QARK – 安卓程序漏洞快速查找工具
顶目主页:
https://github.com/linkedin/qark
项目简介:
QARK是1个用pythoniOS木马病毒测试工具,他能够在不用安卓设备的状况下开展检测,其目地是找寻某些与安会有关的Android程序运行的木马病毒,不论是在源码或装包的程序运行。
适用木马病毒:
Inadvertently exported components
Improperly protected exported components
Intents which are vulnerable to interception or eavesdropping
Improper x.509 certificate validation
Creation of world-readable or world-writeable files
Activities which may leak data
The use of Sticky Intents
Insecurely created Pending Intents
Sending of insecure Broadcast Intents
Private keys embedded in the source
Weak or improper cryptography use
Potentially exploitable WebView configurations
Exported Preference Activities
Tapjacking
Apps which enable backups
Apps which are debuggable
Apps supporting outdated API versions, with known vulnerabilities
使用说明:
他出示两种工做方法,
互动方式立即键入指令实行只能,依据提醒键入有关叁数,开展检测,
python qark.py
2. 手動方式
在命令行中设定好必须的叁数,立即开使检测
$ python qark.py --source 1 --pathtoapk /Users/foo/qark/sampleApps/goatdroid/goatdroid.apk --exploit 1 --install 1
or
$ python qark.py --source 2 -c /Users/foo/qark/sampleApps/goatdroid/goatdroid --manifest /Users/foo/qark/sampleApps/goatdroid/goatdroid/AndroidManifest.xml --exploit 1 --install 1
輸出結果:
相关文章
- 5条评论
- 假欢怀桔2022-06-03 00:00:32
- le filesActivities which may leak dataThe use of Sticky IntentsInsecurely created Pending IntentsSending of insecure B
- 颜于邶谌2022-06-02 22:54:14
- IntentsPrivate keys embedded in the sourceWeak or improper cryptography usePotentially exploitable WebView configuratio
- 夙世等灯2022-06-03 03:19:42
- k /Users/foo/qark/sampleApps/goatdroid/goatdroid.apk --exploit 1 --install 1or$ python qark.py --s
- 南殷空枝2022-06-02 21:55:55
- able backupsApps which are debuggableApps supporting outdated API versions, with known vulnerabilities使用说明:他出示两种工做方法,互动方式立即键入指令实行只能
- 嘻友诗呓2022-06-03 03:24:50
- -exploit 1 --install 1or$ python qark.py --source 2 -c /Users/foo/qark/sampleApps/goatdroid/goatdroid --