def api_tls_tester(request):
"""POST - TLS/SSL Security Tester."""
if 'hash' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = tests_common.tls_tests(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_get_dependencies(request):
"""POST - Frida Get Runtime Dependencies."""
if 'hash' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = tests_frida.get_runtime_dependencies(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_global_proxy(request):
"""POST - MobSF Global Proxy API."""
if 'action' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = operations.global_proxy(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_mobsfy(request):
"""POST - MobSFy API."""
if 'identifier' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = operations.mobsfy(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_dynamic_report(request):
"""POST - Dynamic Analysis report."""
if 'hash' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = report.view_report(request, request.POST['hash'], True)
if 'error' in resp:
return make_api_response(resp, 500)
return make_api_response(resp, 200)
def api_recent_scans(request):
"""GET - get recent scans."""
scans = RecentScans(request)
resp = scans.recent_scans()
if 'error' in resp:
return make_api_response(resp, 500)
else:
return make_api_response(resp, 200)
def api_screenshot(request):
"""POST - Screenshot API."""
if 'hash' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = operations.take_screenshot(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_adb_execute(request):
"""POST - ADB execute API."""
if 'cmd' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = operations.execute_adb(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_get_script(request):
"""POST - Frida Get Script."""
if not request.POST.getlist('scripts[]'):
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = tests_frida.get_script(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_root_ca(request):
"""POST - MobSF CA actions API."""
if 'action' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = operations.mobsf_ca(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_instrument(request):
"""POST - Frida Instrument."""
params = {'hash', 'default_hooks', 'auxiliary_hooks', 'frida_code'}
if set(request.POST) < params:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = tests_frida.instrument(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_stop_analysis(request):
"""POST - Stop Dynamic Analysis."""
if 'hash' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
tests_common.collect_logs(request, True)
resp = tests_common.download_data(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_start_activity(request):
"""POST - Start Activity."""
params = {'activity', 'hash'}
if set(request.POST) < params:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = tests_common.start_activity(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_act_tester(request):
"""POST - Activity Tester."""
params = {'test', 'hash'}
if set(request.POST) < params:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = tests_common.activity_tester(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_api_monitor(request):
"""POST - Frida API Monitor."""
if 'hash' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = tests_frida.live_api(request, True)
# live_api can be json or html
if resp.get('data'):
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_start_analysis(request):
"""POST - Start Dynamic Analysis."""
if 'hash' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = dynamic_analyzer.dynamic_analyzer(request, request.POST['hash'],
True)
if 'error' in resp:
return make_api_response(resp, 500)
return make_api_response(resp, 200)
def api_logcat(request):
"""POST - Get Logcat HTTP Streaming API."""
if 'package' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
lcat = dynamic_analyzer.logcat(request, True)
if isinstance(lcat, dict):
if 'error' in lcat:
return make_api_response(lcat, 500)
return lcat
def api_frida_logs(request):
"""POST - Frida Logs."""
if 'hash' not in request.POST:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = tests_frida.frida_logs(request, True)
# frida logs can be json or html
if resp.get('data'):
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_dynamic_view_file(request):
"""POST - Dynamic Analysis report."""
params = {'hash', 'file', 'type'}
if set(request.POST) < params:
return make_api_response({'error': 'Missing Parameters'}, 422)
resp = report.view_file(request, True)
if 'error' in resp:
return make_api_response(resp, 500)
return make_api_response(resp, 200)
def api_delete_scan(request):
"""POST - Delete a Scan."""
if 'hash' in request.POST:
resp = delete_scan(request, True)
if 'error' in resp:
response = make_api_response(resp, 500)
else:
response = make_api_response(resp, 200)
else:
response = make_api_response({'error': 'Missing Parameters'}, 422)
return response
def api_compare(request):
"""Compare 2 apps."""
params = {'hash1', 'hash2'}
if set(request.POST) >= params:
resp = compare_apps(request, request.POST['hash1'],
request.POST['hash2'], True)
if 'error' in resp:
response = make_api_response(resp, 500)
else:
response = make_api_response(resp, 200)
else:
response = make_api_response({'error': 'Missing Parameters'}, 422)
return response
def api_view_source(request):
"""View Source for android & ios source file."""
params = {'file', 'type', 'hash'}
if set(request.POST) >= params:
if request.POST['type'] in {
'eclipse', 'studio', 'apk', 'java', 'smali'
}:
resp = view_source.run(request, api=True)
else:
resp = ios_view_source.run(request, api=True)
if 'error' in resp:
response = make_api_response(resp, 500)
else:
response = make_api_response(resp, 200)
else:
response = make_api_response({'error': 'Missing Parameters'}, 422)
return response
def api_scan(request):
"""POST - Scan API."""
params = {'scan_type', 'hash', 'file_name'}
if set(request.POST) >= params:
scan_type = request.POST['scan_type']
# APK, Android ZIP and iOS ZIP
if scan_type in {'xapk', 'apk', 'zip'}:
resp = static_analyzer(request, True)
if 'type' in resp:
# For now it's only ios_zip
request.POST._mutable = True
request.POST['scan_type'] = 'ios'
resp = static_analyzer_ios(request, True)
if 'error' in resp:
response = make_api_response(resp, 500)
else:
response = make_api_response(resp, 200)
# IPA
elif scan_type == 'ipa':
resp = static_analyzer_ios(request, True)
if 'error' in resp:
response = make_api_response(resp, 500)
else:
response = make_api_response(resp, 200)
# APPX
elif scan_type == 'appx':
resp = windows.staticanalyzer_windows(request, True)
if 'error' in resp:
response = make_api_response(resp, 500)
else:
response = make_api_response(resp, 200)
else:
response = make_api_response({'error': 'Missing Parameters'}, 422)
return response
def api_pdf_report(request):
"""Generate and Download PDF."""
params = {'hash'}
if set(request.POST) == params:
resp = pdf(request, api=True)
if 'error' in resp:
if resp.get('error') == 'Invalid scan hash':
response = make_api_response(resp, 400)
else:
response = make_api_response(resp, 500)
elif 'pdf_dat' in resp:
response = HttpResponse(resp['pdf_dat'],
content_type='application/pdf')
response['Access-Control-Allow-Origin'] = '*'
elif resp.get('report') == 'Report not Found':
response = make_api_response(resp, 404)
else:
response = make_api_response({'error': 'PDF Generation Error'},
500)
else:
response = make_api_response({'error': 'Missing Parameters'}, 422)
return response
def api_json_report(request):
"""Generate JSON Report."""
params = {'hash'}
if set(request.POST) == params:
resp = pdf(request, api=True, jsonres=True)
if 'error' in resp:
if resp.get('error') == 'Invalid scan hash':
response = make_api_response(resp, 400)
else:
response = make_api_response(resp, 500)
elif 'report_dat' in resp:
response = make_api_response(resp['report_dat'], 200)
elif resp.get('report') == 'Report not Found':
response = make_api_response(resp, 404)
else:
response = make_api_response({'error': 'JSON Generation Error'},
500)
else:
response = make_api_response({'error': 'Missing Parameters'}, 422)
return response
def api_upload(request):
"""POST - Upload API."""
upload = Upload(request)
resp, code = upload.upload_api()
return make_api_response(resp, code)
def api_list_frida_scripts(request):
"""GET - List Frida Scripts."""
resp = tests_frida.list_frida_scripts(request, True)
if resp['status'] == 'ok':
return make_api_response(resp, 200)
return make_api_response(resp, 500)
def api_get_apps(request):
"""GET - Get Apps for dynamic analysis API."""
resp = dynamic_analyzer.dynamic_analysis(request, True)
if 'error' in resp:
return make_api_response(resp, 500)
return make_api_response(resp, 200)
