{% extends "base/base_layout.html" %} {% load static %} {% block sidebar_option %} sidebar-mini {% endblock %} {% block extra_css %} {% endblock %} {% block sidebar %} {% endblock %} {% block content %}

APP 得分

{% if app_type not in 'so' %} {% if icon_hidden %} Hidden Icon! {% endif %}

{% if average_cvss %} 平均 CVSS {{ average_cvss }}
{% endif %} 安全分 {{ appsec.security_score }}/100
{% endif %} {% if trackers.detected_trackers > 0 %} 追踪器 {{ trackers.detected_trackers }}/{{ trackers.total_trackers }}
{% else %} 追踪器 {{ trackers.detected_trackers }}/{{ trackers.total_trackers }}
{% endif %} {% if virus_total and virus_total.items|length > 9 %} {% if virus_total.positives > 0 %} 病毒总数检测 {{ virus_total.positives }}/{{ virus_total.total }}
{% else %} 病毒总数检测 {{ virus_total.positives }}/{{ virus_total.total }}
{% endif %} {% endif %}

{% if app_type not in 'so' %}

MobSF 评分卡

{% endif %}

文件信息

File Name {{ file_name }}
Size {{ size }}
MD5 {{ md5 }}
SHA1 {{ sha1 }}
SHA256 {{ sha256 }}
{% if app_type not in 'jar,aar,so' %}

APP 信息

App Name {{ app_name }}
Package Name {{ package_name }}
Main Activity {{ main_activity }}
Target SDK {{ target_sdk }} Min SDK {{ min_sdk }} Max SDK {{ max_sdk }}
Android Version Name {{ version_name }} Android Version Code {{ version_code }}
{% endif %}
{% if not playstore_details.error %}

Google Play商店信息

Title {{ playstore_details.title }}
Score {{ playstore_details.score}} Installs {{ playstore_details.installs }} Price {{ playstore_details.price }} Android Version Support {{ playstore_details.androidVersionText }} Category {{ playstore_details.genre }} Play Store URL {{ package_name }}
Developer {{playstore_details.developer}}, Developer ID {{playstore_details.developerId}}
Developer Address {{playstore_details.developerAddress}}
Developer Website {{playstore_details.developerWebsite}}
Developer Email {{playstore_details.developerEmail}}
Release Date {{ playstore_details.released }} Privacy Policy Privacy link
Description
{{ playstore_details.description }}
{% endif %}
{% if app_type not in 'jar,aar,so' %}

{{ activities | length }}

Activities组件

查看

{{ services | length }}

Services组件

查看

{{ receivers | length }}

Receivers组件

查看

{{ providers | length }}

Providers组件

查看
已导出
Activities组件
{{ exported_count.exported_activities }}
已导出
Services组件
{{ exported_count.exported_services }}
已导出
Receivers组件
{{ exported_count.exported_receivers }}
已导出
Providers组件
{{exported_count.exported_providers}}
{% endif %}

扫描选项

重新扫描 {% if app_type in 'so' %} 下载 {{ app_type | upper}} {% endif %} {% if app_type not in 'so' %} 管理抑制 {% endif %}

{% if app_type not in 'jar,aar,so' %}

启动动态分析

{% endif %}
{% if app_type not in 'so' %}

反编译代码

{% if app_type not in 'jar' %} 查看 AndroidManifest.xml {% endif %} 查看源代码 {% if app_type not in 'jar,aar' %} 查看 Smali {% endif %}

下载 Java Code {% if app_type not in 'jar,aar' %} 下载 Smali 代码 {% endif %} 下载 {{ app_type | upper}} {% if app_type in 'jar,aar' %}

{% for _, value in apkid.items %} {% if value %} The binary might be obfuscated. LocalVariableTable is absent in class file. {% else %} The binary might not be obfuscated. LocalVariableTable is present in class file. {% endif %} {% endfor %}

{% endif %}

{% endif %}
{% if app_type not in 'so' %}

签名证书

{% if certificate_analysis %}
{{ certificate_analysis.certificate_info }}
{% else %} Failed to read Code Signing Certificate. {% endif %}

申请权限

{% for perm,desc in permissions.items %} {% endfor %}
权限 状态 信息 描述
{{ perm }} {% if desc.status == 'dangerous' %} 危险 {% elif desc.status == 'normal' %} 正常 {% elif desc.status == 'signatureOrSystem' %} 签名系统 {% elif desc.status == 'signature' %} 签名 {% elif desc.status == 'unknown' %} 未知 {% endif %} {{ desc.info }} {{ desc.description }}

安卓 API

{% for rule, details in android_api.items %} {% endfor %}
API 文件
{{ details.metadata.description }} {% for file_path, lines in details.files.items %} {{ file_path }}
{% endfor %}

查看 Activities

{% for activity,intent_details in browsable_activities.items %}
ACTIVITY INTENT
{{activity}} {% if intent_details|key:"schemes" %} Schemes: {% for scheme in intent_details|key:"schemes" %} {{scheme}}, {% endfor %}
{% endif %} {% if intent_details|key:"hosts" %} Hosts: {% for host in intent_details|key:"hosts" %} {{host}}, {% endfor %}
{% endif %} {% if intent_details|key:"ports" %} Ports: {% for port in intent_details|key:"ports" %} {{port}}, {% endfor %}
{% endif %} {% if intent_details|key:"mime_types" %} Mime Types: {% for mime in intent_details|key:"mime_types" %} {{mime}}, {% endfor %}
{% endif %} {% if intent_details|key:"paths" %} Paths: {% for path in intent_details|key:"paths" %} {{path}}, {% endfor %}
{% endif %} {% if intent_details|key:"path_prefixs" %} Path Prefixes: {% for prefix in intent_details|key:"path_prefixs" %} {{prefix}}, {% endfor %}
{% endif %} {% if intent_details|key:"path_patterns" %} Path Patterns: {% for pattern in intent_details|key:"path_patterns" %} {{pattern}}, {% endfor %}
{% endif %} {% endfor %}

网络安全

{% if network_security and 'network_summary' in network_security and network_security.network_summary|length > 0 %}
危险
{{ network_security.network_summary.high }}
警告
{{ network_security.network_summary.warning }}
普通
{{ network_security.network_summary.info }}
安全
{{ network_security.network_summary.secure }}
{% endif %} {% if network_security and 'network_findings' in network_security %} {% for item in network_security.network_findings %} {% endfor %} {% endif %}
编号 范围 严重度 描述
{{ forloop.counter }} {% for url in item.scope %} {{ url }}
{% endfor %}
{% if item.severity == "high" %} 危险 {% elif item.severity == "secure" %} 安全 {% elif item.severity == "info" %} 普通 {% elif item.severity == "warning" %} 警告 {% endif %} {{item.description }}

证书分析

{% if certificate_analysis and 'certificate_summary' in certificate_analysis and certificate_analysis.certificate_summary|length > 0 %}
危险
{{ certificate_analysis.certificate_summary.high }}
警告
{{ certificate_analysis.certificate_summary.warning }}
普通
{{ certificate_analysis.certificate_summary.info }}
{% endif %} {% if certificate_analysis and 'certificate_findings' in certificate_analysis %} {% for find in certificate_analysis.certificate_findings %} {% endfor %} {% endif %}
标题 严重度 描述
{{ find.2 }} {% if find.0 == 'high' %} 危险 {% elif find.0 == 'secure' %} 安全 {% elif find.0 == 'warning' %} 警告 {% elif find.0 == 'info' %} 普通 {% endif %} {{ find.1 }}

Manifest 目录清单分析

{% if manifest_analysis and 'manifest_summary' in manifest_analysis and manifest_analysis.manifest_summary|length > 0%}
危险
{{ manifest_analysis.manifest_summary.high }}
警告
{{ manifest_analysis.manifest_summary.warning }}
普通
{{ manifest_analysis.manifest_summary.info }}
被抑制的
{{ manifest_analysis.manifest_summary.suppressed }}
{% endif %} {% if manifest_analysis and 'manifest_findings' in manifest_analysis %} {% for item in manifest_analysis.manifest_findings %} {% endfor %} {% endif %}
编号 问题 严重度 描述 选项
{{ forloop.counter }} {{item|key:"title" | safe}} {% if item|key:"severity" == "high" %} 危险 {% elif item|key:"severity" == "info" %} 普通 {% elif item|key:"severity" == "warning" %} 警告 {% endif %} {{item|key:"description"}}

代码分析

{% if code_analysis and 'summary' in code_analysis and code_analysis.summary|length > 0 %}
危险
{{ code_analysis.summary.high }}
警告
{{ code_analysis.summary.warning }}
普通
{{ code_analysis.summary.info }}
安全
{{ code_analysis.summary.secure }}
被抑制的
{{ code_analysis.summary.suppressed }}
{% endif %} {% if code_analysis and 'findings' in code_analysis %} {% for rule, details in code_analysis.findings.items %} {% endfor %} {% endif %}
编号 问题 严重度 标准 文件 选项
{{ forloop.counter }} {% if details.metadata|key:"ref" %} {{ details.metadata.description }} {% else %} {{ details.metadata.description }} {% endif %} {% if details.metadata.severity == "high" %} 危险 {% elif details.metadata.severity == "good" %} 安全 {% elif details.metadata.severity == "warning" %} 警告 {% elif details.metadata.severity == "info" %} 普通 {% endif %} {% if average_cvss %} CVSS V2: {{ details.metadata.cvss }} {% if details.metadata.cvss > 6 %} (high) {% elif details.metadata.cvss == 0 %} (info) {% elif details.metadata.cvss >= 4 %} (medium) {% elif details.metadata.cvss < 4 %} (low) {% endif %}
{% endif %} {% if details.metadata.cwe %} CWE: {{ details.metadata.cwe }}{% endif %} {% if details.metadata|key:"owasp-mobile" %}
OWASP Top 10: {{ details.metadata|key:"owasp-mobile" }}{% endif %} {% if details.metadata.masvs %}
OWASP MASVS: {{ details.metadata.masvs }}{% endif %}
{% for file_path, lines in details.files.items %} {{ file_path }}
{% endfor %}
{% endif %}

共享库二进制分析

{% if app_type not in 'so' %} {% endif %} {% if not binary_analysis %} No Shared Objects found. {% endif %} {% for so in binary_analysis %} {% if app_type not in 'so' %} {% endif %} {% endfor %}
编号 共享对象NX 栈守护者 路径 运行路径 加固 符号剥离
{{ forloop.counter }} {{so.name}}{{so.nx.is_nx}}
{{so.nx.severity}}
{{so.nx.description}}
{{so.stack_canary.has_canary}}
{{so.stack_canary.severity}}
{{so.stack_canary.description}}
{{so.rpath.rpath}}
{{so.rpath.severity}}
{{so.rpath.description}}
{{so.runpath.runpath}}
{{so.runpath.severity}}
{{so.runpath.description}}
{{so.fortify.is_fortified}}
{{so.fortify.severity}}
{{so.fortify.description}}
{{so.symbol.is_stripped}}
{{so.symbol.severity}}
{{so.symbol.description}}
{% if app_type not in 'so' %}

NIAP 分析体系 v1.3

{% for iden, details in niap_analysis.items %} {% endfor %}
编号 标识 要求 特征 描述
{{ forloop.counter }} {{ iden }} {{ details.class }} {{ details.description }} {{ details.choice }}

文件分析

{% for item in file_analysis %} {% endfor %}
编号 问题 文件
{{ forloop.counter }} {{ item|key:"finding" }} {% for cert_f in item|key:"files" %} {{ cert_f }}
{% endfor %}

APKiD 分析

{% if apkid and app_type not in 'jar,aar'%} {% for file, details in apkid.items %} {% endfor %} {% else %}

APKiD 未启用.

{% endif %}
DEX 检测
{{file}} {% for detail, idens in details.items %} {% endfor %}
发现 详情
{% if detail == "anti_vm" %} 反虚拟机代码 {% elif detail == "anti_disassembly" %} 反汇编代码 {% elif detail == "anti_debug" %} 反调试代码 {% elif detail == "compiler" %} 编译器 {% elif detail == "abnormal" %} 异常代码 {% elif detail == "obfuscator" %} 混淆器 {% elif detail == "protector" %} 保护器 {% elif detail == "packer" %} 打包程序发现 {% elif detail == "dropper" %} 投放程序发现 {% elif detail == "manipulator" %} 操纵者发现 {% else %} {{detail}} {% endif %} {% for idn in idens %} {{ idn }}
{% endfor %}

分析

{% if quark %} {% for item in quark %} {% endfor%} {% endif %}
潜在的恶意行为 证据
{{ item.crime }} {% for api in item.register %} {{api.file}} -> {{api.method}}
{% endfor %}
{% endif %} {% if virus_total %}

VirusTotal扫描

{% if virus_total.items|length < 9 %} {% comment %} Basic check to determine if the response is a msg or a result {% endcomment %}

  {{ virus_total.verbose_msg }}

{% else %}

   {{ virus_total.positives }} / {{ virus_total.total }}  AV发现此文件恶意!    完整报告

{% if virus_total.positives > 0 %} {% for av_name,av_result in virus_total.scans.items %} {% if av_result.detected == True %} {% endif %} {% endfor %}
病毒 发现
{{ av_name }} {{ av_result.result }}
{% endif %}{% comment %} if results.positive > 0 {% endcomment %} {% endif %}{% comment %} if this is the upload msg or a result {% endcomment %}
{% endif %}

服务器位置

{% if domains %}


此应用程序可能与以下OFAC批准的国家名单进行通信。

{% for domain, details in domains.items %} {% if details|key:"ofac" == True %} {% endif %} {% endfor %}
域名 国家/地区
{{domain}} IP: {{details|key:"geolocation"|key:"ip"}}
Country: {{details|key:"geolocation"|key:"country_long"}}
Region: {{details|key:"geolocation"|key:"region"}}
City: {{details|key:"geolocation"|key:"city"}}
{% endif %}

恶意域名检测

{% if domains %} {% for domain, details in domains.items %} {% endfor %}
域名 状态 位置
{{domain}} {% if details|key:"bad" == "yes" %} malware
                      URL: {{details|key:"domain_or_url"}}
                      IP: {{details|key:"ip"}}
                      描述: {{details|key:"desc"}}
                      
{% else %} ok
{% endif %}
{% if details|key:"geolocation" %} IP: {{details|key:"geolocation"|key:"ip"}}
国家: {{details|key:"geolocation"|key:"country_long"}}
地区: {{details|key:"geolocation"|key:"region"}}
城市: {{details|key:"geolocation"|key:"city"}}
纬度: {{details|key:"geolocation"|key:"latitude"}}
经度: {{details|key:"geolocation"|key:"longitude"}}
查看: Google Map {% else %} No Geolocation information available. {% endif %}
{% endif %}

URLS

{% if urls %} {% for urldict in urls %} {% endfor %}
URL 文件
{% for u in urldict|key:"urls" %} {{ u }}
{% endfor %}
{{urldict|key:"path"}}
{% endif %}

Google Firebase DB

{% if firebase_urls %} {% for item in firebase_urls %} {% endfor %}
FIREBASE URL 详细
{{ item.url }} {% if item.open %} 危险
Firebase Database is exposed publicly. {% else %} 正常
App talks to a Firebase database. {% endif %}
{% endif %}

邮件

{% if emails %} {% for email_dict in emails %} {% endfor %}
邮件 文件
{% for e in email_dict|key:"emails" %} {{ e }}
{% endfor %}
{{email_dict|key:"path"}}
{% endif %}
{% if app_type not in 'so' %}

跟踪器

{% if trackers %} {% for trk in trackers|key:"trackers" %} {% endfor %}
跟踪器名称 类别 URL
{{trk.name}} {{trk.categories}} {{trk.url}}
{% endif %}
{% endif %}

硬编码

{% for val in secrets %} {{ val }}
{% endfor %}

字符串

{% if app_type not in 'so' %}

From APK Resource

{% for key, val in strings.items %} {% if key == 'strings_apk_res' %} {% for v in val %} {{ v }}
{% endfor %} {% endif %} {% endfor %}

From Code

{% for key, val in strings.items %} {% if key == 'strings_code' %} {% for v in val %} {{ v }}
{% endfor %} {% endif %} {% endfor %}

{% endif %}

From Shared Objects

{% for key, val in strings.items %} {% if key == 'strings_so' %} {% for ls in val %} {% for k,v in ls.items %}


{{ k }}

{% for i in v %} {{ i }}
{% endfor %} {% endfor %} {% endfor %} {% endif %} {% endfor %}

{% if app_type in 'so' %}

符号

{% for val in file_analysis %} {{ val }}
{% endfor %}

{% endif %} {% if app_type not in 'so' %}

Activities组件

{% for act in activities %} {{ act}}
{% endfor %}

Services组件

{% for srv in services %} {{ srv}}
{% endfor %}

Receivers组件

{% for rcv in receivers %} {{ rcv}}
{% endfor %}

Providers组件

{% for prv in providers %} {{ prv }}
{% endfor %}

Libraries组件

{% for lib in libraries %} {{ lib }}
{% endfor %}

文件

{% for file in files %} {{ file}}
{% endfor %}

{% endif %}
{% endblock %} {% block extra_scripts %} {% endblock %}