Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Humoud/apksneeze-lab
Analyze Android APK files from a browser.
https://github.com/Humoud/apksneeze-lab
analysis android-reverse-engineering docker docker-compose flask-application yara-scanner
Last synced: about 1 month ago
JSON representation
Analyze Android APK files from a browser.
- Host: GitHub
- URL: https://github.com/Humoud/apksneeze-lab
- Owner: Humoud
- Created: 2020-08-25T13:00:18.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2020-09-29T18:22:49.000Z (almost 4 years ago)
- Last Synced: 2024-04-12T19:48:25.653Z (5 months ago)
- Topics: analysis, android-reverse-engineering, docker, docker-compose, flask-application, yara-scanner
- Language: HTML
- Homepage:
- Size: 2.3 MB
- Stars: 14
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Humoud/apksneeze-lab - Analyze Android APK files from a browser. (HTML)
README
# APKSNEEZE Lab v0.1
The project is a flask web app which allows doing basic static analysis on Android APK files from a browser.
Current features:
1. Decompile apk files with JADX
2. Zip decompiled files and download them
3. Scan apk file or decompiled code with Yara
4. View in browser specific files that matched a yara rule or download them
4. Grep decompiled files for specific grep patterns
5. Parse/detect permissions and services in manifest files
6. Download manifest files
7. Configure grep patterns and yara rules
## Requirements & Usage
The project runs on docker containers. Make sure you have docker and docker-compose installed:
1. https://docs.docker.com/get-docker/
2. https://docs.docker.com/compose/install/
Run docker compose to build the images and run the project:
`docker-compose -f local.yml up`
Or run it as daemon:
`docker-compose -f local.yml up -d`
Once the docker images are built and the containers are running, two things must be done:
1. Compile yara rules:
`docker-compose -f local.yml exec flask flask apksneeze compile`
2. Seed db (populate grep patterns):
`docker-compose -f local.yml exec flask flask apksneeze seed`
And that's it.
Now you can visit: `http://localhost:5000` to use the app.
If you want to clear the DB (excluding string patterns) you can issue a GET request to path: `/clear_all`
## Modifying Code
You can modify code on the fly since the code volume is mounted on both the web app and the worker, plus the project is running in debug mode.
## Screenshots
Here are some screenshot of running the tool against the injured android app developed by B3nac https://github.com/B3nac/InjuredAndroid. Many thanks to B3nac for this app!
Index page
Dashboard page
Report pages:
Viewing matched yara rules:
View code from file with matched a yara rule:
Yara rules configuration:
Grep patterns configuration:
## Containers
The project uses 4 docker containers:
1. Alpine python (web app)
2. Alpine OpenJDK (worker)
3. Redis
4. Postgres
## Notes
File hashes, apk file sizes, yara rule matches, and grep matches are all stored in a postgresql DB running on one of the docker containers. Also, decompiled files and uploaded apks are stored in the `/storage` directory. The more you use this project, the more data you will accumulate. After that you can get creative with that data.
The worker currenly uses the same code that the flask app is using, perhaps reducing the code and depedencies will result in a lighter image.
## Disclaimer
Just in case: I do not recommend running this in production or on sensitive machines for obvious reasons (look at the code, it can easily be abused). Launch it on a lab/test machine, do analysis, close it.
Usage of APKSneeze Lab for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.