Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less than 2 minutes per scan in average) and more accurate.
F E A T U R E S :
-Find security vulnerabilities in an Android app
-Check if the code is missing best practices
-Check dangerous shell commands (e.g. “su”)
-Collect Information from millions of apps
-Check the app’s security protection (marked as <Hacker>, designed for app repackaging hacking)
FOR LINUX - Termux (root)
1) CLONE https://github.com/AndroBugs/AndroBugs_Framework
2) cd AndroBugs_Framework
3) python androbugs.py -f [APK file]
> python androbugs.py -h
Usage of Massive Analysis Tools for Unix/Linux
Prerequisite: Setup MongoDB and config your own MongoDB settings in "androbugs-db.cfg"
4) To run the massive analysis for AndroBugs Framework:####
> python AndroBugs_MassiveAnalysis.py -b [Your_Analysis_Number] -t [Your_Analysis_Tag] -d [APKs input directory] -o [Report output directory]
Example:
5) To get the summary report and all the vectors of massive analysis:
> python AndroBugs_MassiveAnalysis.py -b 20151112 -t BlackHat -d ~/All_Your_Apps/ -o ~/Massive_Analysis_Reports
python AndroBugs_ReportSummary.py -m massive -b [Your_Analysis_Number] -t [Your_Analysis_Tag]
Example:
> python AndroBugs_ReportSummary.py -m massive -b 20151112 -t BlackHat
6) To list the potentially vulnerable apps by Vector ID and Severity Level (Log Level):####
python AndroBugs_ReportByVectorKey.py -v [Vector ID] -l [Log Level] -b [Your_Analysis_Number] -t [Your_Analysis_Tag]
python AndroBugs_ReportByVectorKey.py -v [Vector ID] -l [Log Level] -b [Your_Analysis_Number] -t [Your_Analysis_Tag] -a
Example:
7) python AndroBugs_ReportByVectorKey.py -v WEBVIEW_RCE -l Critical -b 20151112 -t BlackHat
python AndroBugs_ReportByVectorKey.py -v WEBVIEW_RCE -l Critical -b 20151112 -t BlackHat -a
I have not tested it with termux, with kali linux it works
0 Comments