def scan():
if request.method == 'POST':
if 'file' not in request.files:
flash('No file part')
return HTTPStatus.NO_CONTENT
uploaded_files = request.files["file"]
if uploaded_files and allowed_file(uploaded_files.filename):
uploaded_files.save(uploaded_files.filename)
# Renaming to app.apk
source = uploaded_files.filename
dest = 'app.apk'
os.rename(source, dest)
set_config_data('bytecode_scan_status', 'incomplete')
thread_a = Compute(request.__copy__())
thread_a.start()
main()
while (True):
time.sleep(2)
if get_config_data('bytecode_scan_status') == 'complete':
cleaner('app.apk')
break
thesid = get_config_data('scan_id')
response = jsonify(status_code=HTTPStatus.OK, scan_id=thesid)
# response = getreport(thesid)
thesid = int(thesid) + 1
set_config_data('scan_id', str(thesid))
# os.system('rm app.apk')
# response =jsonify{"status_code" = HTTPStatus.OK, "scan_id"= thesid}
return response, {'Access-Control-Allow-Origin': '*'}
return jsonify(status_msg="apk not sent properly")
def scan():
if request.method == 'POST':
if 'file' not in request.files:
return HTTPStatus.NO_CONTENT
uploaded_files = request.files["file"]
if uploaded_files and allowed_file(uploaded_files.filename):
uploaded_files.save(uploaded_files.filename)
# Renaming to app.apk
source = uploaded_files.filename
dest = 'app.apk'
os.rename(source, dest)
global hash_of_apk
hash_of_apk = get_hash()
status_hash_of_apk = query_on_StatusDB(hash_of_apk) # Creates a row if Hash is not found else return the values
welcome()
if 'incomplete' in status_hash_of_apk.values():
del_row(hash_of_apk)
pwd = os.getcwd()
path = str(pwd) + '/'+hash_of_apk
rmtree(path, ignore_errors = True)
extraction('app.apk',hash_of_apk)
p1 = multiprocessing.Process(target=parser, args=[hash_of_apk])
p1.start()
secret_scanner(hash_of_apk)
main(hash_of_apk)
p1.join()
while(True):
time.sleep(2)
status = query_on_StatusDB(hash_of_apk)
if 'incomplete' not in status.values():
cleaner(hash_of_apk)
break
else:
print(Fore.GREEN + "[INFO] Scanning was already done for this apk, fetching data from db!\n" + Fore.BLUE)
response = jsonify(status_code=HTTPStatus.OK, hash_key=hash_of_apk)
os.system('rm app.apk')
return response ,{'Access-Control-Allow-Origin': '*'}
return jsonify(status_msg="apk not sent properly")
def jira():
if request.method == 'POST':
url = request.form['url']
path = os.getcwd()
with open(path + "/config.yaml", "r") as ymlfile:
config = yaml.load(ymlfile, Loader=yaml.FullLoader)
token = config['ADHRIT']['adhrit_slack_token']
headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': f'Bearer {token}'}
try:
r = requests.get(url, headers=headers)
with open('app.apk', 'wb') as f:
for chunk in r.iter_content(chunk_size=1024):
if chunk: f.write(chunk)
global hash_of_apk
hash_of_apk = get_hash()
status_hash_of_apk = query_on_StatusDB(hash_of_apk)
welcome()
if 'incomplete' in status_hash_of_apk.values():
del_row(hash_of_apk)
pwd = os.getcwd()
path = str(pwd) + '/'+hash_of_apk
rmtree(path, ignore_errors = True)
extraction('app.apk',hash_of_apk)
p1 = multiprocessing.Process(target=parser, args=[hash_of_apk])
p1.start()
secret_scanner(hash_of_apk)
main(hash_of_apk)
p1.join()
while(True):
time.sleep(2)
status = query_on_StatusDB(hash_of_apk)
if 'incomplete' not in status.values():
cleaner(hash_of_apk)
break
else:
print(Fore.GREEN + "[INFO] Scanning was already done for this apk, fetching data from db!\n" + Fore.BLUE)
response = jsonify(status_code=HTTPStatus.OK, download_status="complete", hash_key=hash_of_apk)
os.system('rm app.apk')
except Exception as e:
response = jsonify(status_code=HTTPStatus.REQUEST_TIMEOUT, download_status="incomplete")
return response
def scan():
if request.method == 'POST':
if 'file' not in request.files:
flash('No file part')
return HTTPStatus.NO_CONTENT
uploaded_files = request.files["file"]
if uploaded_files and allowed_file(uploaded_files.filename):
uploaded_files.save(uploaded_files.filename)
# Renaming to app.apk
source = uploaded_files.filename
dest = 'app.apk'
os.rename(source, dest)
main()
thesid = get_config_data('scan_id')
print(thesid)
response = getreport(thesid)
# print(type(response))
# print(response)
update_scanid()
return response, 200, {'Access-Control-Allow-Origin': '*'}
return jsonify(status_msg="apk not sent properly")
def jarvis():
if request.method == 'POST':
request_data = request.json
channel_id = request_data['channel']
ts = request_data['ts']
path = os.getcwd()
with open(path + "/config.yaml", "r") as ymlfile:
config = yaml.load(ymlfile, Loader=yaml.FullLoader)
token = config['ADHRIT']['adhrit_slack_token']
header = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': f'Bearer {token}'}
url = f"https://slack.com/api/conversations.history?channel={channel_id}"
r = requests.get(url, headers=header)
conversation_history = r.json()
messages = conversation_history["messages"]
for each_messages in messages:
for key,value in each_messages.items():
if 'ts' in key and ts in value:
if 'files' in each_messages.keys():
for file in each_messages['files']:
url = file['url_private_download']
elif 'attachments' in each_messages.keys():
for attachment in each_messages['attachments']:
for file in attachment['files']:
url = file['url_private_download']
if 'https://slack.com/api/conversations.history?channel=' in url:
print(f"{ts}")
print("wrong ts passed")
return "wrong ts passed"
try:
token = config['ADHRIT']['adhrit_slack_token']
headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': f'Bearer {token}'}
r = requests.get(url, headers=headers)
with open('app.apk', 'wb') as f:
for chunk in r.iter_content(chunk_size=1024):
if chunk: f.write(chunk)
global hash_of_apk
hash_of_apk = get_hash()
status_hash_of_apk = query_on_StatusDB(hash_of_apk)
try:
welcome()
if 'incomplete' in status_hash_of_apk.values():
del_row(hash_of_apk)
pwd = os.getcwd()
path = str(pwd) + '/'+hash_of_apk
rmtree(path, ignore_errors = True)
extraction('app.apk',hash_of_apk)
p1 = multiprocessing.Process(target=parser, args=[hash_of_apk])
p1.start()
secret_scanner(hash_of_apk)
main(hash_of_apk)
p1.join()
while(True):
time.sleep(2)
status = query_on_StatusDB(hash_of_apk)
if 'incomplete' not in status.values():
cleaner(hash_of_apk)
break
except Exception as e:
msg = "An Exception has been Caught on Jarvis-Adhrit Integration: \n```" + str(traceback.format_exc()) + "```"
print(msg)
return "Scanning incomplete"
print("Fetching results")
jarvis_token = config['ADHRIT']['jarvis_slack_tocken']
headers = {'Authorization': f'Bearer {jarvis_token}', 'Content-Type': 'application/json'}
#Fetching results
# msg ="Adhrit - Android Security Suite Report" + "\n\n"
message = "\n*Manifest Analysis*" "\n\n"
report_manifest = getreport(hash_of_apk, 'manifest')
for key, val in report_manifest.items():
if not "Implicit Intents" in key:
if len(message) < 3000:
message += f"`{key}`\n\n"
if "Application Information" in key:
message += "```"
for i in val:
message += f"{i}\n"
message +="```\n\n"
else:
message += "```"
for i in val[1:]:
message += f"{i}\n"
message += "```\n\n"
pass
else:
tmp_msg = f"`{key}`\n\n"
tmp_msg += "```"
for i in val[1:]:
tmp_msg += f"{i}\n"
tmp_msg += "```\n\n"
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
message = tmp_msg
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
message = ''
message += "\n\n*Hardcoded Secrets*\n\n"
report_secrets = getreport(hash_of_apk, 'secrets')
for key,val in report_secrets.items():
if len(message) < 3700:
message += f"`{key}`\n"
message += "```"
for i in val[1:]:
if len(message) >3700:
message += "```"
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
message = "```"
message += f"{i}\n"
message += "```\n\n"
else:
tmp_msg = f"`{key}`\n\n"
tmp_msg += "```"
for i in val[1:]:
tmp_msg += f"{i}\n"
tmp_msg += "```\n\n"
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
message = tmp_msg
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
message = ''
message += "\n\n*Vulnerable Patterns identified*\n\n"
report_vulns = getreport(hash_of_apk, 'vulns')
for key,val in report_vulns.items():
if len(message) < 3500:
message += f"`{key}`\n"
message += "```"
for i in val[1:]:
message += f"{i}\n"
message += "```\n\n"
else:
tmp_msg = f"`{key}`\n\n"
tmp_msg += "```"
for i in val[1:]:
tmp_msg += f"{i}\n"
tmp_msg += "```\n\n"
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
message = tmp_msg
message += "\n\n*Recon*\n\n"
report_recon = getreport(hash_of_apk, 'bytecode')
for key,val in report_recon.items():
if len(message) < 3000:
message += f"`{key}`\n"
message += "```"
for i in val[1:]:
if len(message) >3700:
message += "```"
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
message = "```"
message += f"{i}\n"
message += "```\n\n"
else:
tmp_msg = f"`{key}`\n\n"
tmp_msg += "```"
for i in val[1:]:
tmp_msg += f"{i}\n"
tmp_msg += "```\n\n"
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
message = tmp_msg
data = {"text": message, "channel": channel_id, "thread_ts": ts}
req = requests.post("https://slack.com/api/chat.postMessage", headers=headers, data=json.dumps(data))
return str(HTTPStatus.OK)
except:
pass
return "fail"