https://github.com/antitree/manitree

AndroidManifest.xml security auditor
https://github.com/antitree/manitree

Last synced: 17 days ago
JSON representation

AndroidManifest.xml security auditor

• Host: GitHub
• URL: https://github.com/antitree/manitree
• Owner: antitree
• License: other
• Created: 2011-11-16T23:12:07.000Z (about 13 years ago)
• Default Branch: master
• Last Pushed: 2012-07-06T19:37:19.000Z (over 12 years ago)
• Last Synced: 2023-10-20T17:19:03.283Z (about 1 year ago)
• Language: Python
• Homepage:
• Size: 593 KB
• Stars: 71
• Watchers: 8
• Forks: 23
• Open Issues: 18
• Metadata Files:
  • Readme: README
  • License: LICENSE

Awesome Lists containing this project

README

        
Description:

This tool is designed to detect points of possible insecurities based on the AndroidManifest.xml file that is included inside each Android APK. This file defines how the app will act when installed on a device and therefore is sensitive to incorrect values. For example, when sharing a content provider it's important to grant only necessary access to either read or write. A high risk setting would be a content provider that is shared out to any other app on a device.

Requirements:

- adb - either installed in the environment path or in the current directory)

Usage:

- see ./manitree.py -h for usage options

- see ./reporter.py -h for usage options

Examples:

Run a device test:

./manitree.py -D

Run a device test on just the emulators

./manitree.py -D -e

Run a test a directory of APK's or XML files

./manitree.py -f pathtofiles/

Run a test on an individual AndroidManifest.xml file

./manitree.py -f AndroidManifest.xml

Report to the console all previous tests:

./reporter.py

Report on a specific device and save to a text file:

./reporter.py -D HTCS000001 -T output.txt

Report on a device but filter for a specific package and risk level:

./reporter.py -D HTCS00001 -p com.intrepidusgroup.app -r high

Report on all the findings with a high risk level

./reporter.py -R high