def run(self): result = { "title": "Application Communicates Over Unencrypted Channels", "details": "", "severity": "Medium", "report": False } ignore = [url.strip() for url in self.ignore.split(";")] Log.info("Getting application's strings") strs = strings(self.binary) Log.info("Analysing strings") report_matches = [] matches = re.finditer(self._regex, strs) for item in matches: match = item.group() if any(iurl in match for iurl in ignore) or match == "http://": continue report_matches += [match] if report_matches: result.update({ "report": True, "details": "The following strings were found:\n* {}".format("\n* ".join( sorted(set(report_matches)))) }) return {"{}_result".format(self.name()): result}
def run(self): result = { "title": "Application Does Not Implement SSL Pinning", "details": "", "severity": "Medium", "report": False } Log.info("Getting application's strings") strs = strings(self.binary) Log.info("Analysing strings and class dump") matches = re.findall(self._regex, strs) evidence = pretty_grep(self._regex, self.class_dump) if matches: result.update({ "report": True, "details": "The following strings were found:\n* {}".format("\n* ".join( sorted(set(matches)))) }) if evidence: result.update({ "report": True, "details": "{}\nThe following was found in the class dump:\n\ {}".format(result["details"], pretty_grep_to_str(evidence, self.class_dump)) }) return {"{}_result".format(self.name()): result}
def run(self): result = { "title": "Application Uses Weak Crypto Functions", "details": "", "severity": "High", "report": True } Log.info("Getting application's strings") strs = strings(self.binary) symb_module = SymbolsModule() symb_module.binary = self.binary symbols_result, symbols = symb_module.run(), None for key in symbols_result: if key.endswith("_symbols"): symbols = symbols_result[key] if not symbols: return {"print": "Couldn't get symbols from binary."} Log.info("Analysing Symbols") matches = re.findall(self._regex, symbols) if matches: result.update({ "report": True, "details": "The following evidences were found:\n* {}".format("\n* ".join( sorted(set(matches)))) }) Log.info("Analysing strings") matches = re.findall(self._regex, strs) if matches: result.update({ "report": True, "details": "{}\n* {}".format(result["details"], "\n* ".join(sorted(set(matches)))) }) return {"{}_result".format(self.name()): result}
def run(self): result = { "title": "Application Does Not Detect Debuggers", "details": "", "severity": "Medium", "report": False } Log.info("Getting binary strings") strs = strings(self.binary) Log.info("Analysing Strings") if not re.search(self._regex, strs): result.update({ "report": True, "details": "No evidence of the application trying to detect \ debuggers being attached." }) return {"{}_result".format(self.name()): result}
def run(self): result = { "title": "Application Communicates Over Insecure Channels", "details": "", "severity": "Medium", "report": False } Log.info("Getting application's strings") strs = strings(self.binary) Log.info("Analysing strings and class dump") if not re.search(self._regex, strs) and \ not pretty_grep(self._regex, self.class_dump): result.update({ "report": True, "details": "No evidence of secure channels being used." }) return { "{}_result".format(self.name()): result }
def run(self): result = { "title": "Application Does Not Detect Debuggers", "details": "", "severity": "Medium", "report": False } Log.info("Getting binary strings") strs = strings(self.binary) Log.info("Analysing Strings") if not re.search(self._regex, strs): result.update({ "report": True, "details": "No evidence of the application trying to detect \ debuggers being attached." }) Log.info("Starting the application and identifying the process ID") openned, attempts = self.device.start(self.identifier), 0 while "device locked" in openned[1] and attempts < 3: Log.error("Device is locked - cannot open the application") Log.info("Please unlock the device - waiting 10 seconds") sleep(10) openned, attempts = self.device.start(self.identifier), attempts + 1 pid = self.device.pid(self.identifier) if pid: Log.info("Starting GDB on the remote device") gdb = GDB(self.device) Log.info("Attaching GDB to the application") gdb_result, attempt = gdb.execute("attach {}".format(pid)), 0 # try to get stdout, might take time to flush while not gdb_result and attempt < 3: sleep(5) gdb_result, attempt = gdb.read(), attempt + 1 if gdb_result and "unable to attach" in gdb_result.lower(): result.update({ "title": "Application Detected Debugger Attached", "report": True, "details": "Scrounger was unable to attach a debugger to \ the application." }) elif gdb_result: result.update({ "report": True, "details": "{}\n\nScrounger was able to attach a debugger \ to the application:\n\n{}".format(result["details"], gdb_result) } ) gdb.exit() else: Log.error("The application is not running") return { "{}_result".format(self.name()): result }
def run(self): result = { "title": "Application Does Not Implement SSL Pinning", "details": "", "severity": "Medium", "report": False } Log.info("Getting application's strings") strs = strings(self.binary) Log.info("Analysing strings and class dump") matches = re.findall(self._regex, strs) evidence = pretty_grep(self._regex, self.class_dump) if matches: result.update({ "report": True, "details": "The following strings were found:\n* {}".format("\n* ".join( sorted(set(matches)))) }) if evidence: result.update({ "report": True, "details": "{}\nThe following was found in the class dump:\n\ {}".format(result["details"], pretty_grep_to_str(evidence, self.class_dump)) }) if self.device and self.identifier and \ self.proxy_host != None and self.proxy_port != None: Log.info("Testing SSL Pinning using a proxy") Log.info( "Make sure your device trusts the CA in: {}/ca.crt".format( _CERT_PATH)) Log.info("Waiting for {} seconds to allow time to setup the \ proxy on the remote device".format(self.wait_time)) sleep(int(self.wait_time)) Log.info("Killing the application") self.device.stop(self.identifier) Log.info("Starting the SSL proxy") proxy_server = create_server(self.proxy_host, self.proxy_port, _CERT_PATH) Log.info("Starting the Application") self.device.start(self.identifier) Log.info("Waiting for the Application to start and make requests") sleep(10) pinned = list( set(proxy_server.server.connected) - set(proxy_server.server.requested)) if not proxy_server.server.connected: Log.error("No connections made by the application") if pinned: result.update({ "report": True, "details": "{}\n\nThe application started a connection but \ made no requests to the following domains:\n* {}".format( result["details"], "\n* ".join(pinned)) }) proxy_server.stop() return {"{}_result".format(self.name()): result}