def scan(): if request.method == 'POST': if 'file' not in request.files: flash('No file part') return HTTPStatus.NO_CONTENT uploaded_files = request.files["file"] if uploaded_files and allowed_file(uploaded_files.filename): uploaded_files.save(uploaded_files.filename) # Renaming to app.apk source = uploaded_files.filename dest = 'app.apk' os.rename(source, dest) set_config_data('bytecode_scan_status', 'incomplete') thread_a = Compute(request.__copy__()) thread_a.start() main() while (True): time.sleep(2) if get_config_data('bytecode_scan_status') == 'complete': cleaner('app.apk') break thesid = get_config_data('scan_id') response = jsonify(status_code=HTTPStatus.OK, scan_id=thesid) # response = getreport(thesid) thesid = int(thesid) + 1 set_config_data('scan_id', str(thesid)) # os.system('rm app.apk') # response =jsonify{"status_code" = HTTPStatus.OK, "scan_id"= thesid} return response, {'Access-Control-Allow-Origin': '*'} return jsonify(status_msg="apk not sent properly")
def scan(): if request.method == 'POST': if 'file' not in request.files: return HTTPStatus.NO_CONTENT uploaded_files = request.files["file"] if uploaded_files and allowed_file(uploaded_files.filename): uploaded_files.save(uploaded_files.filename) # Renaming to app.apk source = uploaded_files.filename dest = 'app.apk' os.rename(source, dest) global hash_of_apk hash_of_apk = get_hash() status_hash_of_apk = query_on_StatusDB(hash_of_apk) # Creates a row if Hash is not found else return the values welcome() if 'incomplete' in status_hash_of_apk.values(): del_row(hash_of_apk) pwd = os.getcwd() path = str(pwd) + '/'+hash_of_apk rmtree(path, ignore_errors = True) extraction('app.apk',hash_of_apk) p1 = multiprocessing.Process(target=parser, args=[hash_of_apk]) p1.start() secret_scanner(hash_of_apk) main(hash_of_apk) p1.join() while(True): time.sleep(2) status = query_on_StatusDB(hash_of_apk) if 'incomplete' not in status.values(): cleaner(hash_of_apk) break else: print(Fore.GREEN + "[INFO] Scanning was already done for this apk, fetching data from db!\n" + Fore.BLUE) response = jsonify(status_code=HTTPStatus.OK, hash_key=hash_of_apk) os.system('rm app.apk') return response ,{'Access-Control-Allow-Origin': '*'} return jsonify(status_msg="apk not sent properly")
def jira(): if request.method == 'POST': url = request.form['url'] path = os.getcwd() with open(path + "/config.yaml", "r") as ymlfile: config = yaml.load(ymlfile, Loader=yaml.FullLoader) token = config['ADHRIT']['adhrit_slack_token'] headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': f'Bearer {token}'} try: r = requests.get(url, headers=headers) with open('app.apk', 'wb') as f: for chunk in r.iter_content(chunk_size=1024): if chunk: f.write(chunk) global hash_of_apk hash_of_apk = get_hash() status_hash_of_apk = query_on_StatusDB(hash_of_apk) welcome() if 'incomplete' in status_hash_of_apk.values(): del_row(hash_of_apk) pwd = os.getcwd() path = str(pwd) + '/'+hash_of_apk rmtree(path, ignore_errors = True) extraction('app.apk',hash_of_apk) p1 = multiprocessing.Process(target=parser, args=[hash_of_apk]) p1.start() secret_scanner(hash_of_apk) main(hash_of_apk) p1.join() while(True): time.sleep(2) status = query_on_StatusDB(hash_of_apk) if 'incomplete' not in status.values(): cleaner(hash_of_apk) break else: print(Fore.GREEN + "[INFO] Scanning was already done for this apk, fetching data from db!\n" + Fore.BLUE) response = jsonify(status_code=HTTPStatus.OK, download_status="complete", hash_key=hash_of_apk) os.system('rm app.apk') except Exception as e: response = jsonify(status_code=HTTPStatus.REQUEST_TIMEOUT, download_status="incomplete") return response
def scan(): if request.method == 'POST': if 'file' not in request.files: flash('No file part') return HTTPStatus.NO_CONTENT uploaded_files = request.files["file"] if uploaded_files and allowed_file(uploaded_files.filename): uploaded_files.save(uploaded_files.filename) # Renaming to app.apk source = uploaded_files.filename dest = 'app.apk' os.rename(source, dest) main() thesid = get_config_data('scan_id') print(thesid) response = getreport(thesid) # print(type(response)) # print(response) update_scanid() return response, 200, {'Access-Control-Allow-Origin': '*'} return jsonify(status_msg="apk not sent properly")
def jarvis(): if request.method == 'POST': request_data = request.json channel_id = request_data['channel'] ts = request_data['ts'] path = os.getcwd() with open(path + "/config.yaml", "r") as ymlfile: config = yaml.load(ymlfile, Loader=yaml.FullLoader) token = config['ADHRIT']['adhrit_slack_token'] header = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': f'Bearer {token}'} url = f"https://slack.com/api/conversations.history?channel={channel_id}" r = requests.get(url, headers=header) conversation_history = r.json() messages = conversation_history["messages"] for each_messages in messages: for key,value in each_messages.items(): if 'ts' in key and ts in value: if 'files' in each_messages.keys(): for file in each_messages['files']: url = file['url_private_download'] elif 'attachments' in each_messages.keys(): for attachment in each_messages['attachments']: for file in attachment['files']: url = file['url_private_download'] if 'https://slack.com/api/conversations.history?channel=' in url: print(f"{ts}") print("wrong ts passed") return "wrong ts passed" try: token = config['ADHRIT']['adhrit_slack_token'] headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': f'Bearer {token}'} r = requests.get(url, headers=headers) with open('app.apk', 'wb') as f: for chunk in r.iter_content(chunk_size=1024): if chunk: f.write(chunk) global hash_of_apk hash_of_apk = get_hash() status_hash_of_apk = query_on_StatusDB(hash_of_apk) try: welcome() if 'incomplete' in status_hash_of_apk.values(): del_row(hash_of_apk) pwd = os.getcwd() path = str(pwd) + '/'+hash_of_apk rmtree(path, ignore_errors = True) extraction('app.apk',hash_of_apk) p1 = multiprocessing.Process(target=parser, args=[hash_of_apk]) p1.start() secret_scanner(hash_of_apk) main(hash_of_apk) p1.join() while(True): time.sleep(2) status = query_on_StatusDB(hash_of_apk) if 'incomplete' not in status.values(): cleaner(hash_of_apk) break except Exception as e: msg = "An Exception has been Caught on Jarvis-Adhrit Integration: \n```" + str(traceback.format_exc()) + "```" print(msg) return "Scanning incomplete" print("Fetching results") jarvis_token = config['ADHRIT']['jarvis_slack_tocken'] headers = {'Authorization': f'Bearer {jarvis_token}', 'Content-Type': 'application/json'} #Fetching results # msg ="Adhrit - Android Security Suite Report" + "\n\n" message = "\n*Manifest Analysis*" "\n\n" report_manifest = getreport(hash_of_apk, 'manifest') for key, val in report_manifest.items(): if not "Implicit Intents" in key: if len(message) < 3000: message += f"`{key}`\n\n" if "Application Information" in key: message += "```" for i in val: message += f"{i}\n" message +="```\n\n" else: message += "```" for i in val[1:]: message += f"{i}\n" message += "```\n\n" pass else: tmp_msg = f"`{key}`\n\n" tmp_msg += "```" for i in val[1:]: tmp_msg += f"{i}\n" tmp_msg += "```\n\n" data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) message = tmp_msg data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) message = '' message += "\n\n*Hardcoded Secrets*\n\n" report_secrets = getreport(hash_of_apk, 'secrets') for key,val in report_secrets.items(): if len(message) < 3700: message += f"`{key}`\n" message += "```" for i in val[1:]: if len(message) >3700: message += "```" data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) message = "```" message += f"{i}\n" message += "```\n\n" else: tmp_msg = f"`{key}`\n\n" tmp_msg += "```" for i in val[1:]: tmp_msg += f"{i}\n" tmp_msg += "```\n\n" data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) message = tmp_msg data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) message = '' message += "\n\n*Vulnerable Patterns identified*\n\n" report_vulns = getreport(hash_of_apk, 'vulns') for key,val in report_vulns.items(): if len(message) < 3500: message += f"`{key}`\n" message += "```" for i in val[1:]: message += f"{i}\n" message += "```\n\n" else: tmp_msg = f"`{key}`\n\n" tmp_msg += "```" for i in val[1:]: tmp_msg += f"{i}\n" tmp_msg += "```\n\n" data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) message = tmp_msg message += "\n\n*Recon*\n\n" report_recon = getreport(hash_of_apk, 'bytecode') for key,val in report_recon.items(): if len(message) < 3000: message += f"`{key}`\n" message += "```" for i in val[1:]: if len(message) >3700: message += "```" data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) message = "```" message += f"{i}\n" message += "```\n\n" else: tmp_msg = f"`{key}`\n\n" tmp_msg += "```" for i in val[1:]: tmp_msg += f"{i}\n" tmp_msg += "```\n\n" data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) message = tmp_msg data = {"text": message, "channel": channel_id, "thread_ts": ts} req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data)) return str(HTTPStatus.OK) except: pass return "fail"