v1.0.5
kelvin_ben 4 years ago
parent 2d9d45a23a
commit 21804670a9
  1. 11
      config.py
  2. 18
      libs/core/parses.py
  3. 12
      libs/task/android_task.py
  4. 4
      libs/task/ios_task.py
  5. 4
      libs/task/web_task.py
  6. 1
      requirements.txt
  7. 32
      update.md

@ -22,18 +22,16 @@ filter_strs =[
# r'/[a-z0-9A-Z]+/.*'
]
# 过滤无用的内容
# 过滤无用的内容,
filter_no = [
u'127.0.0.1',
u'0.0.0.0',
u'localhost',
u'http://schemas.android.com/apk/res/android',
u"https://",
u"http://",
r"^http://www.w3.org"
r"L.*/",
r"/.*;",
r"/.*<"
r"/.*<",
r'^http://schemas.android.com',
]
# 此处配置壳信息
@ -50,7 +48,8 @@ shell_list =[
'cn.securitystack.stee.AppStub',
'com.linchaolong.apktoolplus.jiagu.ProxyApplication',
'com.coral.util.StubApplication',
'com.mogosec.AppMgr'
'com.mogosec.AppMgr',
'io.flutter.app.FlutterApplication'
]
# 此处配置需要扫描的web文件后缀

@ -68,10 +68,9 @@ class ParsesThreads(threading.Thread):
for filter_str in config.filter_strs:
filter_str_pat = re.compile(filter_str)
filter_resl = filter_str_pat.findall(result)
# print(filter_resl)
# 过滤掉未搜索到的内容
if len(filter_resl)!=0:
# 提取第一个字符
# 提取第一个结果
resl_str = filter_resl[0]
# 过滤
if self.__filter__(resl_str) == 0:
@ -83,18 +82,27 @@ class ParsesThreads(threading.Thread):
continue
def __filter__(self,resl_str):
return_flag = 1
resl_str = resl_str.replace("\r","").replace("\n","").replace(" ","")
if len(resl_str) == 0:
return 0
# 单独处理https或者http开头的字符串
http_list =["https","https://","https:","http","http://","https:",]
for filte in http_list:
if filte == resl_str:
return 0
for filte in config.filter_no:
resl_str = resl_str.replace(filte,"")
if len(resl_str) == 0:
return 0
return_flag = 0
continue
if re.match(filte,resl_str):
return 0
return 1
return_flag = 0
continue
return return_flag
def run(self):
threadLock = threading.Lock()

@ -15,6 +15,7 @@ class AndroidTask(object):
comp_list =[]
thread_list =[]
result_dict = {}
value_list = []
def __init__(self, input, rules, net_sniffer,no_resource,package,all,threads):
self.net_sniffer = net_sniffer
@ -87,6 +88,7 @@ class AndroidTask(object):
for dir in scanner_dir_list:
scanner_dir = os.path.join(output,dir)
if os.path.exists(scanner_dir):
self.__get_scanner_file__(scanner_dir,scanner_file_suffix)
def __get_scanner_file__(self,scanner_dir,file_suffix):
@ -137,6 +139,9 @@ class AndroidTask(object):
for key,value in self.result_dict.items():
f.write(key+"\r")
for result in value:
if result in self.value_list:
continue
self.value_list.append(result)
print(result)
f.write("\t"+result+"\r")
print("For more information about the search, see: %s" %(cores.result_path))
@ -159,14 +164,11 @@ class AndroidTask(object):
am_package= re.compile(r'<manifest.*package=\"(.*?)\".*')
apackage = am_package.findall(am_str)
if len(apackage >=1):
if len(apackage) >=1:
self.packagename = apackage
am_name = re.compile(r'<application.*android:name=\"(.*?)\".*>')
aname = am_name.findall(am_str)
if aname and len(aname)>=1:
if aname[0] in config.shell_list:
self.shell_falg = True

@ -13,6 +13,7 @@ from libs.core.parses import ParsesThreads
class iOSTask(object):
thread_list =[]
value_list = []
result_dict = {}
def __init__(self,input, rules, net_sniffer,no_resource,all,threads):
@ -86,6 +87,9 @@ class iOSTask(object):
for key,value in self.result_dict.items():
f.write(key+"\r")
for result in value:
if result in self.value_list:
continue
self.value_list.append(result)
print(result)
f.write("\t"+result+"\r")
print("For more information about the search, see: %s" %(cores.result_path))

@ -14,6 +14,7 @@ from libs.core.parses import ParsesThreads
class WebTask(object):
thread_list =[]
value_list = []
result_dict = {}
def __init__(self, input, rules,all,threads):
@ -66,6 +67,9 @@ class WebTask(object):
for key,value in self.result_dict.items():
f.write(key+"\r")
for result in value:
if result in self.value_list:
continue
self.value_list.append(result)
print(result)
f.write("\t"+result+"\r")
print("For more information about the search, see: %s" %(cores.result_path))

@ -0,0 +1,32 @@
### V1.0.4
- 新增对Flutter框架检测支持
- 对输出结果整体去重
- 修复部门APK没有加固信息导致越界问题
- 修复部分APK没有资源文件导致目录找不到问题
### V1.0.3_fix
- 修复打包遗漏的app.py文件
### V1.0.3
- 新增对Android包名采集规则
- 优化结果输出规则
### V1.0.2
- 新增对WEB页面以及开源代码的静态扫描支持
- 新增Web相关静态扫描规则支持
### V1.0.1
- 新增对IPA文件的静态扫描支持
- 新增IPA相关静态扫描规则支持
- 新增对Android加固信息特征识别
### V1.0.0
- 支持目录批量扫描
- 支持DEX、APK、Smali、HTML、JS、等文件的静态资源采集
- 支持自定义扫描规则
- 支持IP地址信息采集
- 支持URL地址信息采集
- 支持中间件信息采集
- 支持多线程
- 支持忽略资源文件采集
Loading…
Cancel
Save