添加APK文件敏感权限识别功能

3 years ago · 96f98819e5
parent 772d1bf3d6
commit 96f98819e5
5 changed files with 31 additions and 10 deletions
--- a/config.py
+++ b/config.py
@ -139,6 +139,12 @@ shell_list =[
    'io.flutter.app.FlutterApplication'
 ]

+# 此处配置Android权限信息
+apk_permissions = [
+    'android.permission.CAMERA',
+    'android.permission.READ_CONTACTS'
+]
+
 # 此处配置需要扫描的web文件后缀
 web_file_suffix =[
    "html",
--- a/libs/task/android_task.py
+++ b/libs/task/android_task.py
@ -20,6 +20,7 @@ class AndroidTask(object):
        self.packagename=""
        self.comp_list=[]
        self.file_identifier=[]
+        self.permissions = []

    def start(self):
        # 检查java环境是否存在
@ -34,7 +35,7 @@ class AndroidTask(object):
           if self.__decode_file__(input_file_path) == "error":
               raise Exception("Retrieval of this file type is not supported. Select APK file or DEX file.")
        
-        return {"comp_list":self.comp_list,"shell_flag":self.shell_flag,"file_queue":self.file_queue,"packagename":self.packagename,"file_identifier":self.file_identifier}
+        return {"comp_list":self.comp_list,"shell_flag":self.shell_flag,"file_queue":self.file_queue,"packagename":self.packagename,"file_identifier":self.file_identifier,"permissions":self.permissions}

    def __decode_file__(self,file_path):
        apktool_path = str(cores.apktool_path)
@ -143,3 +144,9 @@ class AndroidTask(object):
            if aname and len(aname)>=1:
                if aname[0] in config.shell_list:
                    self.shell_flag = True
+            
+            am_permission = re.compile(r'<uses-permission android:name="(.*)"/>')
+            ampermissions = am_permission.findall(am_str)
+            for ampermission in ampermissions:
+                if ampermission in config.apk_permissions:
+                    self.permissions.append(ampermission)
--- a/libs/task/base_task.py
+++ b/libs/task/base_task.py
@ -52,6 +52,7 @@ class BaseTask(object):
        comp_list = task_info["comp_list"]
        packagename = task_info["packagename"]
        file_identifier = task_info["file_identifier"]
+        permissions = task_info["permissions"]
        
        if shell_flag:
            print('[-] \033[3;31m Error: This application has shell, the retrieval results may not be accurate, Please remove the shell and try again!')
@ -66,7 +67,7 @@ class BaseTask(object):
            thread.join()
    
        # 结果输出中心
-        self.__print_control__(packagename,comp_list,file_identifier)
+        self.__print_control__(packagename,comp_list,file_identifier,permissions)


    def __tast_control__(self):
@ -98,7 +99,7 @@ class BaseTask(object):
            thread.start()
            self.thread_list.append(thread)

-    def __print_control__(self,packagename,comp_list,file_identifier):
+    def __print_control__(self,packagename,comp_list,file_identifier,permissions):
        txt_result_path = cores.txt_result_path
        xls_result_path = cores.xls_result_path
        all_flag = cores.all_flag
@ -108,14 +109,19 @@ class BaseTask(object):
            NetTask(self.result_dict,self.app_history_list,self.domain_history_list,file_identifier,self.threads).start()
            
        if packagename: 
-            print("[*] =========  The package name of this APP is: ===============")
+            print("[*] ========= The package name of this APP is: ===============")
            print(packagename)

        if len(comp_list) != 0:
-            print("[*] ========= Component information is as follows :===============")
+            print("[*] ========= Component information is as follows: ===============")
            for json in comp_list:
                print(json)
        
+        if len(permissions) != 0:
+            print("[*] ========= Sensitive permission information is as follows: ===============")
+            for permission in permissions:
+                print(permission)
+
        if all_flag:
            value_list = []
            with open(txt_result_path,"a+",encoding='utf-8',errors='ignore') as f:
--- a/libs/task/ios_task.py
+++ b/libs/task/ios_task.py
@ -18,6 +18,7 @@ class iOSTask(object):
        self.file_queue = Queue()
        self.shell_flag = False
        self.file_identifier= []
+        self.permissions = []
        
    def start(self):
        file_path = self.path
@ -28,7 +29,7 @@ class iOSTask(object):
            self.file_queue.put(file_path)
        else:
            raise Exception("Retrieval of this file type is not supported. Select IPA file or Mach-o file.")
-        return {"shell_flag":self.shell_flag,"file_queue":self.file_queue,"comp_list":[],"packagename":None,"file_identifier":self.file_identifier}
+        return {"shell_flag":self.shell_flag,"file_queue":self.file_queue,"comp_list":[],"packagename":None,"file_identifier":self.file_identifier,"permissions":self.permissions}

    def __get_file_header__(self,file_path):
        hex_hand = 0x0
--- a/libs/task/web_task.py
+++ b/libs/task/web_task.py
@ -16,6 +16,7 @@ class WebTask(object):
        self.path = path
        self.file_queue = Queue()
        self.file_identifier = []
+        self.permissions = []

    def start(self):
        if len(config.web_file_suffix) <=0:
@ -29,7 +30,7 @@ class WebTask(object):
                err_info = ("Retrieval of this file type is not supported. Select a file or directory with a suffix of %s" % ",".join(scanner_file_suffix))
                raise Exception(err_info)
            self.file_queue.put(self.path)
-        return {"comp_list":[],"shell_flag":False,"file_queue":self.file_queue,"packagename":None,"file_identifier":self.file_identifier}
+        return {"comp_list":[],"shell_flag":False,"file_queue":self.file_queue,"packagename":None,"file_identifier":self.file_identifier,"permissions":self.permissions}

    def __get_scanner_file__(self,scanner_dir,file_suffix):
        dir_or_files = os.listdir(scanner_dir)