コード例 #1
0
def main():
	#TODO - I need to figure out a way to silence this. It is outputting where I don't want it too
	common.logger.info("Checking for exported PreferenceActivity classes")
	act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list, report_data=common.check_export('activity',False)
	#Do I need to add a minSdkVersion check here?

	if ((len(act_exp_list)>0) or (len(act_exp_perm_list>1)) or (len(act_prot_broad_list>0))):
		find_preference_activity()
		if len(act_exp_list)>0:
			if look_for_file(act_exp_list):
				common.logger.error("This application is vulnerable to a potentially serious type of reflection issue, detailed here: http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection. Unfortunately, we are still working on an automated exploit for this.")
		if len(act_exp_perm_list)>1:
			if look_for_file(act_exp_perm_list):
				common.logger.error("This application is vulnerable to a potentially serious type of reflection issue, detailed here: http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection. Unfortunately, we are still working on an automated exploit for this.")
		if len(act_prot_broad_list)>0:
			if look_for_file(act_prot_broad_list):
				common.logger.error("This application is vulnerable to a potentially serious type of reflection issue, detailed here: http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection. Unfortunately, we are still working on an automated exploit for this.")
	return
コード例 #2
0
ファイル: qark.py プロジェクト: AliMehrpour/qark
		common.logger.info("You only had 2 options and you still messed up. Let me choose option 2 for you")
#Only application and manifest elements are required: http://developer.android.com/guide/topics/manifest/manifest-intro.html
try:
	determine_min_sdk()

	common.print_terminal_header("APP COMPONENT ATTACK SURFACE")

	app = common.xmldoc.getElementsByTagName("application")
	common.compare(app.length,1,common.config.get('qarkhelper', 'APP_ELEM_ISSUE'), 'true')

	GeneralIssues.verify_allow_backup(app)
	GeneralIssues.verify_custom_permissions()
	GeneralIssues.verify_debuggable(app)

	common.logger.info("Checking provider")
	prov_priv_list, prov_exp_list, prov_exp_perm_list, prov_prot_broad_list, report_data, results =common.check_export('provider',True)
	report_badger("appcomponents", results)
	common.print_terminal(report_data)

	common.logger.info("Checking activity")
	act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list=[],[],[],[]
	act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list, report_data, results=common.check_export('activity',True)

	#Normalizing activity names for use in exploit APK, so all will be absolute
	act_priv_list=common.normalizeActivityNames(act_priv_list,package_name)
	act_exp_list=common.normalizeActivityNames(act_exp_list,package_name)
	act_exp_perm_list=common.normalizeActivityNames(act_exp_perm_list,package_name)
	act_prot_broad_list=common.normalizeActivityNames(act_prot_broad_list,package_name)

	report_badger("appcomponents", results)
	common.print_terminal(report_data)
コード例 #3
0
ファイル: qark.py プロジェクト: zhouat/qark
        common.logger.info("You only had 2 options and you still messed up. Let me choose option 2 for you")
    #Only application and manifest elements are required: http://developer.android.com/guide/topics/manifest/manifest-intro.html
    try:
        determine_min_sdk()

        common.print_terminal_header("APP COMPONENT ATTACK SURFACE")

        app = common.xmldoc.getElementsByTagName("application")
        common.compare(app.length,1,common.config.get('qarkhelper', 'APP_ELEM_ISSUE'), 'true')

        GeneralIssues.verify_allow_backup(app)
        GeneralIssues.verify_custom_permissions()
        GeneralIssues.verify_debuggable(app)

        common.logger.info("Checking provider")
        prov_priv_list, prov_exp_list, prov_exp_perm_list, prov_prot_broad_list, report_data, results =common.check_export('provider',True)
        report_badger("appcomponents", results)
        common.print_terminal(report_data)

        common.logger.info("Checking activity")
        act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list=[],[],[],[]
        act_priv_list, act_exp_list, act_exp_perm_list, act_prot_broad_list, report_data, results=common.check_export('activity',True)

        #Normalizing activity names for use in exploit APK, so all will be absolute
        act_priv_list=common.normalizeActivityNames(act_priv_list,package_name)
        act_exp_list=common.normalizeActivityNames(act_exp_list,package_name)
        act_exp_perm_list=common.normalizeActivityNames(act_exp_perm_list,package_name)
        act_prot_broad_list=common.normalizeActivityNames(act_prot_broad_list,package_name)

        report_badger("appcomponents", results)
        common.print_terminal(report_data)