添加APK文件敏感权限识别功能

config.py

@@ -139,6 +139,12 @@ shell_list =[
     'io.flutter.app.FlutterApplication'
 ]
 
+# 此处配置Android权限信息
+apk_permissions = [
+    'android.permission.CAMERA',
+    'android.permission.READ_CONTACTS'
+]
+
 # 此处配置需要扫描的web文件后缀
 web_file_suffix =[
     "html",

libs/task/android_task.py

@@ -20,7 +20,8 @@ class AndroidTask(object):
         self.packagename=""
         self.comp_list=[]
         self.file_identifier=[]
-        
+        self.permissions = []
+
     def start(self):
         # 检查java环境是否存在
         if os.system("java -version") !=0 :
@@ -34,7 +35,7 @@ class AndroidTask(object):
            if self.__decode_file__(input_file_path) == "error":
                raise Exception("Retrieval of this file type is not supported. Select APK file or DEX file.")
         
-        return {"comp_list":self.comp_list,"shell_flag":self.shell_flag,"file_queue":self.file_queue,"packagename":self.packagename,"file_identifier":self.file_identifier}
+        return {"comp_list":self.comp_list,"shell_flag":self.shell_flag,"file_queue":self.file_queue,"packagename":self.packagename,"file_identifier":self.file_identifier,"permissions":self.permissions}
 
     def __decode_file__(self,file_path):
         apktool_path = str(cores.apktool_path)
@@ -142,4 +143,10 @@ class AndroidTask(object):
             aname = am_name.findall(am_str)
             if aname and len(aname)>=1:
                 if aname[0] in config.shell_list:
-                    self.shell_flag = True
+                    self.shell_flag = True
+            
+            am_permission = re.compile(r'<uses-permission android:name="(.*)"/>')
+            ampermissions = am_permission.findall(am_str)
+            for ampermission in ampermissions:
+                if ampermission in config.apk_permissions:
+                    self.permissions.append(ampermission)

libs/task/base_task.py

@@ -52,6 +52,7 @@ class BaseTask(object):
         comp_list = task_info["comp_list"]
         packagename = task_info["packagename"]
         file_identifier = task_info["file_identifier"]
+        permissions = task_info["permissions"]
         
         if shell_flag:
             print('[-] \033[3;31m Error: This application has shell, the retrieval results may not be accurate, Please remove the shell and try again!')
@@ -66,7 +67,7 @@ class BaseTask(object):
             thread.join()
     
         # 结果输出中心
-        self.__print_control__(packagename,comp_list,file_identifier)
+        self.__print_control__(packagename,comp_list,file_identifier,permissions)
 
 
     def __tast_control__(self):
@@ -98,7 +99,7 @@ class BaseTask(object):
             thread.start()
             self.thread_list.append(thread)
 
-    def __print_control__(self,packagename,comp_list,file_identifier):
+    def __print_control__(self,packagename,comp_list,file_identifier,permissions):
         txt_result_path = cores.txt_result_path
         xls_result_path = cores.xls_result_path
         all_flag = cores.all_flag
@@ -108,14 +109,19 @@ class BaseTask(object):
             NetTask(self.result_dict,self.app_history_list,self.domain_history_list,file_identifier,self.threads).start()
             
         if packagename: 
-            print("[*] =========  The package name of this APP is: ===============")
+            print("[*] ========= The package name of this APP is: ===============")
             print(packagename)
 
         if len(comp_list) != 0:
-            print("[*] ========= Component information is as follows :===============")
+            print("[*] ========= Component information is as follows: ===============")
             for json in comp_list:
                 print(json)
         
+        if len(permissions) != 0:
+            print("[*] ========= Sensitive permission information is as follows: ===============")
+            for permission in permissions:
+                print(permission)
+
         if all_flag:
             value_list = []
             with open(txt_result_path,"a+",encoding='utf-8',errors='ignore') as f:

libs/task/ios_task.py

@@ -18,7 +18,8 @@ class iOSTask(object):
         self.file_queue = Queue()
         self.shell_flag = False
         self.file_identifier= []
-
+        self.permissions = []
+        
     def start(self):
         file_path = self.path
         if file_path.split(".")[-1] == 'ipa':
@@ -28,7 +29,7 @@ class iOSTask(object):
             self.file_queue.put(file_path)
         else:
             raise Exception("Retrieval of this file type is not supported. Select IPA file or Mach-o file.")
-        return {"shell_flag":self.shell_flag,"file_queue":self.file_queue,"comp_list":[],"packagename":None,"file_identifier":self.file_identifier}
+        return {"shell_flag":self.shell_flag,"file_queue":self.file_queue,"comp_list":[],"packagename":None,"file_identifier":self.file_identifier,"permissions":self.permissions}
 
     def __get_file_header__(self,file_path):
         hex_hand = 0x0

libs/task/web_task.py

@@ -16,6 +16,7 @@ class WebTask(object):
         self.path = path
         self.file_queue = Queue()
         self.file_identifier = []
+        self.permissions = []
 
     def start(self):
         if len(config.web_file_suffix) <=0:
@@ -29,7 +30,7 @@ class WebTask(object):
                 err_info = ("Retrieval of this file type is not supported. Select a file or directory with a suffix of %s" % ",".join(scanner_file_suffix))
                 raise Exception(err_info)
             self.file_queue.put(self.path)
-        return {"comp_list":[],"shell_flag":False,"file_queue":self.file_queue,"packagename":None,"file_identifier":self.file_identifier}
+        return {"comp_list":[],"shell_flag":False,"file_queue":self.file_queue,"packagename":None,"file_identifier":self.file_identifier,"permissions":self.permissions}
 
     def __get_scanner_file__(self,scanner_dir,file_suffix):
         dir_or_files = os.listdir(scanner_dir)