From 21804670a9940bf3e34bc65fe6db4c7cb639427f Mon Sep 17 00:00:00 2001 From: kelvin_ben <> Date: Sun, 26 Jul 2020 14:06:21 +0800 Subject: [PATCH] fix bug --- config.py | 11 +++++------ libs/core/parses.py | 18 +++++++++++++----- libs/task/android_task.py | 18 ++++++++++-------- libs/task/ios_task.py | 4 ++++ libs/task/web_task.py | 4 ++++ requirements.txt | 1 + update.md | 32 ++++++++++++++++++++++++++++++++ 7 files changed, 69 insertions(+), 19 deletions(-) create mode 100644 requirements.txt diff --git a/config.py b/config.py index 26d8b1d..5b19ffc 100644 --- a/config.py +++ b/config.py @@ -22,18 +22,16 @@ filter_strs =[ # r'/[a-z0-9A-Z]+/.*' ] -# 过滤无用的内容 +# 过滤无用的内容, filter_no = [ u'127.0.0.1', u'0.0.0.0', u'localhost', - u'http://schemas.android.com/apk/res/android', - u"https://", - u"http://", r"^http://www.w3.org" r"L.*/", r"/.*;", - r"/.*<" + r"/.*<", + r'^http://schemas.android.com', ] # 此处配置壳信息 @@ -50,7 +48,8 @@ shell_list =[ 'cn.securitystack.stee.AppStub', 'com.linchaolong.apktoolplus.jiagu.ProxyApplication', 'com.coral.util.StubApplication', - 'com.mogosec.AppMgr' + 'com.mogosec.AppMgr', + 'io.flutter.app.FlutterApplication' ] # 此处配置需要扫描的web文件后缀 diff --git a/libs/core/parses.py b/libs/core/parses.py index 9852efe..9e86cb1 100644 --- a/libs/core/parses.py +++ b/libs/core/parses.py @@ -68,10 +68,9 @@ class ParsesThreads(threading.Thread): for filter_str in config.filter_strs: filter_str_pat = re.compile(filter_str) filter_resl = filter_str_pat.findall(result) - # print(filter_resl) # 过滤掉未搜索到的内容 if len(filter_resl)!=0: - # 提取第一个字符 + # 提取第一个结果 resl_str = filter_resl[0] # 过滤 if self.__filter__(resl_str) == 0: @@ -83,18 +82,27 @@ class ParsesThreads(threading.Thread): continue def __filter__(self,resl_str): + return_flag = 1 resl_str = resl_str.replace("\r","").replace("\n","").replace(" ","") if len(resl_str) == 0: return 0 + # 单独处理https或者http开头的字符串 + http_list =["https","https://","https:","http","http://","https:",] + for filte in http_list: + if filte == resl_str: + return 0 + for filte in config.filter_no: resl_str = resl_str.replace(filte,"") if len(resl_str) == 0: - return 0 + return_flag = 0 + continue if re.match(filte,resl_str): - return 0 - return 1 + return_flag = 0 + continue + return return_flag def run(self): threadLock = threading.Lock() diff --git a/libs/task/android_task.py b/libs/task/android_task.py index 327a0ad..c296fef 100644 --- a/libs/task/android_task.py +++ b/libs/task/android_task.py @@ -15,6 +15,7 @@ class AndroidTask(object): comp_list =[] thread_list =[] result_dict = {} + value_list = [] def __init__(self, input, rules, net_sniffer,no_resource,package,all,threads): self.net_sniffer = net_sniffer @@ -87,7 +88,8 @@ class AndroidTask(object): for dir in scanner_dir_list: scanner_dir = os.path.join(output,dir) - self.__get_scanner_file__(scanner_dir,scanner_file_suffix) + if os.path.exists(scanner_dir): + self.__get_scanner_file__(scanner_dir,scanner_file_suffix) def __get_scanner_file__(self,scanner_dir,file_suffix): dir_or_files = os.listdir(scanner_dir) @@ -137,6 +139,9 @@ class AndroidTask(object): for key,value in self.result_dict.items(): f.write(key+"\r") for result in value: + if result in self.value_list: + continue + self.value_list.append(result) print(result) f.write("\t"+result+"\r") print("For more information about the search, see: %s" %(cores.result_path)) @@ -159,14 +164,11 @@ class AndroidTask(object): am_package= re.compile(r'=1): + if len(apackage) >=1: self.packagename = apackage am_name = re.compile(r'') aname = am_name.findall(am_str) - if aname[0] in config.shell_list: - self.shell_falg = True - - - - + if aname and len(aname)>=1: + if aname[0] in config.shell_list: + self.shell_falg = True \ No newline at end of file diff --git a/libs/task/ios_task.py b/libs/task/ios_task.py index 26480ca..2c4c477 100644 --- a/libs/task/ios_task.py +++ b/libs/task/ios_task.py @@ -13,6 +13,7 @@ from libs.core.parses import ParsesThreads class iOSTask(object): thread_list =[] + value_list = [] result_dict = {} def __init__(self,input, rules, net_sniffer,no_resource,all,threads): @@ -86,6 +87,9 @@ class iOSTask(object): for key,value in self.result_dict.items(): f.write(key+"\r") for result in value: + if result in self.value_list: + continue + self.value_list.append(result) print(result) f.write("\t"+result+"\r") print("For more information about the search, see: %s" %(cores.result_path)) diff --git a/libs/task/web_task.py b/libs/task/web_task.py index 09ad443..fc138ac 100644 --- a/libs/task/web_task.py +++ b/libs/task/web_task.py @@ -14,6 +14,7 @@ from libs.core.parses import ParsesThreads class WebTask(object): thread_list =[] + value_list = [] result_dict = {} def __init__(self, input, rules,all,threads): @@ -66,6 +67,9 @@ class WebTask(object): for key,value in self.result_dict.items(): f.write(key+"\r") for result in value: + if result in self.value_list: + continue + self.value_list.append(result) print(result) f.write("\t"+result+"\r") print("For more information about the search, see: %s" %(cores.result_path)) diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..b98f660 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +click \ No newline at end of file diff --git a/update.md b/update.md index e69de29..eafd655 100644 --- a/update.md +++ b/update.md @@ -0,0 +1,32 @@ +### V1.0.4 +- 新增对Flutter框架检测支持 +- 对输出结果整体去重 +- 修复部门APK没有加固信息导致越界问题 +- 修复部分APK没有资源文件导致目录找不到问题 + +### V1.0.3_fix +- 修复打包遗漏的app.py文件 + +### V1.0.3 +- 新增对Android包名采集规则 +- 优化结果输出规则 + +### V1.0.2 +- 新增对WEB页面以及开源代码的静态扫描支持 +- 新增Web相关静态扫描规则支持 + +### V1.0.1 +- 新增对IPA文件的静态扫描支持 +- 新增IPA相关静态扫描规则支持 +- 新增对Android加固信息特征识别 + + +### V1.0.0 +- 支持目录批量扫描 +- 支持DEX、APK、Smali、HTML、JS、等文件的静态资源采集 +- 支持自定义扫描规则 +- 支持IP地址信息采集 +- 支持URL地址信息采集 +- 支持中间件信息采集 +- 支持多线程 +- 支持忽略资源文件采集