def activity_tester(request): """Activity Tester""" print("\n[INFO] Activity Tester") try: md5_hash = request.POST['md5'] package = request.POST['pkg'] if re.match('^[0-9a-f]{32}$', md5_hash): if re.findall(r";|\$\(|\|\||&&", package): print("[ATTACK] Possible RCE") return HttpResponseRedirect('/error/') if request.method == 'POST': base_dir = settings.BASE_DIR app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') screen_dir = os.path.join(app_dir, 'screenshots-apk/') if not os.path.exists(screen_dir): os.makedirs(screen_dir) data = {} adb = getADB() static_android_db = StaticAnalyzerAndroid.objects.filter( MD5=md5_hash) if static_android_db.exists(): print("\n[INFO] Fetching Activity List from DB") activities = python_list(static_android_db[0].ACTIVITIES) if activities: act_no = 0 print("\n[INFO] Starting Activity Tester...") print("\n[INFO] " + str(len(activities)) + " Activities Identified") for line in activities: try: act_no += 1 print("\n[INFO] Launching Activity - " + str(act_no) + ". " + line) adb_command([ "am", "start", "-n", package + "/" + line ], True) # AVD is much slower, it should get extra time if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD": wait(8) else: wait(4) adb_command([ "screencap", "-p", "/data/local/screen.png" ], True) #? get appended from Air :-() if activity names are used adb_command([ "pull", "/data/local/screen.png", screen_dir + "act-" + str(act_no) + ".png" ]) print("\n[INFO] Activity Screenshot Taken") adb_command(["am", "force-stop", package], True) print("\n[INFO] Stopping App") except: PrintException("Activity Tester") data = {'acttest': 'done'} else: print("\n[INFO] Activity Tester - No Activity Found!") data = {'acttest': 'noact'} return HttpResponse(json.dumps(data), content_type='application/json') else: print("\n[ERROR] Entry does not exist in DB.") return HttpResponseRedirect('/error/') else: return HttpResponseRedirect('/error/') else: return HttpResponseRedirect('/error/') except: PrintException("[ERROR] Activity Tester") return HttpResponseRedirect('/error/')
def activity_tester(request): """Activity Tester""" print("\n[INFO] Activity Tester") try: md5_hash = request.POST['md5'] package = request.POST['pkg'] if re.match('^[0-9a-f]{32}$', md5_hash): if re.findall(r";|\$\(|\|\||&&", package): print("[ATTACK] Possible RCE") return HttpResponseRedirect('/error/') if request.method == 'POST': base_dir = settings.BASE_DIR app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') screen_dir = os.path.join(app_dir, 'screenshots-apk/') if not os.path.exists(screen_dir): os.makedirs(screen_dir) data = {} adb = getADB() static_android_db = StaticAnalyzerAndroid.objects.filter( MD5=md5_hash) if static_android_db.exists(): print("\n[INFO] Fetching Activity List from DB") activities = python_list(static_android_db[0].ACTIVITIES) if activities: act_no = 0 print("\n[INFO] Starting Activity Tester...") print("\n[INFO] " + str(len(activities)) + " Activities Identified") for line in activities: try: act_no += 1 print("\n[INFO] Launching Activity - " + str(act_no) + ". " + line) adb_command( ["am", "start", "-n", package + "/" + line], True) # AVD is much slower, it should get extra time if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD": wait(8) else: wait(4) adb_command( ["screencap", "-p", "/data/local/screen.png"], True) #? get appended from Air :-() if activity names are used adb_command(["pull", "/data/local/screen.png", screen_dir + "act-" + str(act_no) + ".png"]) print("\n[INFO] Activity Screenshot Taken") adb_command( ["am", "force-stop", package], True) print("\n[INFO] Stopping App") except: PrintException("Activity Tester") data = {'acttest': 'done'} else: print("\n[INFO] Activity Tester - No Activity Found!") data = {'acttest': 'noact'} return HttpResponse(json.dumps(data), content_type='application/json') else: print("\n[ERROR] Entry does not exist in DB.") return HttpResponseRedirect('/error/') else: return HttpResponseRedirect('/error/') else: return HttpResponseRedirect('/error/') except: PrintException("[ERROR] Activity Tester") return HttpResponseRedirect('/error/')
def exported_activity_tester(request): """Exported Activity Tester""" logger.info("Exported Activity Tester") try: md5_hash = request.POST['md5'] package = request.POST['pkg'] if re.match('^[0-9a-f]{32}$', md5_hash): if re.findall(r";|\$\(|\|\||&&", package): return print_n_send_error_response(request, "Possible RCE Attack", True) if request.method == 'POST': base_dir = settings.BASE_DIR app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') screen_dir = os.path.join(app_dir, 'screenshots-apk/') if not os.path.exists(screen_dir): os.makedirs(screen_dir) data = {} adb = getADB() static_android_db = StaticAnalyzerAndroid.objects.filter( MD5=md5_hash) if static_android_db.exists(): logger.info("Fetching Exported Activity List from DB") exported_act = python_list( static_android_db[0].EXPORTED_ACT) if exported_act: exp_act_no = 0 logger.info("Starting Exported Activity Tester...") logger.info("" + str(len(exported_act)) + " Exported Activities Identified") for line in exported_act: try: exp_act_no += 1 logger.info("Launching Exported Activity - " + str(exp_act_no) + ". " + line) adb_command([ "am", "start", "-n", package + "/" + line ], True) # AVD is much slower, it should get extra time if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD": wait(8) else: wait(4) adb_command([ "screencap", "-p", "/data/local/screen.png" ], True) #? get appended from Air :-() if activity names are used adb_command([ "pull", "/data/local/screen.png", screen_dir + "expact-" + str(exp_act_no) + ".png" ]) logger.info("Activity Screenshot Taken") adb_command(["am", "force-stop", package], True) logger.info("Stopping App") except: PrintException("Exported Activity Tester") data = {'expacttest': 'done'} else: logger.info( "Exported Activity Tester - No Activity Found!") data = {'expacttest': 'noact'} return HttpResponse(json.dumps(data), content_type='application/json') else: return print_n_send_error_response( request, "Entry does not exist in DB", True) else: return print_n_send_error_response(request, "Only POST allowed", True) else: return print_n_send_error_response(request, "Invalid Scan Hash", True) except: PrintException("ERROR] Exported Activity Tester") return print_n_send_error_response( request, "Error Running Exported Activity Tests", True)
def activity_tester(request): """Activity Tester.""" logger.info('Activity Tester') try: md5_hash = request.POST['md5'] package = request.POST['pkg'] if re.match('^[0-9a-f]{32}$', md5_hash): if re.findall(r';|\$\(|\|\||&&', package): return print_n_send_error_response(request, 'Possible RCE Attack', True) if request.method == 'POST': app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') screen_dir = os.path.join(app_dir, 'screenshots-apk/') if not os.path.exists(screen_dir): os.makedirs(screen_dir) data = {} static_android_db = StaticAnalyzerAndroid.objects.filter( MD5=md5_hash) if static_android_db.exists(): logger.info('Fetching Activity List from DB') activities = python_list(static_android_db[0].ACTIVITIES) if activities: act_no = 0 logger.info('Starting Activity Tester...') logger.info('%s Activities Identified', str(len(activities))) for line in activities: try: act_no += 1 logger.info( 'Launching Activity - %s. %s', str(act_no), line) adb_command(['am', 'start', '-n', package + '/' + line], True) wait(4) adb_command( ['screencap', '-p', '/data/local/screen.png'], True) # ? get appended from Air :-() # if activity names are used outfile = ('{}act-{}.png'.format( screen_dir, act_no)) adb_command(['pull', '/data/local/screen.png', outfile]) logger.info('Activity Screenshot Taken') adb_command( ['am', 'force-stop', package], True) logger.info('Stopping App') except Exception: logger.exception('Activity Tester') data = {'acttest': 'done'} else: logger.info('Activity Tester - No Activity Found!') data = {'acttest': 'noact'} return HttpResponse(json.dumps(data), content_type='application/json') else: err = 'Entry does not exist in DB' return print_n_send_error_response(request, err, True) else: return print_n_send_error_response(request, 'Only POST allowed', True) else: return print_n_send_error_response(request, 'Invalid Scan Hash', True) except Exception: logger.exception('Activity Tester') return print_n_send_error_response(request, 'Error Running Activity Tester', True)
def exported_activity_tester(request): """Exported Activity Tester""" logger.info("Exported Activity Tester") try: md5_hash = request.POST['md5'] package = request.POST['pkg'] if re.match('^[0-9a-f]{32}$', md5_hash): if re.findall(r";|\$\(|\|\||&&", package): return print_n_send_error_response(request, "Possible RCE Attack", True) if request.method == 'POST': base_dir = settings.BASE_DIR app_dir = os.path.join(settings.UPLD_DIR, md5_hash + '/') screen_dir = os.path.join(app_dir, 'screenshots-apk/') if not os.path.exists(screen_dir): os.makedirs(screen_dir) data = {} adb = getADB() static_android_db = StaticAnalyzerAndroid.objects.filter( MD5=md5_hash) if static_android_db.exists(): logger.info("Fetching Exported Activity List from DB") exported_act = python_list( static_android_db[0].EXPORTED_ACT) if exported_act: exp_act_no = 0 logger.info("Starting Exported Activity Tester...") logger.info("" + str(len(exported_act)) + " Exported Activities Identified") for line in exported_act: try: exp_act_no += 1 logger.info("Launching Exported Activity - " + str(exp_act_no) + ". " + line) adb_command( ["am", "start", "-n", package + "/" + line], True) # AVD is much slower, it should get extra time if settings.ANDROID_DYNAMIC_ANALYZER == "MobSF_AVD": wait(8) else: wait(4) adb_command( ["screencap", "-p", "/data/local/screen.png"], True) #? get appended from Air :-() if activity names are used adb_command(["pull", "/data/local/screen.png", screen_dir + "expact-" + str(exp_act_no) + ".png"]) logger.info("Activity Screenshot Taken") adb_command( ["am", "force-stop", package], True) logger.info("Stopping App") except: PrintException( "Exported Activity Tester") data = {'expacttest': 'done'} else: logger.info( "Exported Activity Tester - No Activity Found!") data = {'expacttest': 'noact'} return HttpResponse(json.dumps(data), content_type='application/json') else: return print_n_send_error_response(request, "Entry does not exist in DB", True) else: return print_n_send_error_response(request, "Only POST allowed", True) else: return print_n_send_error_response(request, "Invalid Scan Hash", True) except: PrintException("ERROR] Exported Activity Tester") return print_n_send_error_response(request, "Error Running Exported Activity Tests", True)