def activity_tester(request):
"""Activity Tester"""
print("\n[INFO] Activity Tester")
try:
md5_hash = request.POST['md5']
package = request.POST['pkg']
if re.match('^[0-9a-f]{32}$', md5_hash):
if re.findall(r";|\$\(|\|\||&&", package):
print("[ATTACK] Possible RCE")
return HttpResponseRedirect('/error/')
if request.method == 'POST':
base_dir = settings.BASE_DIR
app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
screen_dir = os.path.join(app_dir, 'screenshots-apk/')
if not os.path.exists(screen_dir):
os.makedirs(screen_dir)
data = {}
adb = getADB()
static_android_db = StaticAnalyzerAndroid.objects.filter(
MD5=md5_hash)
if static_android_db.exists():
print("\n[INFO] Fetching Activity List from DB")
activities = python_list(static_android_db[0].ACTIVITIES)
if activities:
act_no = 0
print("\n[INFO] Starting Activity Tester...")
print("\n[INFO] " + str(len(activities)) +
" Activities Identified")
for line in activities:
try:
act_no += 1
print("\n[INFO] Launching Activity - " +
str(act_no) + ". " + line)
adb_command([
"am", "start", "-n", package + "/" + line
], True)
# AVD is much slower, it should get extra time
if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
wait(8)
else:
wait(4)
adb_command([
"screencap", "-p", "/data/local/screen.png"
], True)
#? get appended from Air :-() if activity names are used
adb_command([
"pull", "/data/local/screen.png",
screen_dir + "act-" + str(act_no) + ".png"
])
print("\n[INFO] Activity Screenshot Taken")
adb_command(["am", "force-stop", package],
True)
print("\n[INFO] Stopping App")
except:
PrintException("Activity Tester")
data = {'acttest': 'done'}
else:
print("\n[INFO] Activity Tester - No Activity Found!")
data = {'acttest': 'noact'}
return HttpResponse(json.dumps(data),
content_type='application/json')
else:
print("\n[ERROR] Entry does not exist in DB.")
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
except:
PrintException("[ERROR] Activity Tester")
return HttpResponseRedirect('/error/')
def activity_tester(request):
"""Activity Tester"""
print("\n[INFO] Activity Tester")
try:
md5_hash = request.POST['md5']
package = request.POST['pkg']
if re.match('^[0-9a-f]{32}$', md5_hash):
if re.findall(r";|\$\(|\|\||&&", package):
print("[ATTACK] Possible RCE")
return HttpResponseRedirect('/error/')
if request.method == 'POST':
base_dir = settings.BASE_DIR
app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
screen_dir = os.path.join(app_dir, 'screenshots-apk/')
if not os.path.exists(screen_dir):
os.makedirs(screen_dir)
data = {}
adb = getADB()
static_android_db = StaticAnalyzerAndroid.objects.filter(
MD5=md5_hash)
if static_android_db.exists():
print("\n[INFO] Fetching Activity List from DB")
activities = python_list(static_android_db[0].ACTIVITIES)
if activities:
act_no = 0
print("\n[INFO] Starting Activity Tester...")
print("\n[INFO] " + str(len(activities)) +
" Activities Identified")
for line in activities:
try:
act_no += 1
print("\n[INFO] Launching Activity - " +
str(act_no) + ". " + line)
adb_command(
["am", "start", "-n", package + "/" + line], True)
# AVD is much slower, it should get extra time
if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
wait(8)
else:
wait(4)
adb_command(
["screencap", "-p", "/data/local/screen.png"], True)
#? get appended from Air :-() if activity names are used
adb_command(["pull", "/data/local/screen.png",
screen_dir + "act-" + str(act_no) + ".png"])
print("\n[INFO] Activity Screenshot Taken")
adb_command(
["am", "force-stop", package], True)
print("\n[INFO] Stopping App")
except:
PrintException("Activity Tester")
data = {'acttest': 'done'}
else:
print("\n[INFO] Activity Tester - No Activity Found!")
data = {'acttest': 'noact'}
return HttpResponse(json.dumps(data), content_type='application/json')
else:
print("\n[ERROR] Entry does not exist in DB.")
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
else:
return HttpResponseRedirect('/error/')
except:
PrintException("[ERROR] Activity Tester")
return HttpResponseRedirect('/error/')
def exported_activity_tester(request):
"""Exported Activity Tester"""
logger.info("Exported Activity Tester")
try:
md5_hash = request.POST['md5']
package = request.POST['pkg']
if re.match('^[0-9a-f]{32}$', md5_hash):
if re.findall(r";|\$\(|\|\||&&", package):
return print_n_send_error_response(request,
"Possible RCE Attack", True)
if request.method == 'POST':
base_dir = settings.BASE_DIR
app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
screen_dir = os.path.join(app_dir, 'screenshots-apk/')
if not os.path.exists(screen_dir):
os.makedirs(screen_dir)
data = {}
adb = getADB()
static_android_db = StaticAnalyzerAndroid.objects.filter(
MD5=md5_hash)
if static_android_db.exists():
logger.info("Fetching Exported Activity List from DB")
exported_act = python_list(
static_android_db[0].EXPORTED_ACT)
if exported_act:
exp_act_no = 0
logger.info("Starting Exported Activity Tester...")
logger.info("" + str(len(exported_act)) +
" Exported Activities Identified")
for line in exported_act:
try:
exp_act_no += 1
logger.info("Launching Exported Activity - " +
str(exp_act_no) + ". " + line)
adb_command([
"am", "start", "-n", package + "/" + line
], True)
# AVD is much slower, it should get extra time
if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
wait(8)
else:
wait(4)
adb_command([
"screencap", "-p", "/data/local/screen.png"
], True)
#? get appended from Air :-() if activity names are used
adb_command([
"pull", "/data/local/screen.png",
screen_dir + "expact-" + str(exp_act_no) +
".png"
])
logger.info("Activity Screenshot Taken")
adb_command(["am", "force-stop", package],
True)
logger.info("Stopping App")
except:
PrintException("Exported Activity Tester")
data = {'expacttest': 'done'}
else:
logger.info(
"Exported Activity Tester - No Activity Found!")
data = {'expacttest': 'noact'}
return HttpResponse(json.dumps(data),
content_type='application/json')
else:
return print_n_send_error_response(
request, "Entry does not exist in DB", True)
else:
return print_n_send_error_response(request,
"Only POST allowed", True)
else:
return print_n_send_error_response(request, "Invalid Scan Hash",
True)
except:
PrintException("ERROR] Exported Activity Tester")
return print_n_send_error_response(
request, "Error Running Exported Activity Tests", True)
def activity_tester(request):
"""Activity Tester."""
logger.info('Activity Tester')
try:
md5_hash = request.POST['md5']
package = request.POST['pkg']
if re.match('^[0-9a-f]{32}$', md5_hash):
if re.findall(r';|\$\(|\|\||&&', package):
return print_n_send_error_response(request,
'Possible RCE Attack',
True)
if request.method == 'POST':
app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
screen_dir = os.path.join(app_dir, 'screenshots-apk/')
if not os.path.exists(screen_dir):
os.makedirs(screen_dir)
data = {}
static_android_db = StaticAnalyzerAndroid.objects.filter(
MD5=md5_hash)
if static_android_db.exists():
logger.info('Fetching Activity List from DB')
activities = python_list(static_android_db[0].ACTIVITIES)
if activities:
act_no = 0
logger.info('Starting Activity Tester...')
logger.info('%s Activities Identified',
str(len(activities)))
for line in activities:
try:
act_no += 1
logger.info(
'Launching Activity - %s. %s',
str(act_no),
line)
adb_command(['am',
'start',
'-n',
package + '/' + line], True)
wait(4)
adb_command(
['screencap',
'-p',
'/data/local/screen.png'], True)
# ? get appended from Air :-()
# if activity names are used
outfile = ('{}act-{}.png'.format(
screen_dir,
act_no))
adb_command(['pull',
'/data/local/screen.png',
outfile])
logger.info('Activity Screenshot Taken')
adb_command(
['am', 'force-stop', package], True)
logger.info('Stopping App')
except Exception:
logger.exception('Activity Tester')
data = {'acttest': 'done'}
else:
logger.info('Activity Tester - No Activity Found!')
data = {'acttest': 'noact'}
return HttpResponse(json.dumps(data),
content_type='application/json')
else:
err = 'Entry does not exist in DB'
return print_n_send_error_response(request,
err,
True)
else:
return print_n_send_error_response(request,
'Only POST allowed',
True)
else:
return print_n_send_error_response(request,
'Invalid Scan Hash',
True)
except Exception:
logger.exception('Activity Tester')
return print_n_send_error_response(request,
'Error Running Activity Tester',
True)
def exported_activity_tester(request):
"""Exported Activity Tester"""
logger.info("Exported Activity Tester")
try:
md5_hash = request.POST['md5']
package = request.POST['pkg']
if re.match('^[0-9a-f]{32}$', md5_hash):
if re.findall(r";|\$\(|\|\||&&", package):
return print_n_send_error_response(request, "Possible RCE Attack", True)
if request.method == 'POST':
base_dir = settings.BASE_DIR
app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/')
screen_dir = os.path.join(app_dir, 'screenshots-apk/')
if not os.path.exists(screen_dir):
os.makedirs(screen_dir)
data = {}
adb = getADB()
static_android_db = StaticAnalyzerAndroid.objects.filter(
MD5=md5_hash)
if static_android_db.exists():
logger.info("Fetching Exported Activity List from DB")
exported_act = python_list(
static_android_db[0].EXPORTED_ACT)
if exported_act:
exp_act_no = 0
logger.info("Starting Exported Activity Tester...")
logger.info("" + str(len(exported_act)) +
" Exported Activities Identified")
for line in exported_act:
try:
exp_act_no += 1
logger.info("Launching Exported Activity - " +
str(exp_act_no) + ". " + line)
adb_command(
["am", "start", "-n", package + "/" + line], True)
# AVD is much slower, it should get extra time
if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD":
wait(8)
else:
wait(4)
adb_command(
["screencap", "-p", "/data/local/screen.png"], True)
#? get appended from Air :-() if activity names are used
adb_command(["pull", "/data/local/screen.png",
screen_dir + "expact-" + str(exp_act_no) + ".png"])
logger.info("Activity Screenshot Taken")
adb_command(
["am", "force-stop", package], True)
logger.info("Stopping App")
except:
PrintException(
"Exported Activity Tester")
data = {'expacttest': 'done'}
else:
logger.info(
"Exported Activity Tester - No Activity Found!")
data = {'expacttest': 'noact'}
return HttpResponse(json.dumps(data), content_type='application/json')
else:
return print_n_send_error_response(request, "Entry does not exist in DB", True)
else:
return print_n_send_error_response(request, "Only POST allowed", True)
else:
return print_n_send_error_response(request, "Invalid Scan Hash", True)
except:
PrintException("ERROR] Exported Activity Tester")
return print_n_send_error_response(request, "Error Running Exported Activity Tests", True)
