def execute(self, arguments): package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES) application = package.applicationInfo appname = str(application.packageName) opHlr = Output(appname) node_backup = opHlr.insert("Backup") if self.__write_manifest(package.packageName): print "ok" opHlr.insert("AllowBackup", "False", node_backup) else: opHlr.insert("AllowBackup", "True", node_backup) print "allowBackup" opHlr.write()
def execute(self, arguments): package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES) application = package.applicationInfo appname = str(application.packageName) opHlr = Output(appname) uris = self.findAllContentUris(arguments.package) node_FindUri = opHlr.insert("FindUri") if len(uris) > 0: for uri in uris: self.stdout.write("%s\n" % uri[uri.upper().find("CONTENT"):]) opHlr.insert("item", uri[uri.upper().find("CONTENT"):], node_FindUri) else: self.stdout.write("No Content URIs found.\n") opHlr.insert("item", "No Content URIs found", node_FindUri) opHlr.write()
def execute(self, arguments): appname = arguments.package_or_uri opHlr = Output(appname) node_SqlTables = opHlr.insert("SqlTables") results = [] if arguments.package_or_uri != None and arguments.package_or_uri.startswith("content://"): results.append(self.__test_uri(arguments.package_or_uri, opHlr, node_SqlTables)) else: for uri in self.findAllContentUris(arguments.package_or_uri): results.append(self.__test_uri(uri, opHlr, node_SqlTables)) if results: self.stdout.write('\n'.join(filter(None, results)) + '\n') else: node_table = opHlr.insert("Table", None, node_SqlTables) self.stdout.write("No results found.\n") opHlr.insert("item", "No results found.", node_table) opHlr.write()
def execute(self, arguments): filename = "permission" opHlr = Output(filename) node_per = opHlr.insert("permission") con = self.getContext() pm = con.getPackageManager() res = con.getResources() if (arguments.permission): prot = self.__getProtLevel(pm, arguments.permission) if (prot != ""): self.stdout.write(self.__getDescription(pm, res, arguments.permission) + "\n") self.stdout.write(prot + "\n") else: self.stdout.write("No such permission defined\n") else: permissionList = [] # Iterate through each package and get unique permissions for package in self.packageManager().getPackages(common.PackageManager.GET_PERMISSIONS): if package.requestedPermissions != None: for permission in package.requestedPermissions: if permission not in permissionList: permissionList.append(str(permission)) # Print sorted for permission in sorted(permissionList): prot = self.__getProtLevel(pm, permission) display = False if (arguments.protectionlevel): if (arguments.protectionlevel.upper() in prot.upper()): display = True else: display = True if (display): node_item = opHlr.insert("item") self.stdout.write(permission + "\n") opHlr.insert("Name", permission, node_item) self.stdout.write(self.__getDescription(pm, res, permission) + "\n") opHlr.insert("Desc", self.__getDescription(pm, res, permission), node_item) self.stdout.write(prot + "\n\n") opHlr.insert("Prot", prot, node_item) opHlr.write()
def execute(self, arguments): package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES) application = package.applicationInfo appname = str(application.packageName) opHlr = Output(appname) try: if arguments.package != None: package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES) application = package.applicationInfo activities = self.match_filter(package.activities, 'exported', True) receivers = self.match_filter(package.receivers, 'exported', True) providers = self.match_filter(package.providers, 'exported', True) services = self.match_filter(package.services, 'exported', True) self.stdout.write("Attack Surface:\n") self.stdout.write(" %d activities exported\n" % len(activities)) self.stdout.write(" %d broadcast receivers exported\n" % len(receivers)) self.stdout.write(" %d content providers exported\n" % len(providers)) self.stdout.write(" %d services exported\n" % len(services)) node_Attack_Surface = opHlr.insert("Attack_Surface") opHlr.insert("activities_exported", len(activities), node_Attack_Surface) opHlr.insert("broadcast_receivers_exported", len(receivers), node_Attack_Surface) opHlr.insert("content_providers_exported", len(providers), node_Attack_Surface) opHlr.insert("services_exported", len(services), node_Attack_Surface) if (application.flags & application.FLAG_DEBUGGABLE) != 0: self.stdout.write(" is debuggable\n") if package.sharedUserId != None: self.stdout.write(" Shared UID (%s)\n" % package.sharedUserId) opHlr.write() else: self.stdout.write("No package specified\n") except IOError, e: self.stdout.write("something wrong with file") self.stdout.write(e) return 0
def execute(self, arguments): # print help(arguments) package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES) application = package.applicationInfo appname = str(application.packageName) opHlr = Output(appname) node_browsable = opHlr.insert("Browsable") #One or all packages if arguments.package != None: packages = [self.packageManager().getPackageInfo(arguments.package, 0)] else: packages = self.packageManager().getPackages() for package in packages: try: returned = self.getBrowsable(package.packageName) if (len(returned['uris']) > 0) or (len(returned['classNames']) > 0): if arguments.filter: # Make sure filter value is in returned schemes or package name if arguments.filter in ''.join(returned['uris']) or arguments.filter in ''.join(returned['classNames']) or arguments.filter in package.packageName: showResult = True else: showResult = False else: showResult = True if showResult: self.stdout.write("Package: %s\n" % str(package.packageName)) self.stdout.write(" Invocable URIs:\n") node_URIs = opHlr.insert("Invocable_URIs", None, node_browsable) for i in returned['uris']: self.stdout.write(" %s\n" % str(i)) opHlr.insert("item", str(i), node_URIs) self.stdout.write(" Classes:\n") node_Classes = opHlr.insert("Classes", None, node_browsable) for i in returned['classNames']: self.stdout.write(" %s\n" % str(i)) opHlr.insert("item", str(i), node_Classes) self.stdout.write("\n") except Exception, e: pass # amazing error checking
def execute(self, arguments): # print arguments.package_or_uri # package = self.packageManager().getPackageInfo(arguments.package, common.PackageManager.GET_ACTIVITIES | common.PackageManager.GET_RECEIVERS | common.PackageManager.GET_PROVIDERS | common.PackageManager.GET_SERVICES) appname = arguments.package_or_uri # application = package.applicationInfo # appname = str(application.packageName) opHlr = Output(appname) node_injection = opHlr.insert("Injection") vulnerable = { 'projection': set([]), 'selection': set([]), 'uris': set([]) } if arguments.package_or_uri != None and arguments.package_or_uri.startswith("content://"): self.__test_uri(arguments.package_or_uri, vulnerable) else: for uri in self.findAllContentUris(arguments.package_or_uri): self.__test_uri(uri, vulnerable) # remove the collection of vulnerable URIs from the set of all URIs vulnerable['uris'] = vulnerable['uris'] - vulnerable['projection'] - vulnerable['selection'] # print out a report self.stdout.write("Not Vulnerable:\n") node_Not_Vulnerable = opHlr.insert("Not_Vulnerable", None, node_injection) if len(vulnerable['uris']) > 0: for uri in vulnerable['uris']: self.stdout.write(" %s\n" % uri) opHlr.insert("item", uri, node_Not_Vulnerable) else: self.stdout.write(" No non-vulnerable URIs found.\n") opHlr.insert("item", "No non-vulnerable URIs found", node_Not_Vulnerable) self.stdout.write("\nInjection in Projection:\n") node_Injection_Projection = opHlr.insert("Injection_Projection", None, node_injection) if len(vulnerable['projection']) > 0: for uri in vulnerable['projection']: self.stdout.write(" %s\n" % uri) opHlr.insert("item", uri, node_Injection_Projection) else: self.stdout.write(" No vulnerabilities found.\n") opHlr.insert("item", "No vulnerabilities found", node_Injection_Projection) self.stdout.write("\nInjection in Selection:\n") node_Injection_Selection = opHlr.insert("Injection_Selection", None, node_injection) if len(vulnerable['selection']) > 0: for uri in vulnerable['selection']: self.stdout.write(" %s\n" % uri) opHlr.insert("item", uri, node_Injection_Selection) else: self.stdout.write(" No vulnerabilities found.\n") opHlr.insert("item", "No vulnerabilities found", node_Injection_Selection) opHlr.write()