def apkid_analysis(sha256): es.update(index=settings.ELASTICSEARCH_TASKS_INDEX, id=sha256, body={'doc': { 'apkid_analysis': 1 }}, retry_on_conflict=5) options = Options( timeout=30, verbose=False, entry_max_scan_size=settings.DATA_UPLOAD_MAX_MEMORY_SIZE, recursive=True, ) output = OutputFormatter( json_output=True, output_dir=None, rules_manager=RulesManager(), include_types=False, ) rules = options.rules_manager.load() scanner = Scanner(rules, options) with NamedTemporaryFile() as f: f.write(default_storage.open(sha256).read()) f.seek(0) res = scanner.scan_file(f.name) try: findings = output.build_json_output(res)['files'] es.update(index=settings.ELASTICSEARCH_APK_INDEX, id=sha256, body={'doc': { 'apkid': findings }}, retry_on_conflict=5) es.update(index=settings.ELASTICSEARCH_TASKS_INDEX, id=sha256, body={'doc': { 'apkid_analysis': 2 }}, retry_on_conflict=5) except AttributeError: findings = {} es.update(index=settings.ELASTICSEARCH_APK_INDEX, id=sha256, body={'doc': { 'apkid': findings }}, retry_on_conflict=5) es.update(index=settings.ELASTICSEARCH_TASKS_INDEX, id=sha256, body={'doc': { 'apkid_analysis': -1 }}, retry_on_conflict=5) del findings, rules, scanner, output, options, res gc.collect() return {'status': 'success', 'info': ''}
def apkid_analysis(app_dir, apk_file, apk_name): """APKiD Analysis of DEX files""" if not settings.APKID_ENABLED: return {} if not os.path.exists(apk_file): logger.error("APKiD - APK not found") return {} from apkid import __version__ as apkid_ver from apkid.apkid import Scanner, Options from apkid.output import OutputFormatter from apkid.rules import RulesManager logger.info("Running APKiD %s", apkid_ver) options = Options(timeout=30, verbose=False, entry_max_scan_size=100 * 1024 * 1024, recursive=True) output = OutputFormatter(json_output=True, output_dir=None, rules_manager=RulesManager()) rules = options.rules_manager.load() scanner = Scanner(rules, options) res = scanner.scan_file(apk_file) findings = output._build_json_output(res)['files'] sanitized = {} for item in findings: filename = item['filename'] sanitized[filename] = item['matches'] return sanitized
def apkid_analysis(app_dir, apk_file, apk_name): """APKID Analysis of DEX files.""" if not settings.APKID_ENABLED: return {} try: import apkid except ImportError: logger.error('APKiD - Could not import APKiD') return {} if not os.path.exists(apk_file): logger.error('APKiD - APK not found') return {} apkid_ver = apkid.__version__ from apkid.apkid import Scanner, Options from apkid.output import OutputFormatter from apkid.rules import RulesManager logger.info('Running APKiD %s', apkid_ver) options = Options( timeout=30, verbose=False, entry_max_scan_size=settings.DATA_UPLOAD_MAX_MEMORY_SIZE, recursive=True, ) output = OutputFormatter( json_output=True, output_dir=None, rules_manager=RulesManager(), include_types=False, ) rules = options.rules_manager.load() scanner = Scanner(rules, options) res = scanner.scan_file(apk_file) try: findings = output._build_json_output(res)['files'] except AttributeError: # apkid >= 2.0.3 try: findings = output.build_json_output(res)['files'] except AttributeError: logger.error('yara-python dependency required by ' 'APKiD is not installed properly. ' 'Skipping APKiD analysis!') findings = {} sanitized = {} for item in findings: filename = item['filename'] if '!' in filename: filename = filename.split('!', 1)[1] sanitized[filename] = item['matches'] return sanitized
def apkid_analysis(app_dir, apk_file, apk_name): """APKID Analysis of DEX files.""" if not settings.APKID_ENABLED: return {} try: import apkid except ImportError: logger.error('APKiD - Could not import APKiD') return {} if not os.path.exists(apk_file): logger.error('APKiD - APK not found') return {} apkid_ver = apkid.__version__ from apkid.apkid import Scanner, Options from apkid.output import OutputFormatter from apkid.rules import RulesManager logger.info('Running APKiD %s', apkid_ver) options = Options( timeout=30, verbose=False, entry_max_scan_size=100 * 1024 * 1024, recursive=True, ) output = OutputFormatter( json_output=True, output_dir=None, rules_manager=RulesManager(), include_types=False, ) rules = options.rules_manager.load() scanner = Scanner(rules, options) res = scanner.scan_file(apk_file) try: findings = output._build_json_output(res)['files'] except AttributeError: # apkid >= 2.0.3 findings = output.build_json_output(res)['files'] sanitized = {} for item in findings: filename = item['filename'] sanitized[filename] = item['matches'] return sanitized
def rules_manager(): return RulesManager()
from apkid.output import colorize_tag from apkid.rules import RulesManager def convert_readme(): print("[*] Converting Markdown README to reStructuredText") import pypandoc rst = pypandoc.convert_file('README.md', 'rst') with open('README.rst', 'w+', encoding='utf-8') as f: f.write(rst) print(f"[*] Finished converting to README.rst ({len(rst)} bytes)") if __name__ == '__main__': print("[*] Compiling Yara files") rules_manager = RulesManager() rules = rules_manager.compile() rules_count = rules_manager.save() print(f"[*] Saved {rules_count} rules to {rules_manager.rules_path}") print(f"[*] Rules hash: {rules_manager.hash}") tag_to_identifiers: Dict[str, Set[str]] = {} for rule in rules: for t in rule.tags: if t not in tag_to_identifiers: tag_to_identifiers[t] = set() tag_to_identifiers[t].add(rule.identifier) tag_counts = dict([(k, len(v)) for k, v in tag_to_identifiers.items()]) print("[*] Rule tag counts:") for tag in sorted(tag_counts.keys()): count = tag_counts[tag]