QARK – 安卓程序漏洞快速查找工具

QARK – 安卓程序漏洞快速查找工具

黑客软件hacker2019-07-19 23:31:0331903A+A-

QARK – 安卓程序漏洞快速查找工具 第1张

新项目主页:

  http://github.Com/linkedin/qark

  项目概况:

  QARK是1个用pythoniOS系统漏洞检测工具,他可以在不用安卓设备的状况下开展检测,其目地是找寻某些与安全性有关的Android手机应用程序的系统漏洞,不论是在源码或装包的手机应用程序。

  适用系统漏洞:

  Inadvertently exported components

  Improperly protected exported components

  Intents which are vulnerable To interception or eavesdropping

  Improper x.509 certificate validation

  Creation of world-readable or world-writeable files

  Activities which may leak data

  The use of Sticky Intents

  Insecurely created Pending Intents

  Sending of insecure Broadcast Intents

  Private keys embedded In 则 source

  Weak or improper cryptography use

  Potentially exploitable WebView configurations

  Exported Preference Activities

  Tapjacking

  Apps which enable backups

  Apps which are debuggable

  Apps supporting outdated 接口文档 versions, with known vulnerabilities

  使用说明:

  他出示两种工作中方法,

  互动方式立即键入指令实行只能,依据提醒键入有关主要参数,开展检测,

  python qark.py

  2. 手动式方式

  在命令行中设定好必须的主要参数,立即刚开始检测

  $ python qark.py --source 1 --pathtoapk /Users/foo/qark/sampleApps/goatdroid/goatdroid.apk --exploit 1 --install 1

  or

  $ python qark.py --source 2 -c /Users/foo/qark/sampleApps/goatdroid/goatdroid --manifest /Users/foo/qark/sampleApps/goatdroid/goatdroid/AndroidManifest.xml --exploit 1 --install 1


点击这里复制本文地址 以上内容由黑资讯整理呈现,请务必在转载分享时注明本文地址!如对内容有疑问,请联系我们,谢谢!
  • 3条评论
  • 边侣绣羽2022-05-29 22:46:56
  • n qark.py --source 1 --pathtoapk /Users/foo/qark/sampleApps/goatdroid/goatdroid.apk --exploit 1 --inst
  • 末屿朻安2022-05-29 19:03:44
  •   Creation of world-readable or world-writeable files  Activities which may leak da
  • 辙弃折奉2022-05-30 02:33:05
  • --pathtoapk /Users/foo/qark/sampleApps/goatdroid/goatdroid.apk --exploit 1 --install 1  or  $ python qark.py --source 2 -c /Users/foo

支持Ctrl+Enter提交

黑资讯 © All Rights Reserved.  
Copyright Copyright 2015-2020 黑资讯
滇ICP备19002590号-1
Powered by 黑客资讯 Themes by 如有不合适之处联系我们
网站地图| 发展历程| 留言建议| 网站管理