Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bytedance/appshark
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
https://github.com/bytedance/appshark
android compliance static-analysis vulnerability
Last synced: about 1 month ago
JSON representation
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
- Host: GitHub
- URL: https://github.com/bytedance/appshark
- Owner: bytedance
- License: apache-2.0
- Created: 2022-09-01T03:39:03.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-12T03:28:25.000Z (5 months ago)
- Last Synced: 2024-04-16T04:13:37.209Z (2 months ago)
- Topics: android, compliance, static-analysis, vulnerability
- Language: Kotlin
- Homepage:
- Size: 201 MB
- Stars: 1,428
- Watchers: 19
- Forks: 155
- Open Issues: 14
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Lists
- Awesome-Pentest - appshark - Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. (Static Application Security Testing (SAST) / Metadata Tools)
- awesome-hacking-lists - bytedance/appshark - Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. (Kotlin)
README
## Document Index
- [1.overview](doc/zh/overview.md)
- [2.startup](doc/zh/startup.md)
- [3.how to write rules](doc/zh/how_to_write_rules.md)
- [4.how to find compliance problems use appshark](doc/zh/how_to_find_compliance_problem_use_appshark.md)
- [5.a path traversal game](doc/zh/path_traversal_game.md)
- [6.argument](doc/zh/argument.md)
- [7.engine config](doc/zh/EngineConfig.md)
- [8.result](doc/zh/result.md)
- [9.faq](doc/zh/faq.md)# AppShark
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
## Prerequisites
Appshark requires a specific version of JDK
-- [JDK 11](https://www.oracle.com/java/technologies/javase/jdk11-archive-downloads.html). After testing, it does not
work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue.## Building/Compiling AppShark
We assume that you are working in the root directory of the project repo. You can build the whole project with
the [gradle](https://gradle.org/) tool.```shell
$ ./gradlew build -x test
```After executing the above command, you will see an artifact file `AppShark-0.1.2-all.jar` in the directory `build/libs`.
## Running AppShark
Like the previous step, we assume that you are still in the root folder of the project. You can run the tool with
```shell
$ java -jar build/libs/AppShark-0.1.2-all.jar config/config.json5
```The `config.json5` has the following configuration contents.
```JSON
{
"apkPath": "/Users/apks/app1.apk"
}
```Each JSON has these basic field.
- apkPath: the path of the apk file to analyze
- out: the path of the output directory
- rules: specifies the rules, split by `,`. Default is all *.json files in the $rulePath directory
- rulePath: specifies the rule's parent directory, default is ./config/rules
- maxPointerAnalyzeTime: the timeout duration in seconds set for the analysis started from an entry point
- debugRule: specify the rule name that enables logging for debuggingFor more config field, please visit `net.bytedance.security.app.ArgumentConfig`
If you provide a configuration JSON file which sets the output path as `out` in the project root directory, you will
find the result file `out/results.json` after running the analysis.## Interpreting the Results
Below is an example of the `results.json`.
```JSON
{
"AppInfo": {
"AppName": "test",
"PackageName": "net.bytedance.security.app",
"min_sdk": 17,
"target_sdk": 28,
"versionCode": 1000,
"versionName": "1.0.0"
},
"SecurityInfo": {
"FileRisk": {
"unZipSlip": {
"category": "FileRisk",
"detail": "",
"model": "2",
"name": "unZipSlip",
"possibility": "4",
"vulners": [
{
"details": {
"position": "",
"Sink": "->$r31",
"entryMethod": "",
"Source": "->$r3",
"url": "/Volumes/dev/zijie/appshark-opensource/out/vuln/1-unZipSlip.html",
"target": [
"->$r3",
"pf{obj{:35=>java.lang.StringBuilder}(unknown)->@data}",
"->$r11",
"->$r31"
]
},
"hash": "ec57a2a3190677ffe78a0c8aaf58ba5aee4d2247",
"possibility": "4"
},
{
"details": {
"position": "",
"Sink": "->$r34",
"entryMethod": "",
"Source": "->$r3",
"url": "/Volumes/dev/zijie/appshark-opensource/out/vuln/2-unZipSlip.html",
"target": [
"->$r3",
"pf{obj{:33=>java.lang.StringBuilder}(unknown)->@data}",
"->$r14",
"->$r34"
]
},
"hash": "26c6d6ee704c59949cfef78350a1d9aef04c29ad",
"possibility": "4"
}
],
"wiki": "",
"deobfApk": "/Volumes/dev/zijie/appshark-opensource/app.apk"
}
}
},
"DeepLinkInfo": {
},
"HTTP_API": [
],
"JsBridgeInfo": [
],
"BasicInfo": {
"ComponentsInfo": {
},
"JSNativeInterface": [
]
},
"UsePermissions": [
],
"DefinePermissions": {
},
"Profile": "/Volumes/dev/zijie/appshark-opensource/out/vuln/3-profiler.json"
}```
# License
AppShark is licensed under the [APACHE LICENSE, VERSION 2.0](http://www.apache.org/licenses/LICENSE-2.0)
# Contact Us
Lark ![](appshark-lark.png)