QARK – 安卓程序漏洞快速查找工具
新项目主页:
http://github.Com/linkedin/qark
项目概况:
QARK是1个用pythoniOS系统漏洞检测工具,他可以在不用安卓设备的状况下开展检测,其目地是找寻某些与安全性有关的Android手机应用程序的系统漏洞,不论是在源码或装包的手机应用程序。
适用系统漏洞:
Inadvertently exported components
Improperly protected exported components
Intents which are vulnerable To interception or eavesdropping
Improper x.509 certificate validation
Creation of world-readable or world-writeable files
Activities which may leak data
The use of Sticky Intents
Insecurely created Pending Intents
Sending of insecure Broadcast Intents
Private keys embedded In 则 source
Weak or improper cryptography use
Potentially exploitable WebView configurations
Exported Preference Activities
Tapjacking
Apps which enable backups
Apps which are debuggable
Apps supporting outdated 接口文档 versions, with known vulnerabilities
使用说明:
他出示两种工作中方法,
互动方式立即键入指令实行只能,依据提醒键入有关主要参数,开展检测,
python qark.py
2. 手动式方式
在命令行中设定好必须的主要参数,立即刚开始检测
$ python qark.py --source 1 --pathtoapk /Users/foo/qark/sampleApps/goatdroid/goatdroid.apk --exploit 1 --install 1
or
$ python qark.py --source 2 -c /Users/foo/qark/sampleApps/goatdroid/goatdroid --manifest /Users/foo/qark/sampleApps/goatdroid/goatdroid/AndroidManifest.xml --exploit 1 --install 1
相关文章
- 3条评论
- 边侣绣羽2022-05-29 22:46:56
- n qark.py --source 1 --pathtoapk /Users/foo/qark/sampleApps/goatdroid/goatdroid.apk --exploit 1 --inst
- 末屿朻安2022-05-29 19:03:44
- Creation of world-readable or world-writeable files Activities which may leak da
- 辙弃折奉2022-05-30 02:33:05
- --pathtoapk /Users/foo/qark/sampleApps/goatdroid/goatdroid.apk --exploit 1 --install 1 or $ python qark.py --source 2 -c /Users/foo