├── .gitignore ├── README.md └── moblizer /.gitignore: -------------------------------------------------------------------------------- 1 | *.py[cod] 2 | 3 | # C extensions 4 | *.so 5 | 6 | # Packages 7 | *.egg 8 | *.egg-info 9 | dist 10 | build 11 | eggs 12 | parts 13 | bin 14 | var 15 | sdist 16 | develop-eggs 17 | .installed.cfg 18 | lib 19 | lib64 20 | __pycache__ 21 | 22 | # Installer logs 23 | pip-log.txt 24 | 25 | # Unit test / coverage reports 26 | .coverage 27 | .tox 28 | nosetests.xml 29 | 30 | # Translations 31 | *.mo 32 | 33 | # Mr Developer 34 | .mr.developer.cfg 35 | .project 36 | .pydevproject 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Android-Testing: 2 | =============== 3 | 4 | # M0blizer: 5 | =============== 6 | 7 | Moblizer helps you do static analysis of any android application or .apk file. As it is a very premature tool we have included very limited functionality such as information disclosure automation from the source code of the .apk file. And there are certain limitations but still we are useing it in our daily pentesting projects and it helped us saving lots of time and decreases our effort. Hope it will help you also. 8 | 9 | 10 | Pre-Requiusites: 11 | ---------------- 12 | 1. apk tool installed in your system. 13 | 2. python 2.x installed. 14 | 15 | 16 | How to use Moblizer: 17 | -------------------- 18 | 1. Copy moblizer.py to the apk tool directory. 19 | 2. Copy your .apk file to the same path. 20 | 3. Run moblizer.py using commandline. Then it will ask you to provide your apk file name. 21 | 4. Just provide your apk file name. 22 | 5. It will fetch all the codes which contains any sensitive keyword such as email, ip, username etc and put it in logfile.log where you can analyze all those. 23 | 6. It also provides you Manifest permission details in the logfile itself. 24 | -------------------------------------------------------------------------------- /moblizer: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sys 3 | import time 4 | import fnmatch 5 | import os 6 | import re 7 | import time 8 | import re 9 | from subprocess import call 10 | from xml.dom.minidom import parseString 11 | 12 | print "#################################################################################################################" 13 | print "# . . . . #" 14 | print "# #" 15 | print "# . @@@@@A . ,@S . A@ . . . . .A@#@@@ #" 16 | print "# . @@ @G . .@r . X@ . @@ . . &@ @@ #" 17 | print "# :@A@. A@ @@ @A@2 @h@H@M@, . S@ . . ,@#@B@A@A@, . @@ @#@#@#@2 #" 18 | print "# ,@. S@ &@ M# @B @i @; r@. s@ . @#Mh . :@, . #@#@ @G ,@i #" 19 | print "# .@ 5@ M@ @@MB. @2 @; r@. S@ . ,.@# . @,. . ., 9G @G ; #" 20 | print "# @ i@ 3@ @@ @X @: ;@. s@ . @G . #,. . 5@ @@ @9 #" 21 | print "# ,@. .i #@ ::iihX&rr, @&HS#iB,i 9@5A3AG&GA . Gi@@G5 . .@3@22rMS@. . ;h5H2G5X;r @@ #" 22 | print "# h ;2 X23S3; . 2;AsArA . ,Ss9592XX3 . 3ir;9i . .M;s;GrAs#. . s&S3S2 Sr #" 23 | print "# #" 24 | print "# #" 25 | print "#################################################################################################################" 26 | print "# #" 27 | print "# Credits: Sudhanshu Chauhan, Nutan Kumar Panda, Shubham Mittal #" 28 | print "# #" 29 | print "#################################################################################################################" 30 | 31 | class Logger(object): 32 | def __init__(self): 33 | self.terminal = sys.stdout 34 | self.log = open("logfile.log", "a") 35 | 36 | def write(self, message): 37 | self.terminal.write(message) 38 | self.log.write(message) 39 | 40 | sys.stdout = Logger() 41 | 42 | count=0 43 | b = raw_input("Enter apk filename: ") 44 | print "" 45 | print "" 46 | print "Test started for "+b 47 | call(['apktool','d',b]) 48 | flist=[] 49 | dirp=b.strip('.apk') 50 | rootpath="./"+dirp 51 | ip = re.compile('((?:\d{1,3}\.){3}\d{1,3})') 52 | email=re.compile('([\w.]+)@([\w.]+)') 53 | simlist=["pwlist","sql","dbconnect","dbname","username","pass","passwd","pwd","user","IMEI","connecTodb","dbname","server","API", "apikey","api","ftp:"] 54 | relist=[ip,email] 55 | for path,name,fname in os.walk(rootpath): 56 | for fn in fname: 57 | q=path+"/"+fn 58 | flist.append(q) 59 | 60 | extrm=['.xml','.smali','.yml'] 61 | for sl in simlist: 62 | relist.extend([re.compile(sl)]) 63 | 64 | for fl in flist: 65 | if any(ext in fl for ext in extrm): 66 | count=0 67 | for line in open(fl, "r").readlines(): 68 | count=count+1 69 | for lv in relist: 70 | match = lv.findall(line, re.IGNORECASE) 71 | for mat in match: 72 | print "" 73 | print 'File: ',fl 74 | print 'String ',"'",mat,"'",'at line number',count 75 | print 'Line: ',line 76 | 77 | print "" 78 | print "" 79 | print "Manifest Permissions:" 80 | manifile=rootpath+"/AndroidManifest.xml" 81 | file = open(manifile,'r') 82 | data = file.read() 83 | file.close() 84 | dom = parseString(data) 85 | xmlTag = dom.getElementsByTagName('uses-permission')[0].toxml() 86 | print xmlTag 87 | print "" 88 | print "" 89 | print "-----------------------------------------------------------------------------------------------------" 90 | print "Test Completed for "+b 91 | print "-----------------------------------------------------------------------------------------------------" 92 | print "" 93 | print "" 94 | --------------------------------------------------------------------------------