Closed thiagopeixoto closed 5 years ago
That looks like you're missing something, definitely.
Can you run the module again but with set debug true
and post the output here?
Cheers
Awkwardly, after i run it again with "set debug true", i got this:
scrounger analysis/android/full_analysis > options
Global Options:
Name Value
---- -----
device
output
verbose False
debug False
Module Options (analysis/android/full_analysis):
Name Required Description Current Setting
---- -------- ----------- ---------------
avd False the avd name of the emulator to test the module on emulator-5554
exploit_path True the path to use as exploit ../../../../../../../../../../../../../../etc/hosts
minsdk True minimum sdk allowed 19
exploit_query True the query to use as exploit \'
success_string True string to look for on a successful attack unrecognized token
ignore False paths to ignore, seperated by ; /com/google/;/android/support/
apk False local path to the APK file
device True the remote device 1
decompiled_apk True local folder containing the decompiled apk file ~/Scrounger/app-decompiled
libs True paths to the libraries directories lib/arm;lib/arm64
output True local output directory ~/Scrounger
identifier True application's identifier br.com.myapp
targetsdk True latests sdk 27
min_percentage True percentage of certainty required to be language 90
permissions True dangerous permissions to check for, seperated by ; android.permission.GET_TASKS;android.permission.BIND_DEVICE_ADMIN;android.permission.USE_CREDENTIALS;com.android.browser.permission.READ_HISTORY_BOOKMARKS;android.permission.PROCESS_OUTGOING_CALLS;android.permission.READ_LOGS;android.permission.READ_SMS;android.permission.READ_CALL_LOG;android.permission.RECORD_AUDIO;android.permission.MANAGE_ACCOUNTS;android.permission.RECEIVE_SMS;android.permission.RECEIVE_MMS;android.permission.WRITE_CONTACTS;android.permission.DISABLE_KEYGUARD;android.permission.WRITE_SETTINGS;android.permission.WRITE_SOCIAL_STREAM;android.permission.WAKE_LOCK
scrounger analysis/android/full_analysis > set debug true
scrounger analysis/android/full_analysis > run
2018-08-31 17:50:14 - full_analysis : Running all Android analysis modules
2018-08-31 17:50:14 - full_analysis : Validating and Running: analysis.android.delete_cached_files
2018-08-31 17:50:14 - delete_cached_files : Identifying smali directories
2018-08-31 17:50:14 - delete_cached_files : Analysing application's smali code
2018-08-31 17:50:14 - delete_cached_files : Analysing WebViews
2018-08-31 17:50:14 - full_analysis : Validating and Running: analysis.android.native_libs
2018-08-31 17:50:14 - native_libs : Identifying application's libraries
2018-08-31 17:50:16 - full_analysis : Validating and Running: analysis.android.provider_sql_injection
2018-08-31 17:50:16 - provider_sql_injection : Extracting and translating providers
2018-08-31 17:50:16 - full_analysis : Validating and Running: analysis.android.debuggable
2018-08-31 17:50:16 - manifest : Checking for AndroidManifest.xml file
2018-08-31 17:50:16 - full_analysis : Validating and Running: analysis.android.third_party_keyboards
2018-08-31 17:50:16 - third_party_keyboards : Identifying smali directories
2018-08-31 17:50:16 - third_party_keyboards : Analysing application's smali code
2018-08-31 17:50:16 - full_analysis : Validating and Running: analysis.android.root_detection
2018-08-31 17:50:16 - root_detection : Identifying smali directories
2018-08-31 17:50:16 - root_detection : Analysing application's smali code
2018-08-31 17:50:16 - full_analysis : Validating and Running: analysis.android.browsable
2018-08-31 17:50:16 - manifest : Checking for AndroidManifest.xml file
2018-08-31 17:50:16 - full_analysis : Validating and Running: analysis.android.logcat
2018-08-31 17:50:16 - logcat : Identifying smali directories
2018-08-31 17:50:16 - logcat : Analysing application's smali code
2018-08-31 17:50:16 - full_analysis : Validating and Running: analysis.android.arbitrary_redirection
2018-08-31 17:50:16 - arbitrary_redirection : Identifying smali directories
2018-08-31 17:50:16 - arbitrary_redirection : Analysing application's smali code
2018-08-31 17:50:16 - arbitrary_redirection : Analysing WebViews
2018-08-31 17:50:16 - full_analysis : Validating and Running: analysis.android.world_writable_files
2018-08-31 17:50:17 - world_writable_files : Starting the application
2018-08-31 17:50:23 - world_writable_files : Analysing application's data
2018-08-31 17:50:24 - full_analysis : Validating and Running: analysis.android.weak_ciphers
2018-08-31 17:50:24 - weak_ciphers : Identifying smali directories
2018-08-31 17:50:24 - weak_ciphers : Analysing application's smali code
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.min_sdk
2018-08-31 17:50:25 - apktool_yaml : Checking for apktool.yml file
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.permissions
2018-08-31 17:50:25 - manifest : Checking for AndroidManifest.xml file
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.emulator_detection
2018-08-31 17:50:25 - emulator_detection : Identifying smali directories
2018-08-31 17:50:25 - emulator_detection : Analysing smali code for emulator detection mechanisms
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.unencrypted_communications
2018-08-31 17:50:25 - unencrypted_communications : Identifying smali directories
2018-08-31 17:50:25 - unencrypted_communications : Analysing application's smali code
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.provider_path_traversal
2018-08-31 17:50:25 - provider_path_traversal : Extracting and translating providers
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.screenshot_prevention
2018-08-31 17:50:25 - screenshot_prevention : Identifying smali directories
2018-08-31 17:50:25 - screenshot_prevention : Analysing application's smali code
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.ssl_pinning
2018-08-31 17:50:25 - ssl_pinning : Identifying smali directories
2018-08-31 17:50:25 - ssl_pinning : Analysing application's smali for SSL evidences
2018-08-31 17:50:25 - ssl_pinning : Analysing SSL evidences
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.javascript_bridge
2018-08-31 17:50:25 - javascript_bridge : Identifying smali directories
2018-08-31 17:50:25 - javascript_bridge : Analysing application's smali code
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.latest_sdk
2018-08-31 17:50:25 - apktool_yaml : Checking for apktool.yml file
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.secret_codes
2018-08-31 17:50:25 - manifest : Checking for AndroidManifest.xml file
2018-08-31 17:50:25 - full_analysis : Validating and Running: analysis.android.encrypted_shared_preferences
2018-08-31 17:50:26 - encrypted_shared_preferences : Starting the application
2018-08-31 17:50:32 - encrypted_shared_preferences : Finding files in application's data
2018-08-31 17:50:32 - encrypted_shared_preferences : Analysing application's data
2018-08-31 17:50:32 - encrypted_shared_preferences : su: invalid uid/gid '-c' language et: 0.571426990532
2018-08-31 17:50:32 - encrypted_shared_preferences : su: invalid uid/gid '-c' language af: 0.999994675758
2018-08-31 17:50:32 - full_analysis : Validating and Running: analysis.android.world_readable_files
2018-08-31 17:50:34 - world_readable_files : Starting the application
2018-08-31 17:50:40 - world_readable_files : Analysing application's data
2018-08-31 17:50:41 - full_analysis : Validating and Running: analysis.android.allows_backups
2018-08-31 17:50:41 - manifest : Checking for AndroidManifest.xml file
2018-08-31 17:50:41 - full_analysis : Validating and Running: analysis.android.javascript_enabled
2018-08-31 17:50:41 - javascript_enabled : Identifying smali directories
2018-08-31 17:50:41 - javascript_enabled : Analysing application's smali code
2018-08-31 17:50:41 - full_analysis : Validating and Running: analysis.android.fragment_injection
2018-08-31 17:50:41 - apktool_yaml : Checking for apktool.yml file
2018-08-31 17:50:41 - full_analysis : Creating output folders
2018-08-31 17:50:41 - full_analysis : Writing results to file
[-] Exception: [Errno 2] No such file or directory: '~/Scrounger/android.analysis/results.json'
It seems like the problem has been fixed. I think now the problem is due to the usage of ~
when specifying paths. I've added support for it in the dev
branch.
Give it a try and let me know if it worked. Cheers.
Thanks for fixing this, but i got that error again.
These are my options:
Global Options:
Name Value
---- -----
device 1
output
verbose False
debug False
Module Options (analysis/android/full_analysis):
Name Required Description Current Setting
---- -------- ----------- ---------------
avd False the avd name of the emulator to test the module on
exploit_path True the path to use as exploit ../../../../../../../../../../../../../../etc/hosts
minsdk True minimum sdk allowed 19
exploit_query True the query to use as exploit \'
success_string True string to look for on a successful attack unrecognized token
ignore False paths to ignore, seperated by ; /com/google/;/android/support/
apk False local path to the APK file
device True the remote device 1
decompiled_apk True local folder containing the decompiled apk file /home/thiago/Scrounger/APK
libs True paths to the libraries directories lib/armeabi;lib/armeabi-v7a;lib/x86
output True local output directory /home/thiago/Scrounger
identifier True application's identifier br.com.myapp
targetsdk True latests sdk 27
min_percentage True percentage of certainty required to be language 90
permissions True dangerous permissions to check for, seperated by ; android.permission.GET_TASKS;android.permission.BIND_DEVICE_ADMIN;android.permission.USE_CREDENTIALS;com.android.browser.permission.READ_HISTORY_BOOKMARKS;android.permission.PROCESS_OUTGOING_CALLS;android.permission.READ_LOGS;android.permission.READ_SMS;android.permission.READ_CALL_LOG;android.permission.RECORD_AUDIO;android.permission.MANAGE_ACCOUNTS;android.permission.RECEIVE_SMS;android.permission.RECEIVE_MMS;android.permission.WRITE_CONTACTS;android.permission.DISABLE_KEYGUARD;android.permission.WRITE_SETTINGS;android.permission.WRITE_SOCIAL_STREAM;android.permission.WAKE_LOCK
And that's the error message:
2018-09-05 21:45:20 - full_analysis : Writing results to file
[-] Exception: {'exception': AttributeError("'NoneType' object has no attribute 'group'",), 'module': 'analysis.android.provider_sql_injection'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: '/home/thiago/Scrounger/APK/s'",), 'module': 'analysis.android.root_detection'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: '/home/thiago/Scrounger/APK/s'",), 'module': 'analysis.android.logcat'}
[-] Exception: {'exception': TypeError('list indices must be integers, not str',), 'module': 'analysis.android.weak_ciphers'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: '/home/thiago/Scrounger/APK/s'",), 'module': 'analysis.android.emulator_detection'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: '/home/thiago/Scrounger/APK/s'",), 'module': 'analysis.android.unencrypted_communications'}
[-] Exception: {'exception': AttributeError("'NoneType' object has no attribute 'group'",), 'module': 'analysis.android.provider_path_traversal'}
[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.ssl_pinning'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: '/home/thiago/Scrounger/APK/s'",), 'module': 'analysis.android.javascript_bridge'}
[-] Exception: {'exception': ValueError("invalid literal for int() with base 10: '/home/thiago/Scrounger/APK/s'",), 'module': 'analysis.android.javascript_enabled'}
[+] The following issues were found:
* Application Uses Native Libraries
Ops! I'm really sorry, i thought the output folders would be generated by default. After i have set the debug mode, i realized i had to created the output folders by my own. Why shouldn't it be created automatically?
I'm still having this problem:
2018-09-05 22:08:27 - full_analysis : Creating output folders
2018-09-05 22:08:27 - general : Shell Command: mkdir -p /home/thiago/Scrounger//android.analysis; exit 0
2018-09-05 22:08:27 - full_analysis : Writing results to file
[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.provider_sql_injection'}
[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.provider_path_traversal'}
[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.provider_sql_injection'}
[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.provider_path_traversal'}
[+] The following issues were found:
* Application Uses Native Libraries
* Application Does Not Check For Third-Party Keyboards
* Application Does Not Implement Root Detection
* Application Does Not Detect Emulators
* Application Does Not Implement SSL Pinning
* Application Uses Native Libraries
* Application Does Not Check For Third-Party Keyboards
* Application Does Not Implement Root Detection
* Application Does Not Detect Emulators
* Application Does Not Implement SSL Pinning
I'm trying to figure it out what's going on.
No problem. No, you should not need to create any folders on your own.
So, the problem seems to be generated from these modules: analysis.android.provider_sql_injection
and analysis.android.provider_path_traversal
. What it seems like it's happening is that those modules are looking for some files (if I recall correctly: AndroidManifest.xml
and res/values/strings.xml
) and don't seem to be able to find them.
But looking at the output all the other modules should have run without any problems and you should have gotten a json
report in /home/thiago/Scrounger/android.analysis
. Right?
Yes, i could get the json report with no problem.
Not sure if you still need help. I'm closing the issue. Let me know if you still need anything else.
Hi, I'm trying to analyze an application, but i'm getting the following error:
[-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': analysis.android.provider_sql_injection'} [-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.root_detection'} [-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.logcat'} [-] Exception: {'exception': TypeError('list indices must be integers, not str',), 'module': 'analysis.android.weak_ciphers'} [-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.emulator_detection'} [-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.unencrypted_communications'} [-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.provider_path_traversal'} [-] Exception: {'exception': IOError(2, 'No such file or directory'), 'module': 'analysis.android.ssl_pinning'} [-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.javascript_bridge'} [-] Exception: {'exception': ValueError("invalid literal for int() with base 10: './s'",), 'module': 'analysis.android.javascript_enabled'} [+] The following issues were found:
Am i missing something?
Thank you very much. :)