Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/bytedance/appshark

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
https://github.com/bytedance/appshark

android compliance static-analysis vulnerability

Last synced: about 1 month ago
JSON representation

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

Host: GitHub
URL: https://github.com/bytedance/appshark
Owner: bytedance
License: apache-2.0
Created: 2022-09-01T03:39:03.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-01-12T03:28:25.000Z (5 months ago)
Last Synced: 2024-04-16T04:13:37.209Z (2 months ago)
Topics: android, compliance, static-analysis, vulnerability
Language: Kotlin
Homepage:
Size: 201 MB
Stars: 1,428
Watchers: 19
Forks: 155
Open Issues: 14
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Lists

Awesome-Pentest - appshark - Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. (Static Application Security Testing (SAST) / Metadata Tools)
awesome-hacking-lists - bytedance/appshark - Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. (Kotlin)

README

        ## Document Index

- [1.overview](doc/zh/overview.md)

- [2.startup](doc/zh/startup.md)

- [3.how to write rules](doc/zh/how_to_write_rules.md)

- [4.how to find compliance problems use appshark](doc/zh/how_to_find_compliance_problem_use_appshark.md)

- [5.a path traversal game](doc/zh/path_traversal_game.md)

- [6.argument](doc/zh/argument.md)

- [7.engine config](doc/zh/EngineConfig.md)

- [8.result](doc/zh/result.md)

- [9.faq](doc/zh/faq.md)

# AppShark

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

## Prerequisites

Appshark requires a specific version of JDK

-- [JDK 11](https://www.oracle.com/java/technologies/javase/jdk11-archive-downloads.html). After testing, it does not

work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue.

## Building/Compiling AppShark

We assume that you are working in the root directory of the project repo. You can build the whole project with

the [gradle](https://gradle.org/) tool.

```shell

$ ./gradlew build  -x test 

```

After executing the above command, you will see an artifact file `AppShark-0.1.2-all.jar` in the directory `build/libs`.

## Running AppShark

Like the previous step, we assume that you are still in the root folder of the project. You can run the tool with

 ```shell

 $ java -jar build/libs/AppShark-0.1.2-all.jar  config/config.json5

 ```

The `config.json5` has the following configuration contents.

```JSON

{

  "apkPath": "/Users/apks/app1.apk"

} 

```

Each JSON has these basic field.

- apkPath: the path of the apk file to analyze

- out: the path of the output directory

- rules: specifies the rules, split by `,`. Default is all *.json files in the $rulePath directory

- rulePath: specifies the rule's parent directory, default is ./config/rules

- maxPointerAnalyzeTime: the timeout duration in seconds set for the analysis started from an entry point

- debugRule: specify the rule name that enables logging for debugging

For more config field, please visit `net.bytedance.security.app.ArgumentConfig`

If you provide a configuration JSON file which sets the output path as `out` in the project root directory, you will

find the result file `out/results.json` after running the analysis.

## Interpreting the Results

Below is an example of the `results.json`.

```JSON

{

  "AppInfo": {

    "AppName": "test",

    "PackageName": "net.bytedance.security.app",

    "min_sdk": 17,

    "target_sdk": 28,

    "versionCode": 1000,

    "versionName": "1.0.0"

  },

  "SecurityInfo": {

    "FileRisk": {

      "unZipSlip": {

        "category": "FileRisk",

        "detail": "",

        "model": "2",

        "name": "unZipSlip",

        "possibility": "4",

        "vulners": [

          {

            "details": {

              "position": "",

              "Sink": "->$r31",

              "entryMethod": "",

              "Source": "->$r3",

              "url": "/Volumes/dev/zijie/appshark-opensource/out/vuln/1-unZipSlip.html",

              "target": [

                "->$r3",

                "pf{obj{:35=>java.lang.StringBuilder}(unknown)->@data}",

                "->$r11",

                "->$r31"

              ]

            },

            "hash": "ec57a2a3190677ffe78a0c8aaf58ba5aee4d2247",

            "possibility": "4"

          },

          {

            "details": {

              "position": "",

              "Sink": "->$r34",

              "entryMethod": "",

              "Source": "->$r3",

              "url": "/Volumes/dev/zijie/appshark-opensource/out/vuln/2-unZipSlip.html",

              "target": [

                "->$r3",

                "pf{obj{:33=>java.lang.StringBuilder}(unknown)->@data}",

                "->$r14",

                "->$r34"

              ]

            },

            "hash": "26c6d6ee704c59949cfef78350a1d9aef04c29ad",

            "possibility": "4"

          }

        ],

        "wiki": "",

        "deobfApk": "/Volumes/dev/zijie/appshark-opensource/app.apk"

      }

    }

  },

  "DeepLinkInfo": {

  },

  "HTTP_API": [

  ],

  "JsBridgeInfo": [

  ],

  "BasicInfo": {

    "ComponentsInfo": {

    },

    "JSNativeInterface": [

    ]

  },

  "UsePermissions": [

  ],

  "DefinePermissions": {

  },

  "Profile": "/Volumes/dev/zijie/appshark-opensource/out/vuln/3-profiler.json"

}

```

# License

AppShark is licensed under the [APACHE LICENSE, VERSION 2.0](http://www.apache.org/licenses/LICENSE-2.0)

# Contact Us

Lark ![](appshark-lark.png)