def api_tls_tester(request): """POST - TLS/SSL Security Tester.""" if 'hash' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = tests_common.tls_tests(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_get_dependencies(request): """POST - Frida Get Runtime Dependencies.""" if 'hash' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = tests_frida.get_runtime_dependencies(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_global_proxy(request): """POST - MobSF Global Proxy API.""" if 'action' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = operations.global_proxy(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_mobsfy(request): """POST - MobSFy API.""" if 'identifier' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = operations.mobsfy(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_dynamic_report(request): """POST - Dynamic Analysis report.""" if 'hash' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = report.view_report(request, request.POST['hash'], True) if 'error' in resp: return make_api_response(resp, 500) return make_api_response(resp, 200)
def api_recent_scans(request): """GET - get recent scans.""" scans = RecentScans(request) resp = scans.recent_scans() if 'error' in resp: return make_api_response(resp, 500) else: return make_api_response(resp, 200)
def api_screenshot(request): """POST - Screenshot API.""" if 'hash' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = operations.take_screenshot(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_adb_execute(request): """POST - ADB execute API.""" if 'cmd' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = operations.execute_adb(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_get_script(request): """POST - Frida Get Script.""" if not request.POST.getlist('scripts[]'): return make_api_response({'error': 'Missing Parameters'}, 422) resp = tests_frida.get_script(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_root_ca(request): """POST - MobSF CA actions API.""" if 'action' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = operations.mobsf_ca(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_instrument(request): """POST - Frida Instrument.""" params = {'hash', 'default_hooks', 'auxiliary_hooks', 'frida_code'} if set(request.POST) < params: return make_api_response({'error': 'Missing Parameters'}, 422) resp = tests_frida.instrument(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_stop_analysis(request): """POST - Stop Dynamic Analysis.""" if 'hash' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) tests_common.collect_logs(request, True) resp = tests_common.download_data(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_start_activity(request): """POST - Start Activity.""" params = {'activity', 'hash'} if set(request.POST) < params: return make_api_response({'error': 'Missing Parameters'}, 422) resp = tests_common.start_activity(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_act_tester(request): """POST - Activity Tester.""" params = {'test', 'hash'} if set(request.POST) < params: return make_api_response({'error': 'Missing Parameters'}, 422) resp = tests_common.activity_tester(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_api_monitor(request): """POST - Frida API Monitor.""" if 'hash' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = tests_frida.live_api(request, True) # live_api can be json or html if resp.get('data'): return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_start_analysis(request): """POST - Start Dynamic Analysis.""" if 'hash' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = dynamic_analyzer.dynamic_analyzer(request, request.POST['hash'], True) if 'error' in resp: return make_api_response(resp, 500) return make_api_response(resp, 200)
def api_logcat(request): """POST - Get Logcat HTTP Streaming API.""" if 'package' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) lcat = dynamic_analyzer.logcat(request, True) if isinstance(lcat, dict): if 'error' in lcat: return make_api_response(lcat, 500) return lcat
def api_frida_logs(request): """POST - Frida Logs.""" if 'hash' not in request.POST: return make_api_response({'error': 'Missing Parameters'}, 422) resp = tests_frida.frida_logs(request, True) # frida logs can be json or html if resp.get('data'): return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_dynamic_view_file(request): """POST - Dynamic Analysis report.""" params = {'hash', 'file', 'type'} if set(request.POST) < params: return make_api_response({'error': 'Missing Parameters'}, 422) resp = report.view_file(request, True) if 'error' in resp: return make_api_response(resp, 500) return make_api_response(resp, 200)
def api_delete_scan(request): """POST - Delete a Scan.""" if 'hash' in request.POST: resp = delete_scan(request, True) if 'error' in resp: response = make_api_response(resp, 500) else: response = make_api_response(resp, 200) else: response = make_api_response({'error': 'Missing Parameters'}, 422) return response
def api_compare(request): """Compare 2 apps.""" params = {'hash1', 'hash2'} if set(request.POST) >= params: resp = compare_apps(request, request.POST['hash1'], request.POST['hash2'], True) if 'error' in resp: response = make_api_response(resp, 500) else: response = make_api_response(resp, 200) else: response = make_api_response({'error': 'Missing Parameters'}, 422) return response
def api_view_source(request): """View Source for android & ios source file.""" params = {'file', 'type', 'hash'} if set(request.POST) >= params: if request.POST['type'] in { 'eclipse', 'studio', 'apk', 'java', 'smali' }: resp = view_source.run(request, api=True) else: resp = ios_view_source.run(request, api=True) if 'error' in resp: response = make_api_response(resp, 500) else: response = make_api_response(resp, 200) else: response = make_api_response({'error': 'Missing Parameters'}, 422) return response
def api_scan(request): """POST - Scan API.""" params = {'scan_type', 'hash', 'file_name'} if set(request.POST) >= params: scan_type = request.POST['scan_type'] # APK, Android ZIP and iOS ZIP if scan_type in {'xapk', 'apk', 'zip'}: resp = static_analyzer(request, True) if 'type' in resp: # For now it's only ios_zip request.POST._mutable = True request.POST['scan_type'] = 'ios' resp = static_analyzer_ios(request, True) if 'error' in resp: response = make_api_response(resp, 500) else: response = make_api_response(resp, 200) # IPA elif scan_type == 'ipa': resp = static_analyzer_ios(request, True) if 'error' in resp: response = make_api_response(resp, 500) else: response = make_api_response(resp, 200) # APPX elif scan_type == 'appx': resp = windows.staticanalyzer_windows(request, True) if 'error' in resp: response = make_api_response(resp, 500) else: response = make_api_response(resp, 200) else: response = make_api_response({'error': 'Missing Parameters'}, 422) return response
def api_pdf_report(request): """Generate and Download PDF.""" params = {'hash'} if set(request.POST) == params: resp = pdf(request, api=True) if 'error' in resp: if resp.get('error') == 'Invalid scan hash': response = make_api_response(resp, 400) else: response = make_api_response(resp, 500) elif 'pdf_dat' in resp: response = HttpResponse(resp['pdf_dat'], content_type='application/pdf') response['Access-Control-Allow-Origin'] = '*' elif resp.get('report') == 'Report not Found': response = make_api_response(resp, 404) else: response = make_api_response({'error': 'PDF Generation Error'}, 500) else: response = make_api_response({'error': 'Missing Parameters'}, 422) return response
def api_json_report(request): """Generate JSON Report.""" params = {'hash'} if set(request.POST) == params: resp = pdf(request, api=True, jsonres=True) if 'error' in resp: if resp.get('error') == 'Invalid scan hash': response = make_api_response(resp, 400) else: response = make_api_response(resp, 500) elif 'report_dat' in resp: response = make_api_response(resp['report_dat'], 200) elif resp.get('report') == 'Report not Found': response = make_api_response(resp, 404) else: response = make_api_response({'error': 'JSON Generation Error'}, 500) else: response = make_api_response({'error': 'Missing Parameters'}, 422) return response
def api_upload(request): """POST - Upload API.""" upload = Upload(request) resp, code = upload.upload_api() return make_api_response(resp, code)
def api_list_frida_scripts(request): """GET - List Frida Scripts.""" resp = tests_frida.list_frida_scripts(request, True) if resp['status'] == 'ok': return make_api_response(resp, 200) return make_api_response(resp, 500)
def api_get_apps(request): """GET - Get Apps for dynamic analysis API.""" resp = dynamic_analyzer.dynamic_analysis(request, True) if 'error' in resp: return make_api_response(resp, 500) return make_api_response(resp, 200)