paradiseduo / applicationscanner Goto Github PK
View Code? Open in Web Editor NEWAn open source application scanning tool
License: GNU General Public License v3.0
applicationscanner's People
Contributors
Stargazers
Watchers
Forkers
keyman9848 yamazakikaede skymysky vinsonzou lanyi1998 zxing0214 yfw123 ftvbftvbq lgq2015 lgq20151 lindatas crackercat kingking888 alireddevils 5l1v3r1 jeromeyoung popmj007 gitwk86 alieismy andyalbert2018wei sherlockzm kuustudio sashka3076 hailong123 wang0098 1o24er march110 fishso xianlimei run0nceex keroushe xiahongjin latentgod tangjhan 1ulang ltftianyahai halohoop t3nk0 january147 wuhh1991 sms2056 emily100813 callmeli d2550 kingsun0 lckhuber changshuzf luofeng0603 shihuajushi12 shen771 jkme wgetnz macouen liutufang xmamonx coarikan viktorrant1 richard6666 mokeys windxaa 4everzain haonan1 cleanmgr112 yikeng cjrcjr gradient30 dawn-breaking chenjinliang wouijvziqy 6dlz ytrick xxxxxx007 qingjiaowopipi landixiansen juvenileruntu daerduotutu922 j0f1 pt001 chan233 sxx2022applicationscanner's Issues
报错了
Unzip apk atg1609b_99.apk
Finish
Traceback (most recent call last):
File "/home/ApplicationScanner/lib/apk.py", line 45, in apkScan
apkInfo(filePath)
File "/home/ApplicationScanner/lib/apk.py", line 181, in apkInfo
with open(yml, mode='r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ApplicationScanner/atg1609b_99_3OAoqe/apktool.yml'
Clean cache...
Traceback (most recent call last):
File "./AppScanner.py", line 92, in
main(sys.argv[1:])
File "./AppScanner.py", line 70, in main
apkScan(inputfile, save)
File "/home/ApplicationScanner/lib/apk.py", line 59, in apkScan
shutil.rmtree(filePath)
File "/usr/lib/python3.8/shutil.py", line 709, in rmtree
onerror(os.lstat, path, sys.exc_info())
File "/usr/lib/python3.8/shutil.py", line 707, in rmtree
orig_st = os.lstat(path)
FileNotFoundError: [Errno 2] No such file or directory: '/home/ApplicationScanner/atg1609b_99_3OAoqe'
扫描报错
windows环境下能安装使用吗?
readme里介绍使用环境只能在mac 或者linux上,会出个windows环境平台使用的吗?
ZipCheck.py logic is wrong
when i deal my app logic like this:
if (entryName.contains("../")) {
throw new Exception("found an dengours path with yours zip file!");
}
i got a report for hight zip waring
FileNotFoundError: [Errno 2] No such file or directory
Traceback (most recent call last):
File "/SDK 安全扫描/ApplicationScanner/lib/apk.py", line 47, in apkScan
apkInfo(filePath)
File "/SDK 安全扫描/ApplicationScanner/lib/apk.py", line 139, in apkInfo
with open(yml, mode='r') as f:
FileNotFoundError: [Errno 2] No such file or directory:'/SDK 安全扫描/ApplicationScanner/test_xc6GQp/apktool.yml'
原因
路径中存在空格,部分未使用引号包裹路径导致不能正常解析。
解决办法
去掉文件夹中空格即可解决
相关代码
/lib/apk.py 41行
strline = f'java -jar {apktool} d -f {inputfile} -o {filePath} --only-main-classes'
/lib/ipa.py 128行起
strline1 = 'strings -a -T Mach-O ' + appBinPath + " > " + stringDumpPath
AttributeError: 'str' object has no attribute 'keys'
IndexError: list index out of range
扫描结果报错:
_____
/\ / ____|
/ \ _ __ _ __| (___ ___ __ _ _ __ _ __ ___ _ __
/ /\ \ | '_ \| '_ \___ \ / __/ _` | '_ \| '_ \ / _ \ '__|
/ ____ \| |_) | |_) |___) | (_| (_| | | | | | | | __/ |
/_/ \_\ .__/| .__/_____/ \___\__,_|_| |_|_| |_|\___|_|
| | | |
|_| |_|
ParadiseDuo [2.4]
Unzip apk /home/***/Test.apk
Finish
┌──────────┬─────────────────────┐
│ 检测项目 │ 应用基本信息 │
├──────────┼─────────────────────┤
│ 项目描述 │ App的基本信息 │
├──────────┼─────────────────────┤
│ 危险等级 │ 信息 │
├──────────┼─────────────────────┤
│ 项目描述 │ minSdkVersion: 30 │
│ │ SDK版本: 30 │
│ │ 版本号: 107363 │
│ │ 版本名: 1.7363 │
└──────────┴─────────────────────┘
┌──────────┬──────────────────────────┐
│ 检测项目 │ 包名信息 │
├──────────┼──────────────────────────┤
│ 项目描述 │ 应用包名信息 │
├──────────┼──────────────────────────┤
│ 危险等级 │ 信息 │
├──────────┼──────────────────────────┤
│ 项目描述 │ 包名: com.***.test │
└──────────┴──────────────────────────┘
┌──────────┬──────────────────────────────────────────────────────────────────────────────────┐
│ 检测项目 │ 一般权限信息 │
├──────────┼──────────────────────────────────────────────────────────────────────────────────┤
│ 项目描述 │ 应用获取的一般权限信息 │
├──────────┼──────────────────────────────────────────────────────────────────────────────────┤
│ 危险等级 │ 信息 │
├──────────┼──────────────────────────────────────────────────────────────────────────────────┤
│ 项目描述 │ android.permission.BLUETOOTH_ADMIN: 蓝牙: 允许应用软件连接配对过的蓝牙设备 │
│ │ android.permission.CHANGE_WIFI_STATE: 更改WIFI连接状态: 允许应用改变WIFI连接状态 │
│ │ android.permission.BLUETOOTH_CONNECT: 蓝牙: 允许应用软件连接配对过的蓝牙设备 │
│ │ android.permission.INTERNET: 使用互联网: 允许应用打开网络接口 │
│ │ android.permission.ACCESS_NETWORK_STATE: 获取网络连接: 允许获取网络连接信息 │
│ │ android.permission.BLUETOOTH: 蓝牙: 允许应用软件连接配对过的蓝牙设备 │
└──────────┴──────────────────────────────────────────────────────────────────────────────────┘
┌──────────┬────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ 检测项目 │ 危险权限信息 │
├──────────┼────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 项目描述 │ 应用获取的危险权限信息 │
├──────────┼────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 危险等级 │ 高危 │
├──────────┼────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 项目描述 │ android.permission.WRITE_EXTERNAL_STORAGE: 写入外部存储空间: 允许应用软件写入外部存储,如SD卡上写文件 │
│ │ android.permission.READ_EXTERNAL_STORAGE: 读取外部存储空间: 允许应用软件读取扩展存 │
│ │ android.permission.ACCESS_WIFI_STATE: 获取无线状态: 允许获取无线网络相关信息 │
└──────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────┘
┌──────────┬───────────────────────────────────────────────────────────┐
│ 检测项目 │ 其他权限信息 │
├──────────┼───────────────────────────────────────────────────────────┤
│ 项目描述 │ 应用获取的其他权限信息 │
├──────────┼───────────────────────────────────────────────────────────┤
│ 危险等级 │ 信息 │
├──────────┼───────────────────────────────────────────────────────────┤
│ 项目描述 │ ***.test.permission.BROAD_COMMAND │
│ │ android.test.permission.*** │
│ │ android.permission.INTERNAL_SYSTEM_WINDOW │
│ │ com.***.appstore.PERMISSION_SECURITY_PROVIDER_READ │
│ │ com.***.test.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION │
│ │ android.***.permission.*** │
└──────────┴───────────────────────────────────────────────────────────┘
┌──────────┬──────────────────────────────────────────────────────────┐
│ 检测项目 │ 组件导出检测 │
├──────────┼──────────────────────────────────────────────────────────┤
│ 项目描述 │ 检测导出的组件信息 │
├──────────┼──────────────────────────────────────────────────────────┤
│ 危险等级 │ 信息 │
├──────────┼──────────────────────────────────────────────────────────┤
│ 项目描述 │ com.***.***.MainActivity │
│ │ com.***.***.***.activity.BtDialogActivity │
│ │ com.***.****.service.****** │
│ │ com.***.lass.core.app.RemoteSharedPreferencesService │
│ │ com.***.***.config.LogReceiver │
└──────────┴──────────────────────────────────────────────────────────┘
┌──────────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ 检测项目 │ 签名信息 │
├──────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 项目描述 │ 签名验证详细信息 │
├──────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 危险等级 │ 信息 │
├──────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 项目描述 │ Verifies │
│ │ Verified using v1 scheme (JAR signing): false │
│ │ Verified using v2 scheme (APK Signature Scheme v2): false │
│ │ Verified using v3 scheme (APK Signature Scheme v3): true │
│ │ Verified using v4 scheme (APK Signature Scheme v4): false │
│ │ Verified for SourceStamp: false │
│ │ Number of signers: 1 │
│ │ Signer #1 certificate DN: [email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US │
│ │ Signer #1 certificate SHA-256 digest: c8a2e9bccf597c2fb6dc66bee293fc13f2fc47ec77bc6b2b0d52c11f51192ab8 │
│ │ Signer #1 certificate SHA-1 digest: 27196e386b875e76adf700e7ea84e4c6eee33dfa │
│ │ Signer #1 certificate MD5 digest: 8ddb342f2da5408402d7568af21e29f9 │
│ │ Signer #1 key algorithm: RSA │
│ │ Signer #1 key size (bits): 2048 │
│ │ Signer #1 public key SHA-256 digest: 3d3df7dc9bf26e02d4cd76256d41d45e41a4dedebe7feb95c40e3697681be8a7 │
│ │ Signer #1 public key SHA-1 digest: 06cac910fdbd67398c0bb8e297ef679dea589f61 │
│ │ Signer #1 public key MD5 digest: f3714d30107c5b7d1e29325669b80e05 │
│ │ │
│ │ │
└──────────┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
┌──────────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│ 检测项目 │ 证书指纹 │
├──────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 项目描述 │ 证书指纹信息 │
├──────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 危险等级 │ 信息 │
├──────────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ 项目描述 │ 所有者: [email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US │
│ │ 发布者: [email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US │
│ │ 序列号: b3998086d056cffa │
│ │ 生效时间: Wed Apr 16 06:40:50 CST 2008, 失效时间: Sun Sep 02 06:40:50 CST 2035 │
│ │ 证书指纹: │
│ │ SHA1: 27:19:6E:38:6B:87:5E:76:AD:F7:00:E7:EA:84:E4:C6:EE:E3:3D:FA │
│ │ SHA256: C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8 │
│ │ 签名算法名称: MD5withRSA (disabled) │
│ │ 主体公共密钥算法: 2048 位 RSA 密钥 │
│ │ 版本: 3 │
│ │ │
│ │ 扩展: │
│ │ │
│ │ #1: ObjectId: 2.5.29.35 Criticality=false │
│ │ AuthorityKeyIdentifier [ │
│ │ KeyIdentifier [ │
│ │ 0000: 4F E4 A0 B3 DD 9C BA 29 F7 1D 72 87 C4 E7 C3 8F O......)..r..... │
│ │ 0010: 20 86 C2 99 ... │
│ │ ] │
│ │ [[email protected], CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US] │
│ │ SerialNumber: [ b3998086 d056cffa] │
│ │ ] │
│ │ │
│ │ #2: ObjectId: 2.5.29.19 Criticality=false │
│ │ BasicConstraints:[ │
│ │ CA:true │
│ │ PathLen:2147483647 │
│ │ ] │
│ │ │
│ │ #3: ObjectId: 2.5.29.14 Criticality=false │
│ │ SubjectKeyIdentifier [ │
│ │ KeyIdentifier [ │
│ │ 0000: 4F E4 A0 B3 DD 9C BA 29 F7 1D 72 87 C4 E7 C3 8F O......)..r..... │
│ │ 0010: 20 86 C2 99 ... │
│ │ ] │
│ │ ] │
│ │ │
│ │ │
└──────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Traceback (most recent call last):
File "/home/***/tools/ApplicationScanner-main/lib/apk.py", line 67, in apkScan
c(filePath).scan()
File "/home/***/tools/ApplicationScanner-main/lib/Android/ReadFileCheck.py", line 32, in scan
v = line.strip().split(',')[2].replace('}', '')
IndexError: list index out of range
Clean cache...
Finish
unsupported res type name for bags. Found: razor_array
针对体积较大的APK时报下面错误
Exception in thread "main" brut.androlib.AndrolibException: unsupported res type name for bags. Found: razor_array
扫描结果导出?
请问怎么导出扫描结果? 手动保存格式错误,有没有方式导出报告
啥时候可以出脱壳
请问什么时候可以出脱壳版本--__--
Android目录导入被代码优化删除
apk.py
from . import Android # 执行导入包到 scanners
ipa.py
from . import iOS # 执行导入包到 scanners
解析报错
- 执行命令:
(apkana) python AppScanner.py -i test.apk
- 报错内容如下:
Unzip apk test.apk
Finish
Traceback (most recent call last):
File "/root/apkana/ApplicationScanner/lib/apk.py", line 59, in apkScan
apkInfo(filePath)
File "/root/apkana/ApplicationScanner/lib/apk.py", line 195, in apkInfo
with open(yml, mode='r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/root/apkana/ApplicationScanner/test_3E2Tdu/apktool.yml'
Clean cache...
Traceback (most recent call last):
File "/root/apkana/ApplicationScanner/AppScanner.py", line 92, in
main(sys.argv[1:])
File "/root/apkana/ApplicationScanner/AppScanner.py", line 70, in main
apkScan(inputfile, save)
File "/root/apkana/ApplicationScanner/lib/apk.py", line 73, in apkScan
shutil.rmtree(filePath)
File "/root/anaconda3/envs/apkana/lib/python3.9/shutil.py", line 706, in rmtree
onerror(os.lstat, path, sys.exc_info())
File "/root/anaconda3/envs/apkana/lib/python3.9/shutil.py", line 704, in rmtree
orig_st = os.lstat(path)
FileNotFoundError: [Errno 2] No such file or directory: '/root/apkana/ApplicationScanner/test_3E2Tdu'
(apkana)
- 尝试解决方法:
使用绝对路径,结果还是一样的报错
TypeError: __init__() missing 1 required positional argument: 'cmd'
Traceback (most recent call last):
File "/root/ApplicationScanner/lib/apk.py", line 53, in apkScan
c(filePath).scan()
File "/root/ApplicationScanner/lib/Android/XSSCheck.py", line 26, in scan
files = jsBeautify(jsfiles)
File "/root/ApplicationScanner/lib/tools.py", line 100, in jsBeautify
runner = RunCMD()
TypeError: init() missing 1 required positional argument: 'cmd'
mac和linux都是同样的问题
flutter 项目编译的ipa 包报错
Traceback (most recent call last):
File "/Users/xx/security/ApplicationScannerx/lib/ipa.py", line 54, in ipaScan
process_app_info_and_binaries(appInfoPath, appBinPath, filePath)
File "/Users/xx/security/ApplicationScannerx/lib/ipa.py", line 65, in process_app_info_and_binaries
iOSInfo(appInfoPath)
File "/Users/xx/security/ApplicationScannerx/lib/ipa.py", line 122, in iOSInfo
get_value('CFBundleDisplayName') + pl['CFBundleDisplayName'],
KeyError: 'CFBundleDisplayName'
非flutter 的项目,可以扫描
能否增加aab格式支持?
googleplay只支持aab了
No such file or directory
Traceback (most recent call last):
File "/home/ApplicationScanner/lib/apk.py", line 45, in apkScan
apkInfo(filePath)
File "/home/ApplicationScanner/lib/apk.py", line 181, in apkInfo
with open(yml, mode='r') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ApplicationScanner/meiyou_VauCGw/apktool.yml'
这个怎么处理呢
Output in english possible?
This looks like a pretty useful tool – if one could read the output. Is it possible to have the output in English? While not being a native English speaker, that I could at least read. No offense meant of course 😉 – and thanks in advance!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.