nettitude / scrounger Goto Github PK

Mobile application testing toolkit

License: BSD 3-Clause "New" or "Revised" License

Python 98.95% Shell 1.05%

scrounger's Introduction

Description

Scrounger - a person who borrows from or lives off others.

There is no better description for this tool for two main reasons, the first is because this tool takes inspiration from many other tools that have already been published, the second reason is because it lives off mobile application's vulnerabilities.

Why

Even though several other mobile application analysis tools have been developed, there is no one tool that can be used for both android and ios and can be called a "standard" must use on every mobile application assessment.

The idea behind Scrounger is to make a metasploit-like tool that will not do a pentesters work but help the pentester on his assessment by executing mundane tasks that need to be performed on all assessments.

The Difference

The main features Scrounger offers that others don't:

Works with Android and iOS
Metasploit-like console and modules
Offers a variaty of modules that can be run to give the pentester a starting point
Easily extendable

Inspiration / Thanks

Scrounger was inspired by other tools, a huge thanks to the developers of:

Drozer (https://github.com/mwrlabs/drozer);
Needle (https://github.com/mwrlabs/needle); and
iOS Application Analysis (https://github.com/timb-machine/ios-application-analyser).

Technical

As a disclaimer, all identified findings by Scrounger should always be manually double checked.

When using modules that need an Android or iOS device, Scrounger needs a Rooted or Jailbroken device respectively.

Scrounger has been tested to work on iOS 11 and Android 8.1.

Scrounger has been built for python 2.7 only.

Install

git clone https://github.com/nettitude/scrounger.git
cd scrounger
bash setup.sh
pip install -r requirements.txt
python setup.py install

Development

git pull https://github.com/nettitude/scrounger.git
cd scrounger
bash setup.sh
pip install -r requirements.txt
python setup.py develop

Update

cd scrounger
git pull
python setup.py install --upgrade

Required Binaries

For Android Modules

java (http://www.oracle.com/technetwork/java/javase/downloads/index.html)
jd-cli (https://github.com/kwart/jd-cmd)
apktool (https://ibotpeaches.github.io/Apktool/)
d2j-dex2jar (https://github.com/pxb1988/dex2jar)
adb (https://developer.android.com/studio/releases/platform-tools)
Other (Optional):
- avdmanager (https://developer.android.com/studio/#downloads)

For iOS Modules

jtool (Linux) (http://www.newosxbook.com/tools/jtool.html)
otool (MacOS) (https://developer.apple.com/xcode/)
ldid (https://github.com/daeken/ldid.git)
iproxy (Package: libimobiledevice)
lsusb (Package: usbutils)
unzip

iOS Binaries

Bundled Binaries:
- dump_backup_flag
- dump_file_protection
- dump_keychain
- dump_log
- listapps
Cydia Karen's Repository (https://cydia.angelxwind.net) (Optional):
- AppSync Unified (Package: net.angelxwind.appsyncunified)
- appinst (Package: com.linusyang.appinst)
Cydia Shmoo419's Repository (https://shmoo419.github.io/) (Optional):
- uncrypt11 (Package: com.shmoo.uncrypt11)
- gdb (Package: gdb71050)
Cydia Ichitaso's Repository (http://cydia.ichitaso.com/) (Optional):
- clutch (Package: com.kjcracks.clutch2)

Install Scripts

Linux

# install iproxy lsusb
sudo apt-get install libimobiledevice usbutils

# install jd-cli
if [ ! -x "$(which jd-cli)" ]; then
    curl -L -o /tmp/jdcli.zip https://github.com/kwart/jd-cmd/releases/download/jd-cmd-0.9.2.Final/jd-cli-0.9.2-dist.zip
    unzip /tmp/jdcli.zip /usr/local/share/jd-cli
    ln -s /usr/local/share/jd-cli/jd-cli /usr/local/bin/jd-cli
    ln -s /usr/local/share/jd-cli/jd-cli.jar /usr/local/bin/jd-cli.jar
    rm -rf /tmp/jdcli.zip
fi

# install apktool
if [ ! -x "$(which apktool)" ]; then
    mkdir /usr/local/share/apktool
    curl -L -o /usr/local/share/apktool/apktool https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/osx/apktool
    curl -L -o /usr/local/share/apktool/apktool.jar https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.3.jar
    chmod +x /usr/local/share/apktool /usr/local/share/apktool/apktool.jar
    ln -s /usr/local/share/apktool /usr/local/bin/apktool
    ln -s /usr/local/share/apktool.jar /usr/local/bin/apktool.jar
fi

# install dex2jar
if [ ! -x "$(which d2j-dex2jar)" ]; then
    curl -L -o /tmp/d2j.zip https://github.com/pxb1988/dex2jar/files/1867564/dex-tools-2.1-SNAPSHOT.zip
    unzip /tmp/d2j.zip -d /tmp/d2j
    dirname=$(ls --color=none /tmp/d2j)
    mv /tmp/d2j/$dirname /usr/local/share/d2j-dex2jar
    ln -s /usr/local/share/d2j-dex2jar/d2j-dex2jar.sh /usr/local/bin/d2j-dex2jar.sh
    ln -s /usr/local/share/d2j-dex2jar/d2j-apk-sign.sh /usr/local/bin/d2j-apk-sign.sh
    rm -rf /tmp/d2j.zip
fi

if [ ! -x "$(which d2j-dex2jar)" ]; then
    ln -s /usr/local/bin/d2j-dex2jar.sh /usr/local/bin/d2j-dex2jar
fi

# install adb
if [ ! -x "$(which adb)" ]; then
    curl -L -o /tmp/platform-tools.zip https://dl.google.com/android/repository/platform-tools-latest-linux.zip
    unzip /tmp/platform-tools.zip -d /tmp/pt
    mv /tmp/pt/platform-tools /usr/local/share/
    ln -s /usr/local/share/platform-tools/adb /usr/local/bin/adb
    ln -s /usr/local/share/platform-tools/fastboot /usr/local/bin/fastboot
fi

# install ldid
if [ ! -x "$(which ldid)" ]; then
    git clone https://github.com/daeken/ldid.git /tmp/ldid
    cd /tmp/ldid
    ./make.sh
    mv ldid /usr/local/bin/
    cd /tmp
    rm -rf /tmp/ldid
fi

# install jtool
if [ ! -x "$(which jtool)" ]; then
    curl -L -o /tmp/jtool.tar http://www.newosxbook.com/tools/jtool.tar
    mkdir /tmp/jtool
    tar xvf /tmp/jtool.tar -C /tmp/jtool
    mv /tmp/jtool/jtool.ELF64 /usr/local/bin/jtool
    rm -rf /tmp/jtool.tar /tmp/jtool
fi

# install scrounger
git clone [email protected]:nettitude/scrounger.git
cd scrounger
pip install -r requirements.txt
python setup.py install

MacOS

# install iproxy ldid lsusb
brew tap jlhonora/lsusb && brew install lsusb libimobiledevice ldid

# install jd-cli
if [ ! -x "$(which jd-cli)" ]; then
    curl -L -o /tmp/jdcli.zip https://github.com/kwart/jd-cmd/releases/download/jd-cmd-0.9.2.Final/jd-cli-0.9.2-dist.zip
    unzip /tmp/jdcli.zip /usr/local/share/jd-cli
    ln -s /usr/local/share/jd-cli/jd-cli /usr/local/bin/jd-cli
    ln -s /usr/local/share/jd-cli/jd-cli.jar /usr/local/bin/jd-cli.jar
    rm -rf /tmp/jdcli.zip
fi

# install apktool
if [ ! -x "$(which apktool)" ]; then
    mkdir /usr/local/share/apktool
    curl -L -o /usr/local/share/apktool/apktool https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/osx/apktool
    curl -L -o /usr/local/share/apktool/apktool.jar https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.3.jar
    chmod +x /usr/local/share/apktool /usr/local/share/apktool/apktool.jar
    ln -s /usr/local/share/apktool /usr/local/bin/apktool
    ln -s /usr/local/share/apktool.jar /usr/local/bin/apktool.jar
fi

# install dex2jar
if [ ! -x "$(which d2j-dex2jar)" ]; then
    curl -L -o /tmp/d2j.zip https://github.com/pxb1988/dex2jar/files/1867564/dex-tools-2.1-SNAPSHOT.zip
    unzip /tmp/d2j.zip -d /tmp/d2j
    dirname=$(ls --color=none /tmp/d2j)
    mv /tmp/d2j/$dirname /usr/local/share/d2j-dex2jar
    ln -s /usr/local/share/d2j-dex2jar/d2j-dex2jar.sh /usr/local/bin/d2j-dex2jar.sh
    ln -s /usr/local/share/d2j-dex2jar/d2j-apk-sign.sh /usr/local/bin/d2j-apk-sign.sh
    rm -rf /tmp/d2j.zip
fi

if [ ! -x "$(which d2j-dex2jar)" ]; then
    ln -s /usr/local/bin/d2j-dex2jar.sh /usr/local/bin/d2j-dex2jar
fi

# install adb
if [ ! -x "$(which adb)" ]; then
    curl -L -o /tmp/platform-tools.zip https://dl.google.com/android/repository/platform-tools-latest-darwin.zip
    unzip /tmp/platform-tools.zip -d /tmp/pt
    mv /tmp/pt/platform-tools /usr/local/share/
    ln -s /usr/local/share/platform-tools/adb /usr/local/bin/adb
    ln -s /usr/local/share/platform-tools/fastboot /usr/local/bin/fastboot
fi

# install Xcode / command line tools
xcode-select --install

# install scrounger
git clone [email protected]:nettitude/scrounger.git
cd scrounger
pip install -r requirements.txt
python setup.py install

Adding Custom Modules

When installing the application a folder ~/.scrounger will be created. Inside ~/.scrounger will be a folder called modules/custom with the same structure as the default scrounger modules, e.g., analysis/android/module_name.

To create a new custom module just add a new file with the module name you want and it will be included the next time you launch scrounger.

Example

Added the following module (~/.scrounger/modules/custom/misc/test.py):

from scrounger.core.module import BaseModule

class Module(BaseModule):
    meta = {
        "author": "RDC",
        "description": """Just a Test module""",
        "certainty": 100
    }

    options = [
        {
            "name": "output",
            "description": "local output directory",
            "required": False,
            "default": None
        },
    ]

    def run(self):

        print("This is a print from the custom module")

        return {
            "print": "This will be print by scrounger's console."
        }

Execution

$ scrounger-console
Starting Scrounger console...

scrounger > list custom/misc

Module            Certainty  Author  Description
------            ---------  ------  -----------
custom/misc/test  100%       RDC     Just a Test module

scrounger > use custom/misc/test

scrounger custom/misc/test > options

Global Options:

    Name    Value
    ----    -----
    device
    output  /tmp/scrounger-app

Module Options (custom/misc/test):

    Name    Required  Description             Current Setting
    ----    --------  -----------             ---------------
    output  False     local output directory  /tmp/scrounger-app

scrounger custom/misc/test > run
This is a print from the custom module
[+] This will be print by scrounger's console.

scrounger custom/misc/test >

Examples

Listing / Searching modules

$ scrounger-console
Starting Scrounger console...

> help

Documented commands (type help <topic>):
========================================
add_device  devices  list     print  results  set   unset
back        help     options  quit   run      show  use


> help list
Lists all available modules

> list ios

Module                                  Certainty Author Description
------                                  --------- ------ -----------
analysis/ios/app_transport_security     90%       RDC    Checks if there are any Application Transport Security misconfigurations
analysis/ios/arc_support                90%       RDC    Checks if a binary was compiled with ARC support
analysis/ios/backups                    90%       RDC    Checks the application's files have the backup flag on
analysis/ios/clipboard_access           75%       RDC    Checks if the application disables clipboard access
analysis/ios/debugger_detection         75%       RDC    Checks if the application detects debuggers
analysis/ios/excessive_permissions      90%       RDC    Checks if the application uses excessive permissions
analysis/ios/file_protection            90%       RDC    Checks the application's files specific protection flags
analysis/ios/full_analysis              100%      RDC    Runs all modules in analysis and writes a report into the output directory
analysis/ios/insecure_channels          50%       RDC    Checks if the application uses insecure channels
analysis/ios/insecure_function_calls    75%       RDC    Checks if the application uses insecure function calls
analysis/ios/jailbreak_detection        60%       RDC    Checks if the application implements jailbreak detection
analysis/ios/logs                       60%       RDC    Checks if the application logs to syslog
analysis/ios/passcode_detection         60%       RDC    Checks if the application checks for passcode being set
analysis/ios/pie_support                100%      RDC    Checks if the application was compiled with PIE support
analysis/ios/prepared_statements        60%       RDC    Checks if the application uses sqlite calls and if so checks if it also uses prepared statements
analysis/ios/ssl_pinning                60%       RDC    Checks if the application implements SSL pinning
analysis/ios/stack_smashing             90%       RDC    Checks if a binary was compiled stack smashing protections
analysis/ios/third_party_keyboard       65%       RDC    Checks if an application checks of third party keyboards
analysis/ios/unencrypted_communications 80%       RDC    Checks if the application implements communicates over unencrypted channels
analysis/ios/unencrypted_keychain_data  70%       RDC    Checks if the application saves unencrypted data in the keychain
analysis/ios/weak_crypto                60%       RDC    Checks if the application uses weak crypto
analysis/ios/weak_random                50%       RDC    Checks if a binary uses weak random functions
analysis/ios/weak_ssl_ciphers           50%       RDC    Checks if a binary uses weak SSL ciphers
misc/ios/app/archs                      100%      RDC    Gets the application's available architectures
misc/ios/app/data                       100%      RDC    Gets the application's data from the remote device
misc/ios/app/entitlements               100%      RDC    Gets the application's entitlements
misc/ios/app/flags                      100%      RDC    Gets the application's compilation flags
misc/ios/app/info                       100%      RDC    Pulls the Info.plist info from the device
misc/ios/app/start                      100%      RDC    Launches an application on the remote device
misc/ios/app/symbols                    100%      RDC    Gets the application's symbols out of an installed application on the device
misc/ios/class_dump                     100%      RDC    Dumps the classes out of a decrypted binary
misc/ios/decrypt_bin                    100%      RDC    Decrypts and pulls a binary application
misc/ios/install_binaries               100%      RDC    Installs iOS binaries required to run some checks
misc/ios/keychain_dump                  100%      RDC    Dumps contents from the connected device's keychain
misc/ios/local/app/archs                100%      RDC    Gets the application's available architectures
misc/ios/local/app/entitlements         100%      RDC    Gets the application's entitlements from a local binary and saves them to file
misc/ios/local/app/flags                100%      RDC    Gets the application's compilation flags using local tools. Will look for otool and jtool in the PATH.
misc/ios/local/app/info                 100%      RDC    Pulls the Info.plist info from the unzipped IPA file and saves an XML file with it's contents to the output folder
misc/ios/local/app/symbols              100%      RDC    Gets the application's symbols out of an installed application on the device
misc/ios/local/class_dump               100%      RDC    Dumps the classes out of a decrypted binary
misc/ios/pull_ipa                       100%      RDC    Pulls the IPA file from a remote device
misc/ios/unzip_ipa                      100%      RDC    Unzips the IPA file into the output directory

Using Misc Module

$ scrounger-console
Starting Scrounger console...

> use misc/android/decompile_apk

misc/android/decompile_apk > options

Global Options:

    Name   Value
    ----   -----
    device
    output /tmp/scrounger-app

Module Options (misc/android/decompile_apk):

    Name   Required Description                Current Setting
    ----   -------- -----------                ---------------
    output True     local output directory     /tmp/scrounger-app
    apk    True     local path to the APK file

misc/android/decompile_apk > set output scrounger-demo-output

misc/android/decompile_apk > set apk ./a.apk

misc/android/decompile_apk > options

Global Options:

    Name   Value
    ----   -----
    device
    output /tmp/scrounger-app

Module Options (misc/android/decompile_apk):

    Name   Required Description                Current Setting
    ----   -------- -----------                ---------------
    output True     local output directory     scrounger-demo-output
    apk    True     local path to the APK file ./a.apk

misc/android/decompile_apk > run
2018-05-01 10:29:53 -                  decompile_apk : Creating decompilation directory
2018-05-01 10:29:53 -                  decompile_apk : Decompiling application
2018-05-01 10:29:59 -                       manifest : Checking for AndroidManifest.xml file
2018-05-01 10:29:59 -                       manifest : Creating manifest object
[+] Application decompiled to scrounger-demo-output/com.eg.challengeapp.decompiled

Using results from other modules

misc/android/decompile_apk > show results

Results:

    Name                             Value
    ----                             -----
    com.eg.challengeapp_decompiled scrounger-demo-output/com.eg.challengeapp.decompiled

misc/android/decompile_apk > use analysis/android/permissions

analysis/android/permissions > options

Global Options:

    Name   Value
    ----   -----
    device
    output /tmp/scrounger-app

Module Options (analysis/android/permissions):

    Name           Required Description                                        Current Setting
    ----           -------- -----------                                        ---------------
    decompiled_apk True     local folder containing the decompiled apk file
    permissions    True     dangerous permissions to check for, seperated by ; android.permission.GET_TASKS;android.permission.BIND_DEVICE_ADMIN;android.permission.USE_CREDENTIALS;com.android.browser.permission.READ_HISTORY_BOOKMARKS;android.permission.PROCESS_OUTGOING_CA

analysis/android/permissions > print option permissions

Option Name: permissions
Value: android.permission.GET_TASKS;android.permission.BIND_DEVICE_ADMIN;android.permission.USE_CREDENTIALS;com.android.browser.permission.READ_HISTORY_BOOKMARKS;android.permission.PROCESS_OUTGOING_CALLS;android.permission.READ_LOGS;android.permission.READ_SMS;android.permission.READ_CALL_LOG;android.permission.RECORD_AUDIO;android.permission.MANAGE_ACCOUNTS;android.permission.RECEIVE_SMS;android.permission.RECEIVE_MMS;android.permission.WRITE_CONTACTS;android.permission.DISABLE_KEYGUARD;android.permission.WRITE_SETTINGS;android.permission.WRITE_SOCIAL_STREAM;android.permission.WAKE_LOCK

analysis/android/permissions > set decompiled_apk result:com.eg.challengeapp_decompiled

analysis/android/permissions > options

Global Options:

    Name   Value
    ----   -----
    device
    output /tmp/scrounger-app

Module Options (analysis/android/permissions):

    Name           Required Description                                        Current Setting
    ----           -------- -----------                                        ---------------
    decompiled_apk True     local folder containing the decompiled apk file    result:com.eg.challengeapp_decompiled
    permissions    True     dangerous permissions to check for, seperated by ; android.permission.GET_TASKS;android.permission.BIND_DEVICE_ADMIN;android.permission.USE_CREDENTIALS;com.android.browser.permission.READ_HISTORY_BOOKMARKS;android.permission.PROCESS_OUTGOING_CA

analysis/android/permissions > run
2018-05-01 10:54:58 -                       manifest : Checking for AndroidManifest.xml file
2018-05-01 10:54:58 -                       manifest : Creating manifest object
2018-05-01 10:54:58 -                    permissions : Analysing application's manifest permissions
[+] Analysis result:
The Application Has Inadequate Permissions
    Report: True
    Details:
* android.permission.READ_SMS

Using devices

$ scrounger-console
Starting Scrounger console...

> show devices

Added Devices:

    Scrounger ID Device OS Identifier
    ------------ --------- ----------

> add_device
android  ios

> add_device android 00cd7e67ec57c127

> show devices

Added Devices:

    Scrounger ID Device OS Identifier
    ------------ --------- ----------
    1            android   00cd7e67ec57c127

> set global device 1

> options

Global Options:

    Name   Value
    ----   -----
    device 1
    output /tmp/scrounger-app

> use misc/list_apps

misc/list_apps > options

Global Options:

    Name   Value
    ----   -----
    device 1
    output /tmp/scrounger-app

Module Options (misc/list_apps):

    Name   Required Description            Current Setting
    ----   -------- -----------            ---------------
    output False    local output directory /tmp/scrounger-app
    device True     the remote device      1

misc/list_apps > unset output

misc/list_apps > options

Global Options:

    Name   Value
    ----   -----
    device 1
    output /tmp/scrounger-app

Module Options (misc/list_apps):

    Name   Required Description            Current Setting
    ----   -------- -----------            ---------------
    output False    local output directory
    device True     the remote device      1

misc/list_apps > run
[+] Applications installed on 00cd7e67ec57c127:

com.android.sharedstoragebackup
com.android.providers.partnerbookmarks
com.google.android.apps.maps
com.google.android.partnersetup
de.codenauts.hockeyapp
...

Command Line Help

$ scrounger --help
usage: scrounger [-h] [-m analysis/ios/module1;analysis/ios/module2]
                 [-a argument1=value1;argument1=value2;]
                 [-f /path/to/the/app.[apk|ipa]] [-d device_id] [-l] [-o]
                 [-p /path/to/full-analysis.json] [-V] [-D]

   _____
  / ____|
 | (___   ___ _ __ ___  _   _ _ __   __ _  ___ _ __
  \___ \ / __| '__/ _ \| | | | '_ \ / _` |/ _ \ '__|
  ____) | (__| | | (_) | |_| | | | | (_| |  __/ |
 |_____/ \___|_|  \___/ \__,_|_| |_|\__, |\___|_|
                                     __/ |
                                    |___/

optional arguments:
  -h, --help            show this help message and exit
  -m analysis/ios/module1;analysis/ios/module2, --modules analysis/ios/module1;analysis/ios/module2
                        modules to be run - seperated by ; - will be run in order
  -a argument1=value1;argument1=value2;, --arguments argument1=value1;argument1=value2;
                        arguments for the modules to be run
  -f /path/to/the/app.[apk|ipa], --full-analysis /path/to/the/app.[apk|ipa]
                        runs a full analysis on the application
  -d device_id, --device device_id
                        device to be used by the modules
  -l, --list            list available devices and modules
  -o, --options         prints the required options for the selected modules
  -p /path/to/full-analysis.json, --print-results /path/to/full-analysis.json
                        prints the results of a full analysis json file
  -V, --verbose         prints more information when running the modules
  -D, --debug           prints more information when running scrounger

Using the command line


$ scrounger -o -m "misc/android/decompile_apk"

Module Options (misc.android.decompile_apk):

    Name   Required Description                Default
    ----   -------- -----------                -------
    output True     local output directory     None
    apk    True     local path to the APK file None

$ scrounger -m "misc/android/decompile_apk" -a "apk=./a.apk;output=./cli-demo"
Excuting Module 0
2018-05-01 11:17:42 -                  decompile_apk : Creating decompilation directory
2018-05-01 11:17:42 -                  decompile_apk : Decompiling application
2018-05-01 11:17:46 -                       manifest : Checking for AndroidManifest.xml file
2018-05-01 11:17:46 -                       manifest : Creating manifest object
[+] Application decompiled to ./cli-demo/com.eg.challengeapp.decompiled

TODO

Add init file that is run everytime scrounger-console is started
Fix session results saving when not strings

scrounger's People

Contributors

Stargazers

Watchers

Forkers

peterg75 xtiankisutsa ufwt pharazone r3dfruitrollup chubbymaggie newpidc c002 mmg1 deelmind ztencmcp ws-projects rajivraj yibit magnologan jayaramyalla diegocaridei u53r55 seabreg noraj w4fz5uck5 d4mn4t10n arryboom subho007 exploit-inters timb-machine-mirrors sasqwatch xiaoliuwa ignitionlab 8l4nk terrorsectech nbg0x1 ubuntulover09 liberatorqjw 485653 alanl affilares seongl jienou ahmadi7 ticg zgq346712481 evrohachik krpronie mreetyunjaya projectzerodays bbhunter excloudx6 oakkaya jrsk23 rakhithjk

scrounger's Issues

Getting an exception error when connecting an iOS device

scrounger misc/list_apps > run
[-] Exception

Exception error when connecting iOS device
used iproxy for connection

iproxy 2222 22
ssh root@localhost -p 2222

no exception details is shown

Exception: 'ascii' codec can't encode character u'\u02ca' in position 952: ordinal not in range(128)

Hi,

Trying to parse a result i'm having an encoding error:

scrounger -p scrounger-report/android.analysis/results.json 

--------------------------------------------------------------------------------

[-] Exception: 'ascii' codec can't encode character u'\u02ca' in position 952: ordinal not in range(128)

If I open a text editor (Visual Studio Code) and make a regexp search for [^\x00-\x7F] (non-ascii char) I find no result.

As U+02CA seems to match with ˊ (here), I added one in the doc and used the same regexp and it was detected.

So it seems there are not such non-ascii char in the report.

Plus the JSON file is a one line result so I guess that position 952 means line 1 columns 952 but there is no weird char at this position.

I'm sorry i can't share the result file because it is confidential.

False positive

I have noticed the following false positives fall through:

The Application Does Not Target the Latest SDK
Application Does Not Prevent Screenshots

Not entirely sure if this is a bug with the report output or the way the above is being checked, maybe I'm missing something..

utf8: invalid continuation byte

I encountered a decoding error due to utf8 usage. I was running the full_analysis module.

Sorry I can't share the apk.

scrounger analysis/android/full_analysis > run
2018-09-19 17:26:46 -                  full_analysis : Running all Android analysis modules
2018-09-19 17:26:46 -        provider_path_traversal : Extracting and translating providers
2018-09-19 17:26:49 -             emulator_detection : Identifying smali directories
2018-09-19 17:26:49 -             emulator_detection : Analysing smali code for emulator detection mechanisms
2018-09-19 17:26:49 -             emulator_detection : Checking requirements for dynamic testing
2018-09-19 17:26:49 -                 root_detection : Identifying smali directories
2018-09-19 17:26:49 -                 root_detection : Analysing application's smali code
2018-09-19 17:26:50 -                    native_libs : Identifying application's libraries
2018-09-19 17:26:50 -                       manifest : Checking for AndroidManifest.xml file
2018-09-19 17:26:50 -                       manifest : Creating manifest object
2018-09-19 17:26:50 -                     debuggable : Analysing application's manifest
2018-09-19 17:26:50 -            delete_cached_files : Identifying smali directories
2018-09-19 17:26:50 -            delete_cached_files : Analysing application's smali code
2018-09-19 17:26:50 -            delete_cached_files : Analysing WebViews
2018-09-19 17:26:50 -          third_party_keyboards : Identifying smali directories
2018-09-19 17:26:50 -          third_party_keyboards : Analysing application's smali code
2018-09-19 17:26:50 -                       manifest : Checking for AndroidManifest.xml file
2018-09-19 17:26:50 -                       manifest : Creating manifest object
2018-09-19 17:26:50 -                   secret_codes : Analysing application's manifest for secret codes
2018-09-19 17:26:50 -                       manifest : Checking for AndroidManifest.xml file
2018-09-19 17:26:50 -                       manifest : Creating manifest object
2018-09-19 17:26:50 -                      browsable : Getting browsable activities and uris
2018-09-19 17:26:50 -                   weak_ciphers : Identifying smali directories
2018-09-19 17:26:50 -                   weak_ciphers : Analysing application's smali code
2018-09-19 17:26:51 -          arbitrary_redirection : Identifying smali directories
2018-09-19 17:26:51 -          arbitrary_redirection : Analysing application's smali code
2018-09-19 17:26:51 -          arbitrary_redirection : Analysing WebViews
2018-09-19 17:26:51 -              javascript_bridge : Identifying smali directories
2018-09-19 17:26:51 -              javascript_bridge : Analysing application's smali code
2018-09-19 17:26:51 -     unencrypted_communications : Identifying smali directories
2018-09-19 17:26:51 -     unencrypted_communications : Analysing application's smali code
2018-09-19 17:26:52 -         provider_sql_injection : Extracting and translating providers
2018-09-19 17:26:52 -                         logcat : Identifying smali directories
2018-09-19 17:26:52 -                         logcat : Analysing application's smali code
2018-09-19 17:26:52 -                       manifest : Checking for AndroidManifest.xml file
2018-09-19 17:26:52 -                       manifest : Creating manifest object
2018-09-19 17:26:52 -                 allows_backups : Analysing application's manifest
2018-09-19 17:26:52 -                   apktool_yaml : Checking for apktool.yml file
2018-09-19 17:26:52 -                       manifest : Checking for AndroidManifest.xml file
2018-09-19 17:26:52 -                       manifest : Creating manifest object
2018-09-19 17:26:52 -                    permissions : Analysing application's manifest permissions
2018-09-19 17:26:52 -             javascript_enabled : Identifying smali directories
2018-09-19 17:26:52 -             javascript_enabled : Analysing application's smali code
2018-09-19 17:26:52 -          screenshot_prevention : Identifying smali directories
2018-09-19 17:26:52 -          screenshot_prevention : Analysing application's smali code
2018-09-19 17:26:53 -                   apktool_yaml : Checking for apktool.yml file
2018-09-19 17:26:53 -                   apktool_yaml : Checking for apktool.yml file
2018-09-19 17:26:53 -                    ssl_pinning : Identifying smali directories
2018-09-19 17:26:53 -                    ssl_pinning : Analysing application's smali for SSL evidences
2018-09-19 17:26:53 -                    ssl_pinning : Analysing SSL evidences
2018-09-19 17:26:54 -                  full_analysis : Creating output folders
2018-09-19 17:26:54 -                  full_analysis : Writing results to file
[-] Exception: 'utf8' codec can't decode byte 0xd9 in position 2097: invalid continuation byte

maybe pyusbmuxd is a good idea

i wrote a progam for ios app security audit , and i also used paramiko to ssh to iphone devices.

but, when i get/put some big files from/to iphone devices, that's really so so so so slow...

then i found pyusbmuxd is such a amazing solution,

so, maybe u can take a look at pyusbmuxd, like: https://github.com/alibaba/iOSSecAudit

scrounger-cli: Exception: list index out of range

scrounger -f /home/redacted/1.apk -d emulator-5554 -a "output=./scrounger-cli"                        ✔  853  17:29:26 
2018-09-19 17:29:46 -                            cli : Preparing arguments
2018-09-19 17:29:46 -                            cli : Preparing devices
2018-09-19 17:29:46 -                            cli : Preparing module
2018-09-19 17:29:46 -                            cli : Installing APK
2018-09-19 17:29:53 -                            cli : Decompiling APK
2018-09-19 17:29:53 -                  decompile_apk : Creating decompilation directory
2018-09-19 17:29:53 -                  decompile_apk : Decompiling application
2018-09-19 17:29:53 -                       manifest : Checking for AndroidManifest.xml file
2018-09-19 17:29:53 -                            cli : Reading Manifest
2018-09-19 17:29:53 -                       manifest : Checking for AndroidManifest.xml file
[-] Exception: list index out of range

Android pull apk issue

Doesnt' seem to pull the apk even though the output says it completed.
adb pull works fine.

setup.sh

as jd-cli, apktool and dex2jar are often available in package repositories of distributions and are easy to install it is maybe proper to let user refer to https://github.com/nettitude/scrounger#required-binaries and install them himself rather than inviting him to launch setup.sh.

Also

# install other dependencies
        apt update
        apt install libimobiledevice libusbmuxd-tools usbutils

won't work for any linux but just debian like.

I think the better is to remove the script and ask user to install all of that himself.

For example I already have apktools, dex2jar, jd-gui, and don't want them to be installed a second time in a local bin folder.

python setup.py failed on Python 3.6

Hi,

I'm following this instruction, and failed on the last step.

git pull https://github.com/nettitude/scrounger.git
cd scrounger
bash setup.sh
pip install -r requirements.txt
python setup.py develop

Here is the error message.

(py3) @joel:scrounger $ python setup.py develop
running develop
Traceback (most recent call last):
  File "setup.py", line 77, in <module>
    install_requires=['paramiko', 'biplist', 'langdetect']
  File "/opt/anaconda3/envs/py3/lib/python3.6/distutils/core.py", line 148, in setup
    dist.run_commands()
  File "/opt/anaconda3/envs/py3/lib/python3.6/distutils/dist.py", line 955, in run_commands
    self.run_command(cmd)
  File "/opt/anaconda3/envs/py3/lib/python3.6/distutils/dist.py", line 974, in run_command
    cmd_obj.run()
  File "setup.py", line 50, in run
    _create_custom_modules_paths()
  File "setup.py", line 17, in _create_custom_modules_paths
    for module_type in module_types.split("\n"):
TypeError: a bytes-like object is required, not 'str'

(py3) @joel:scrounger $ python -V
Python 3.6.2 :: Continuum Analytics, Inc.

Any clues?

Thanks,
Joel

Android app error

Hi all

any help with this error please? Thank you

_scrounger misc/android/decompile_apk > options

Global Options:

Name     Value
----     -----
debug    False
device
verbose  False
output

Module Options (misc/android/decompile_apk):

Name    Required  Description                 Current Setting
----    --------  -----------                 ---------------
output  True      local output directory      scrounger-demo-output
apk     True      local path to the APK file  ./User/fugitif/Desktop/app-stage-release.apk_

and when I type run I get

scrounger misc/android/decompile_apk > run
2019-08-09 15:09:46 - decompile_apk : Creating decompilation directory
2019-08-09 15:09:46 - decompile_apk : Decompiling application
[-] Exception: apktool binary not found.

information gathering

iOS List apps error

Electra Jailbreak on iOS device (11.3.1).

I connected the device and when I try to run list_apps the following error appears below:

scrounger misc/list_apps > run
2018-08-30 11:46:57 -                         device : running: which listapps
[-] Exception: listapps binary not found.

scrounger misc/list_apps > 2018-08-30 11:51:57 - device : ssh session killed

Transparent OS commands

Please add support for OS commands. Can be very helpful and save time:

May it be installed on Windows 10?

I like it. But I'm using Win 10, so I could not install it. So please tell me how to install it on Windows system?If it does not support Win 10, please add this platform to install it.Thank you.

iOS Binaries

Hi!
i get an error msg that an ios binary is not found
i moved the binaries in scrounger bin folder to /usr/bin/ on the iphone
i tried running the binary in terminal to check but i get: bad cpu type in executable

any sugs?

Thank you

Error printing results to screen

When running full scan.
/Users/asdfadsf/.virtualenvs/scrounger/lib/python2.7/site-packages/scrounger/console/interactive.py:143
Getting this error.
Exception: 'dict' object has no attribute 'message'

Exception: apktool binary not found.

Hi all

any help with this error please? Thank you

_scrounger misc/android/decompile_apk > options

Global Options:

Name Value

debug False
device
verbose False
output
Module Options (misc/android/decompile_apk):

Name Required Description Current Setting

output True local output directory scrounger-demo-output
apk True local path to the APK file ./User/fugitif/Desktop/app-stage-release.apk_
and when I type run I get

scrounger misc/android/decompile_apk > run 2019-08-09 15:09:46 - decompile_apk : Creating decompilation directory 2019-08-09 15:09:46 - decompile_apk : Decompiling application [-] Exception: apktool binary not found.

Note that I'm using the tool from Mac

[Error] * Application Uses Native Libraries

Hi,
I'm trying to analyze an application, but i'm getting the following error:

[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': analysis.android.provider_sql_injection'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.root_detection'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.logcat'}
[-] Exception: {'exception': TypeError('list indices must be integers, not str',), 'module': 'analysis.android.weak_ciphers'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.emulator_detection'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.unencrypted_communications'}
[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.provider_path_traversal'}
[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.ssl_pinning'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.javascript_bridge'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.javascript_enabled'}
[+] The following issues were found:

Application Uses Native Libraries

Am i missing something?

Thank you very much. :)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.