Androwarn
=========
Yet another static code analyzer for malicious Android applications
====================================================
Description
-----------
Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.
The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the [`androguard`](https://github.com/androguard/androguard) library.
This analysis leads to the generation of a report, according to a technical detail level chosen from the user.
Features
--------
* Structural and data flow analysis of the bytecode targeting different malicious behaviours categories
+ **Telephony identifiers exfiltration**: IMEI, IMSI, MCC, MNC, LAC, CID, operator's name...
+ **Device settings exfiltration**: software version, usage statistics, system settings, logs...
+ **Geolocation information leakage**: GPS/WiFi geolocation...
+ **Connection interfaces information exfiltration**: WiFi credentials, Bluetooth MAC adress...
+ **Telephony services abuse**: premium SMS sending, phone call composition...
+ **Audio/video flow interception**: call recording, video capture...
+ **Remote connection establishment**: socket open call, Bluetooth pairing, APN settings edit...
+ **PIM data leakage**: contacts, calendar, SMS, mails, clipboard...
+ **External memory operations**: file access on SD card...
+ **PIM data modification**: add/delete contacts, calendar events...
+ **Arbitrary code execution**: native code using JNI, UNIX command, privilege escalation...
+ **Denial of Service**: event notification deactivation, file deletion, process killing, virtual keyboard disable, terminal shutdown/reboot...
* Report generation according to several detail levels
- Essential (`-v 1`) for newbies
- Advanced (`-v 2`)
- Expert (`-v 3`)
* Report generation according to several formats
- Plaintext `txt`
- Formatted `html` from a Bootstrap template
- JSON
Usage
-----
### Options
```
usage: androwarn [-h] -i INPUT [-o OUTPUT] [-v {1,2,3}] [-r {txt,html,json}]
[-d]
[-L {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}]
[-w]
version: 1.4
optional arguments:
-h, --help show this help message and exit
-i INPUT, --input INPUT
APK file to analyze
-o OUTPUT, --output OUTPUT
Output report file (default
"./<apk_package_name>_<timestamp>.<report_type>")
-v {1,2,3}, --verbose {1,2,3}
Verbosity level (ESSENTIAL 1, ADVANCED 2, EXPERT 3)
(default 1)
-r {txt,html,json}, --report {txt,html,json}
Report type (default "html")
-d, --display-report Display analysis results to stdout
-L {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}, --log-level {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}
Log level (default "ERROR")
-w, --with-playstore-lookup
Enable online lookups on Google Play
```
### Common usage
```
$ python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3
```
By default, the report is generated in the current folder.
An HTML report is now contained in a standalone file, CSS/JS resources are inlined.
Sample application
------------------
A sample application has been built, concentrating several malicious behaviours.
The APK is available in the `_SampleApplication/bin/` folder and the HTML report is available in the `_SampleReports` folder.
Dependencies and installation
-----------------------------
* Python 3 or Python 2.7 + androguard + jinja2 + play_scraper + argparse
* The **easiest way** to setup everything: `pip install androwarn` and then directly use `$ androwarn`
* Or git clone that repository and `pip install -r requirements.txt`
Changelog
---------
* version 1.6 - 2019/05/30: Python 3 support and few fixes
* version 1.5 - 2019/01/05: few fixes
* version 1.4 - 2019/01/04: code cleanup and use of the latest androguard version
* version 1.3 - 2018/12/30: few fixes
* version 1.2 - 2018/12/30: few fixes
* version 1.1 - 2018/12/29: fixing few bugs, removing Chilkat dependencies and pip packaging
* version 1.0 - from 2012 to 2013
Contributing
-------------
You're welcome, any help is appreciated :)
Contact
------
* Thomas Debize < tdebize at mail d0t com >
* Join #androwarn on Freenode
Copyright and license
---------------------
Androwarn is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Androwarn is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with Androwarn.
If not, see http://www.gnu.org/licenses/.
Greetings
-------------
* [Stphane Coulondre](http://stephane.coulondre.info), for supervising my Final Year project
* [Anthony Desnos](https://sites.google.com/site/anthonydesnos/home), for his amazing [Androguard](https://github.com/androguard/androguard) project and his help through my Final Year project
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
共87个文件
py:34个
txt:7个
class:7个
资源分类:Python库 所属语言:Python 资源全名:androwarn-1.6.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
资源推荐
资源详情
资源评论
收起资源包目录
androwarn-1.6.tar.gz (87个子文件)
androwarn-1.6
MANIFEST.in 348B
PKG-INFO 7KB
androwarn.egg-info
PKG-INFO 7KB
requires.txt 54B
SOURCES.txt 4KB
entry_points.txt 56B
top_level.txt 10B
dependency_links.txt 1B
setup.cfg 38B
androwarn
_SampleReports
com.androwarn.sampleapplication_1559218175.txt 11KB
com.androwarn.sampleapplication_1559218171.json 10KB
com.androwarn.sampleapplication_1559218181.html 482KB
_SampleApplication
bin
classes.dex 16KB
SampleApplication.apk 21KB
classes
com
androwarn
sampleapplication
R$layout.class 433B
NativeCode.class 487B
R$attr.class 379B
R.class 504B
SampleApplication.class 16KB
R$string.class 437B
BusterReceiver.class 2KB
res
values
strings.xml 119B
layout
main.xml 400B
obj
local
armeabi
objs
nativecode
nativecode.o 24KB
nativecode.o.d 1KB
x86
objs
nativecode
nativecode.o 23KB
nativecode.o.d 1KB
build.xml 3KB
default.properties 363B
gen
com
androwarn
sampleapplication
R.java 484B
jni
Android.mk 172B
nativecode.h 577B
nativecode.c 469B
Application.mk 23B
proguard.cfg 1KB
src
com
androwarn
sampleapplication
NativeCode.java 273B
SampleApplication.java 16KB
BusterReceiver.java 948B
build.properties 696B
local.properties 441B
AndroidManifest.xml 2KB
__init__.py 162B
requirements.txt 55B
androwarn.py 4KB
warn
core
core.py 17KB
__init__.py 0B
search
malicious_behaviours
Geolocation_information.py 2KB
telephony_services.py 5KB
PIM_leakage.py 5KB
connection_interfaces.py 3KB
remote_connection.py 2KB
__init__.py 0B
Audio_video_interception.py 4KB
telephony_identifiers.py 5KB
device_settings.py 4KB
code_execution.py 3KB
search.py 2KB
api
__init__.py 0B
api.py 3KB
__init__.py 0B
apk
apk.py 2KB
__init__.py 0B
application
application.py 3KB
__init__.py 0B
manifest
__init__.py 0B
manifest.py 4KB
constants
__init__.py 0B
api_constants.py 3KB
__init__.py 0B
analysis
analysis.py 5KB
__init__.py 0B
report
report.py 10KB
__init__.py 0B
report_template
css
bootstrap.css 97KB
bootstrap-responsive.css 14KB
img
Androwarn_logo_no_text.png 9KB
Androwarn_logo_text.png 12KB
template.html 11KB
js
jquery.js 242KB
bootstrap-tab.js 3KB
ico
favicon.ico 4KB
util
util.py 6KB
__init__.py 0B
README.md 5KB
COPYING.LESSER 7KB
COPYING 34KB
setup.py 1KB
共 87 条
- 1
资源评论
挣扎的蓝藻
- 粉丝: 13w+
- 资源: 15万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于宏晶STC单片机开发ISP程序Demo-使用Y-Modem协议软件源码+文档说明资料.zip
- 基于Vue+Echarts开发的风力发电机中传感器的数据展示监控
- 新普_软包电池_三是调试工程05301.zip
- 基于python遥感毕业设计TOA深度学习反演PM2.5源码+文档说明(高分项目)
- 基于stc8A系列单片机和ov7670模块制作的人脸识别系统
- 基于python的系统设计与实现博客系统.zip
- SSH客户机Xshell资源包
- 未命名1.cpp
- AD7177-2 AD7175-2, AD7172-2 AD717X-系列芯片多路复用模数转换器驱动程序C源码.zip
- 后端框架入门掌握SpringBoot和Django等后端框架电子资源pdf
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功