new_strong_tag = pre_rendered_html2.new_tag("strong") new_strong_tag.string = "File: " new_code_tag = pre_rendered_html2.new_tag("code") new_code_tag.string = file_name new_strong_tag.append(new_code_tag) new_br_tag_1.append(new_strong_tag) new_h4_tag = pre_rendered_html2.new_tag("h4") #new_small_tag = pre_rendered_html2.new_tag("small") new_strong_tag = pre_rendered_html2.new_tag("strong") new_strong_tag['class'] = "details" new_ul_tag = pre_rendered_html2.new_tag("ul") new_div_tag = pre_rendered_html2.new_tag("div") data = "" count = 0 for item in details: new_br_tag = pre_rendered_html2.new_tag("br/") new_li_tag = pre_rendered_html2.new_tag("li") new_li_tag.string = item if count % 2 == 0: new_li_tag['class'] = "row-even" else: new_li_tag['class'] = "row-odd" count = count + 1 new_ul_tag.append(new_li_tag) new_div_tag.append(new_ul_tag) new_strong_tag.append(new_div_tag) #new_small_tag.append(new_strong_tag) new_h4_tag.append(new_strong_tag) new_div_tag_1 = pre_rendered_html2.new_tag("div") new_div_tag_1['class'] = badger[Severity.INFO] new_div_tag_1['data-badger'] = severity[Severity.INFO] new_div_tag_1.append(new_br_tag_1) new_div_tag_1.append(new_h4_tag) new_tag_p_details.append(new_div_tag_1) new_tag_div.append(new_tag_p_details) new_div_image_tag.append(new_tag_div) pre_rendered_html2.find( "div", id=str(section[sec] + "-issues-list")).append(new_div_tag_1) with open( common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html2.prettify())) fh.close() except Exception as e: logger.debug(e.message) logger.debug(e)
def download_sdk(): """ Download the SDK from Google """ url = "" url_macosx = "https://dl.google.com/android/android-sdk_r24.0.2-macosx.zip" url_linux = "https://dl.google.com/android/android-sdk_r24.3.4-linux.tgz" if sys.platform == "linux2": url = url_linux else: url = url_macosx file_name = url.split("/")[-1] u = urllib2.urlopen(url) f = open(common.getConfig("rootDir") + "/" + file_name, "wb") meta = u.info() file_size = int(meta.getheaders("Content-Length")[0]) common.logger.debug("Downloading: %s \r\n FileName: %s \r\n FileSize: \r\n %s" % (url, file_name, file_size)) block_sz = file_size / 100 count = 0 while True: buffer = u.read(block_sz) if not buffer: break f.write(buffer) count = count + 1 if count % 10 == 0: sys.stdout.write("\r[{0}] {1}%".format("#" * (count / 10), count)) sys.stdout.flush() f.close() androidSDKZIP = f.name print common.term.cyan + str(common.config.get("qarkhelper", "FILE_DOWNLOADED_TO")) + androidSDKZIP.decode( "string-escape" ).format(t=common.term) print common.term.cyan + str(common.config.get("qarkhelper", "UNPACKING")) + androidSDKZIP.decode( "string-escape" ).format(t=common.term) if sys.platform == "linux2": try: if not os.path.exists(androidSDKZIP.rsplit(".", 1)[0]): os.makedirs(androidSDKZIP.rsplit(".", 1)[0]) extract(androidSDKZIP, androidSDKZIP.rsplit(".", 1)[0]) except Exception as e: logger.error(e.message) common.writeKey("AndroidSDKPath", androidSDKZIP.rsplit(".", 1)[0] + "/android-sdk-linux/") else: zf = zipfile.ZipFile(androidSDKZIP) for filename in [zf.namelist()]: try: if not os.path.exists(androidSDKZIP.rsplit(".", 1)[0]): os.makedirs(androidSDKZIP.rsplit(".", 1)[0]) zf.extractall(androidSDKZIP.rsplit(".", 1)[0] + "/", zf.namelist()) except Exception as e: logger.error(e.message) else: logger.info("Done") common.writeKey("AndroidSDKPath", androidSDKZIP.rsplit(".", 1)[0] + "/android-sdk-macosx/") # We dont need the ZIP file anymore os.remove(androidSDKZIP) run_sdk_manager()
def writeSection(sec,data_list): try: pre_rendered = open(common.getConfig("rootDir") + "/report/report.html",'r').read() pre_rendered_html2 = BeautifulSoup(pre_rendered,'html5lib') list_of_files = [] #Gather unique files for item in data_list: if isinstance(item, ReportIssue): if item.getFile() in list_of_files: pass else: list_of_files.append(item.getFile()) #Consolidate issues by filename for file in list_of_files: issues = {} details = [] file_name = "No Filename provided" for item in data_list: if isinstance(item, ReportIssue): if file == item.getFile(): file_name = str(item.getFile()) if item.getDetails() is not None: details.append(item.getDetails()) for key, value in item.getExtras().iteritems(): issues[key]=value #Construct HTML blob new_tag_webview_issue = pre_rendered_html2.new_tag("div") new_tag_webview_issue['class']=str(section[sec] + "-issue") new_div_image_tag = pre_rendered_html2.new_tag("div") new_div_image_tag['class']="blockquote-box clearfix" new_div_image_square_tag = pre_rendered_html2.new_tag("div") new_div_image_square_tag['class']="square pull-left" new_glyphicon_tag = pre_rendered_html2.new_tag("span") new_glyphicon_tag['class']="glyphicon glyphicon-list-alt white" new_div_image_square_tag.append(new_glyphicon_tag) new_div_image_tag.append(new_div_image_square_tag) new_tag_h4 = pre_rendered_html2.new_tag("h6") new_div_image_tag.append(new_tag_h4) new_code_tag = pre_rendered_html2.new_tag("code") new_p_class = pre_rendered_html2.new_tag("p") new_p_class['class']="clip-ellipsis" if len(file_name)>85: trim = 75 else: trim = 0 new_code_tag.string = '...{}'.format(file_name[-trim:]) new_p_class.append(new_code_tag) new_div_image_tag.append(new_p_class) br_tag = pre_rendered_html2.new_tag("br") new_div_image_tag.append(br_tag) new_div_image_tag.append(br_tag) new_tag_div = pre_rendered_html2.new_tag("div") new_tag_div['class']="span4 collapse-group" new_br_tag_1 = pre_rendered_html2.new_tag("br/") new_tag_div.insert(0, new_br_tag_1) new_tag_p = pre_rendered_html2.new_tag("p") new_tag_div.append(new_tag_p) new_div_image_tag.append(new_tag_div) new_tag_a = pre_rendered_html2.new_tag("a") new_tag_a['class']="collapse-button" new_tag_a.string = "View details >>" new_tag_p.append(new_tag_a) new_tag_p_details = pre_rendered_html2.new_tag("div") new_tag_p_details['class']="collapse" new_strong_tag = pre_rendered_html2.new_tag("strong") new_strong_tag.string = "File: " new_code_tag = pre_rendered_html2.new_tag("code") new_code_tag.string = file_name new_strong_tag.append(new_code_tag) new_br_tag_1.append(new_strong_tag) new_h4_tag = pre_rendered_html2.new_tag("h4") #new_small_tag = pre_rendered_html2.new_tag("small") new_strong_tag = pre_rendered_html2.new_tag("strong") new_strong_tag['class']="details" new_ul_tag = pre_rendered_html2.new_tag("ul") new_div_tag = pre_rendered_html2.new_tag("div") data = "" count = 0 for item in details: new_br_tag = pre_rendered_html2.new_tag("br/") new_li_tag = pre_rendered_html2.new_tag("li") new_li_tag.string = item if count % 2 == 0: new_li_tag['class'] = "row-even" else: new_li_tag['class'] = "row-odd" count = count + 1 new_ul_tag.append(new_li_tag) new_div_tag.append(new_ul_tag) new_strong_tag.append(new_div_tag) #new_small_tag.append(new_strong_tag) new_h4_tag.append(new_strong_tag) new_div_tag_1 = pre_rendered_html2.new_tag("div") new_div_tag_1['class'] = badger[Severity.INFO] new_div_tag_1['data-badger'] = severity[Severity.INFO] new_div_tag_1.append(new_br_tag_1) new_div_tag_1.append(new_h4_tag) new_tag_p_details.append(new_div_tag_1) new_tag_div.append(new_tag_p_details) new_div_image_tag.append(new_tag_div) pre_rendered_html2.find("div", id=str(section[sec] + "-issues-list")).append(new_div_tag_1) with open(common.getConfig("rootDir") + "/report/report.html", "w") as fh: fh.write(str(pre_rendered_html2.prettify())) fh.close() except Exception as e: logger.debug(e.message) logger.debug(e)