Code Monkey home page Code Monkey logo

tools_repository's Introduction

Android Tamer Packages

This repo is for the reporting following

  1. Any issues with using any androidtamer package.
  2. Any tool / automation found missing in AndroidTamer.
  3. Any specific task that you keep doing and automating it would help everyone.

Labels

bug

This is to be used if the software is packaged and has developed a bug in its functionality.

enhancement

If you feel something needs to be updated / enhanced this is the label to be used.

help wanted

We might not have clue / not have time to work on this issue. So if issue is marked help wanted this is where your contributions will make the most impact.

invalid

If its something junk un related etc then this label will be placed and issue closed. Dont assign any issue to this label.

need-upstream-patch

This issue needs upstream attention and we will try and liase around to get it fixed, either asking / begging / bribing the upstream author or by trying to patchit and submit patch upstream.

question

Sometimes you might just have a question, this label is for that.

wontfix

A lot of times we might not do something, then why we didn't do it, we will document and will mark issue as wontfix. Simmilarly if there is a tool we don't want ot add it will be wontfix.

Write-your-own-tool

This means there is nothing like this and we need to write our own.

tools_repository's People

Contributors

anantshri avatar

Stargazers

codeѕ тeaм avatar Michael Cade avatar avatar Kerry Shen avatar Muhtaseem Al Mahmud avatar avatar Bryan Onel avatar Subho Halder avatar avatar Jason avatar Cangaceiro (Lampião) avatar avatar

Watchers

avatar James Cloos avatar STEFANOS METZIDAKIS avatar avatar

Forkers

stevenchen0x01 pentagramz

tools_repository's Issues

APKStudio

URL : https://github.com/vaibhavpandeyvpz/apkstudio

Notes:
Looks good but has dependencies on QT
looks for apktool.jar in path but no option in setting to set it up.

Update: 6 April 2016
does stuf less then apk2java and has issues with running and decoding properly. Hence not added right now.

Smalisca

Repo: https://github.com/dorneanu/smalisca/
Fork: https://github.com/AndroidTamer/smalisca

Attempt1:

  1. Using XPM python pip to installer realized 1 dependency is not listed in it (configparser)
  2. Parsing section working but command in Readme incorrect
    smalisca parser -l ~/tmp/FakeBanker2/dumped/smali -s java -f sqlite -o fakebanker.sqlite
    Should be
    smalisca parser -l ~/tmp/FakeBanker2/dumped/smali -s smali -f sqlite -o fakebanker.sqlite
    as apktool gives out smali as .smali and not as .java
  3. analyzer section requires a config to be present which is not provided by the pip installer
    Sample config on github page : https://github.com/dorneanu/smalisca/blob/master/smalisca/data/config/config.conf copy paste of this config results in error.

Current Status: Cant push to production as its not running fully.

cuckoo-droid

Another software which assumes virtualbox is installed in base, need to play around with and see if vboxmanage code we wrote is going to work otherwise patch it out.

Auto-assessment: master wrapper over various tools

A master wrapper over all tools available in androidtamer, good features would be to run all of them and combine results at one place.

awesome would be if co-relation and aggregation also happens.

Kind of like OWTF for android.

MobSF

Original Repo: https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
Fork: https://github.com/AndroidTamer/Mobile-Security-Framework-MobSF

Challenges:

  • Rebuild / architect to ensure everything goes to userhome directory including config / settings file. Currently build with assumption that folder will be writable data is stored in root itself.
  • multiple dependencies including using vbox on same machine. (vboxmanage package created to solve this challenge)
  • ensuring upstream changes all go as cross platform. we can be specific to Linux but the project is cross platform so fixes acceptance upstream would depend on it being cross platform
  • Multiple steps required to get Dynamic analysis working, document needs to outline that, if possible automate it out.

Work done So far:

  • nullcon branch which contained pre-release version was modified to ensure we can play with this. TamerPlatform/Mobile-Security-Framework-MobSF@4badfd7 this added various path's that are required to be modified and this ensures that all data is now redirected to ~/.mobsf/ folder.
  • Static analysis working, dynamic analysis working, but dynamic analysis need more testing.

apk tool

probable target language: Python or Bash

A command which acts like a meta-wrapper giving us following stuff

apk download -> download that specific apk
apk decompile -> apk2java wrapper
apk recompile -> smalli build
apk secscan -> aggregated security scan of apk
apk secscan dynamic -> drozer and mobsf scan
apk sign -> apksigner and zip align.

instead of remembering different command we work with one command.

AndroWarn

Original: https://github.com/maaaaz/androwarn
Fork: https://github.com/AndroidTamer/androwarn

Needs a lot of rework to get it working as per our need. This works only from its own folder and can only store reports in its own folder formats.
This could work out if it can write the report to a different folder and doesn't need any references besides the html file / txt file. But that would require a code change.

Proposed tool: Online assessment autosubmitter and result collector

A shell script / python code which autosubmits to various online services and keep a tab when results are available.

preferably also co-related the results and agregates the list of findings or at the least list out all findings in one place where human can co-relate with them.

Todo:

  • Identify various online services that will allow online assessment
  • Identify how many will allow us to upload apk and later retrieve result.
  • Store all results in a local DB (preferably sqlite)
  • Display the data in a single page with tab's or views from each assessment website

Nice-to-have feature

  • co-relation and unique finding view.

Distributing NDK / SDK / Studio

at this point we are trying to bundle SDK NDK and Studio in the OVA file itself. However after decompression the total used space by these 3 is 3.9GB out of which
2.7GB : NDK
0.6 GB : SDK
0.5 GB : Studio

Hence its decided to go ahead with Putting SDK and Studio in this release and then creating 2 installer packages which will basically download the zip file from google servers and unzip and configure them for the users

This will reduce the size of OVA considerably.

Alternatively we can also bundle the ZIP files which will be of small sizes and should take around 1.5GB total space and an option to decompress them via a installer-script be made available on the desktop.

Meta Packages

high level packages which make various other android tamer specific / debian packages as dependencies and make them install when called.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.