Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/quark-engine/quark-engine
Dig Vulnerabilities in the BlackBox
https://github.com/quark-engine/quark-engine
android blackbox blackbox-testing blackhat defcon security-vulnerability-assessment vulnerability
Last synced: 3 months ago
JSON representation
Dig Vulnerabilities in the BlackBox
- Host: GitHub
- URL: https://github.com/quark-engine/quark-engine
- Owner: quark-engine
- License: gpl-3.0
- Created: 2019-10-22T01:19:27.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-03-28T02:32:57.000Z (3 months ago)
- Last Synced: 2024-03-28T03:33:23.884Z (3 months ago)
- Topics: android, blackbox, blackbox-testing, blackhat, defcon, security-vulnerability-assessment, vulnerability
- Language: Python
- Homepage: https://doc.quark-engine.com
- Size: 9.84 MB
- Stars: 1,210
- Watchers: 41
- Forks: 162
- Open Issues: 63
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-mobile-security - quark-engine - An Obfuscation-Neglect Android Malware Scoring System
- awesome-security - Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System. (Endpoint / Mobile / Android / iOS)
- android-security-awesome - Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System (Tools / Static Analysis Tools)
- awesome-malware-analysis - Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System (Detection and Classification / Other Resources)
- awesome - quark-engine/quark-engine - Dig Vulnerabilities in the BlackBox (Python)
- awesome-mobile-security - quark-engine - An Obfuscation-Neglect Android Malware Scoring System
- awesome-malware-analysis- - Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System (Detection and Classification / Other Resources)
- awesome-mobile-security - quark-engine - An Obfuscation-Neglect Android Malware Scoring System
- Awesome-Android-Reverse-Engineering - Quark Engine - The goal of Quark Script aims to provide an innovative way for mobile security researchers to analyze or pentest the targets. Based on Quark, we integrate decent tools as Quark Script APIs and make them exchange valuable intelligence to each other. (Tools / Static Analysis Tools)
- awesome_security - Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System. (Endpoint / Mobile / Android / iOS)
- awesome-hacking-lists - quark-engine/quark-engine - Dig Vulnerabilities in the BlackBox (Python)
- awesome-malware-analysis - Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System (Detection and Classification / Other Resources)
- awesome-android-security - quark-engine - An Obfuscation-Neglect Android Malware Scoring System
- venom - `Quark-Engine` - An Obfuscation-Neglect Android Malware Scoring System. (Endpoint / Mobile / Android / iOS)
- fucking-awesome-malware-analysis - Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System (Detection and Classification / Other Resources)
- fucking-android-security-awesome - Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System (Tools / Static Analysis Tools)
README
# Quark Script - Dig Vulnerabilities in the BlackBox
### Innovative & Interactive
* The goal of Quark Script aims to provide an innovative way for mobile security researchers to analyze or **pentest** the targets.
* Based on Quark, we integrate decent tools as Quark Script APIs and make them exchange valuable intelligence to each other. This enables security researchers to **interact** with staged results and perform **creative** analysis with Quark Script.### Dynamic & Static Analysis
* In Quark script, we integrate not only static analysis tools (e.g. Quark itself) but also dynamic analysis tools (e.g. [objection](https://github.com/sensepost/objection)).
### Re-Usable & Sharable
* Once the user creates a Quark script for specific analysis scenario. The script can be used in another targets. Also, the script can be shared to other security researchers. This enables the exchange of knowledges.
### More APIs to come
* Quark Script is now in a beta version. We'll keep releasing practical APIs and analysis scenarios.
* **See API document [here](https://quark-engine.readthedocs.io/en/latest/quark_script.html#introduce-of-quark-script-apis).**# CWE Showcases
* [CWE-020](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-20-in-android-application-diva-apk) Improper Input Validation
* [CWE-022](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-22-in-android-application-ovaa-apk-and-insecurebankv2-apk) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
* [CWE-023](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-23-in-android-application-ovaa-apk-and-insecurebankv2-apk) Relative Path Traversal
* [CWE-073](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-73-in-android-application-ovaa-apk) External Control of File Name or Path
* [CWE-078](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-78-in-android-application-vuldroid-apk) Improper Neutralization of Special Elements used in an OS Command
* [CWE-088](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-88-in-android-application-vuldroid-apk) Improper Neutralization of Argument Delimiters in a Command
* [CWE-089](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-89-in-android-application-androgoat-apk) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
* [CWE-094](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-94-in-android-application-ovaa-apk) Improper Control of Generation of Code ('Code Injection')
* [CWE-117](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-117-in-android-application-allsafe-apk) Improper Output Neutralization for Logs
* [CWE-295](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-295-in-android-application-insecureshop-apk) Improper Certificate Validation
* [CWE-312](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-312-in-android-application-ovaa-apk) Cleartext Storage of Sensitive Information
* [CWE-319](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-319-in-android-application-ovaa-apk) Cleartext Transmission of Sensitive Information
* [CWE-327](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-327-in-android-application-injuredandroid-apk) Use of a Broken or Risky Cryptographic Algorithm
* [CWE-328](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-328-in-android-application-allsafe-apk) Use of Weak Hash
* [CWE-338](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-338-in-android-application-pivva-apk) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
* [CWE-489](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-489-in-android-application-allsafe-apk-androgoat-apk-pivaa-apk) Active Debug Code
* [CWE-502](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-502-in-android-application-pivaa) Deserialization of Untrusted Data
* [CWE-532](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-532-in-android-application-dvba-apk) Insertion of Sensitive Information into Log File
* [CWE-601](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-601-in-android-application-ovaa) URL Redirection to Untrusted Site ('Open Redirect')File
* [CWE-749](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-749-in-android-application-mstg-android-java-apk) Exposed Dangerous Method or Function
* [CWE-780](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-780-in-android-application-mstg-android-java-apk) Use of RSA Algorithm without OAEP
* [CWE-798](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-798-in-android-application-ovaa-apk) Use of Hard-coded Credentials
* [CWE-921](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-921-in-android-application-ovaa-apk) Storage of Sensitive Data in a Mechanism without Access Control
* [CWE-925](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-925-in-android-application-insecurebankv2-androgoat) Improper Verification of Intent by Broadcast Receiver
* [CWE-926](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-926-in-android-application-dvba-apk) Improper Export of Android Application Components
* [CWE-940](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-940-in-android-application-ovaa-vuldroid) Improper Verification of Source of a Communication Channel
# Quick StartIn this section, we will show how to detect CWE-798 with Quark Script.
### Step 1: Environments Requirements
* Quark requires Python 3.8 or above.
### Step 2: Install Quark Engine
* Install Quark Engine by running:
```bash
$ pip3 install -U quark-engine
```### Step 3: Prepare Quark Script, Detection Rule and the Sample File
1. Get the CWE-798 Quark Script and the detection rule [here](https://quark-engine.readthedocs.io/en/latest/quark_script.html#detect-cwe-798-in-android-application-ovaa-apk).
2. Get the sampe file (ovaa.apk) [here](https://github.com/dark-warlord14/ovaa/releases/tag/1.0).
3. Put the script, detection rule, and sample file in the same directory.
4. Edit accordingly to the file names:```bash
SAMPLE_PATH = "ovaa.apk"
RULE_PATH = "findSecretKeySpec.json"
# Now you are ready to run the script!
```### Step 4: Run the script
```bash
$ python3 CWE-798.py# You should now see the detection result in the terminal.
Found hard-coded AES key 49u5gh249gh24985ghf429gh4ch8f23f
```* **Check the [document](https://quark-engine.readthedocs.io/en/latest/quark_script.html#quark-script) for more examples.**
# Acknowledgments
### The Honeynet Project
### Google Summer Of Code
Quark-Engine has been participating in the GSoC under the Honeynet Project!
* 2021:
* [YuShiang Dang](https://twitter.com/YushianhD): [New Rule Generation Technique & Make Quark Everywhere Among Security Open Source Projects](https://quark-engine.github.io/2021/08/17/GSoC-2021-YuShiangDang/)
* [Sheng-Feng Lu](https://twitter.com/haeter525): [Replace the core library of Quark-Engine](https://quark-engine.github.io/2021/08/17/GSoC-2021-ShengFengLu/)Stay tuned for the upcoming GSoC! Join the [Honeynet Slack chat](https://gsoc-slack.honeynet.org/) for more info.
# Core Values of Quark Engine Team
* We love **battle fields**. We embrace **uncertainties**. We challenge **impossibles**. We **rethink** everything. We change the way people think. And the most important of all, we benefit ourselves by benefit others **first**.