{% extends "base/base_layout.html" %} {% load static %} {% block sidebar_option %} sidebar-mini {% endblock %} {% block extra_css %} {% endblock %} {% block sidebar %} {% endblock %} {% block content %}

APP 得分

{% if app_type not in 'Dylib,A' %}

{% if average_cvss %} 平均 CVSS {{ average_cvss }}
{% endif %} 安全分 {{ appsec.security_score }}/100
{% endif %} {% if trackers.detected_trackers > 0 %} 追踪器检测 {{ trackers.detected_trackers }}/{{ trackers.total_trackers }}
{% else %} 追踪器检测 {{ trackers.detected_trackers }}/{{ trackers.total_trackers }}
{% endif %} {% if virus_total and virus_total.items|length > 9 %} {% if virus_total.positives > 0 %} VirusTotal 检测 {{ virus_total.positives }}/{{ virus_total.total }}
{% else %} VirusTotal 检测 {{ virus_total.positives }}/{{ virus_total.total }}
{% endif %} {% endif %}

{% if app_type not in 'Dylib,A' %}

MobSF 评分卡

{% endif %}

文件信息

File Name {{ file_name }}
Size {{ size }}
MD5 {{ md5 }}
SHA1 {{ sha1 }}
SHA256 {{ sha256 }}
{% if app_type not in 'Dylib,A' %}

APP 信息

App Name {{ app_name }}
App Type {{ app_type }}
Identifier {{ bundle_id }}
SDK Name {{ sdk_name }}
Version {{ app_version }} Build {{ build }} Platform Version {{ platform }} Min OS Version {{ min_os_version }}
Supported Platforms {% for pl in bundle_supported_platforms %} {{pl}}, {% endfor %}
{% endif %}

二进制信息

Arch {{ binary_info.arch }}
Sub Arch {{ binary_info.subarch }}
Bit {{ binary_info.bit }} Endian {{ binary_info.endian }}
{% if app_type not in 'Dylib,A' %} {% if not appstore_details.error %}

APP 应用商店信息

Title {{ appstore_details.title }}
Score {{ appstore_details.score}} Features {% for fea in appstore_details.features %} {{ fea }}, {% endfor %} Price {{ appstore_details.price }} Category {% for cat in appstore_details.category %} {{ cat }}, {% endfor %} App Store URL {{ appstore_details.app_id }}
Developer {{appstore_details.developer}}, Developer ID {{appstore_details.developer_id}}
Developer Website {{appstore_details.developer_website }}
Developer URL {{appstore_details.developer_url}}
Supported Devices {% for dev in appstore_details.supported_devices %} {{ dev }}, {% endfor %}
Description
{{ appstore_details.description }}
{% endif %} {% endif %}

反编译资产

{% if app_type not in 'Dylib,A' %} 查看 Info.plist {% endif %} {% if app_type not in 'Dylib,A' %} 查看类转储 {% endif %} 下载 {% if app_type in 'Dylib' %}DYLIB{% elif app_type in 'A' %}A{% else %}IPA{% endif %}

{% if app_type not in 'Dylib,A' %}

自定义URL方案

{% if bundle_url_types|length > 0 %}

{% for scheme in bundle_url_types %} {% endfor %}
名称 方案
{{scheme | key:"CFBundleURLName" }} {% if scheme|key:"CFBundleTypeRole" %}
{{scheme | key:"CFBundleTypeRole" }} {% endif %}
{% if scheme|key:"CFBundleURLSchemes" %} {% for ul in scheme.CFBundleURLSchemes %} {{ul}}
{% endfor %} {% endif %}
{% else %}

No URL Schemes found.

{% endif %}

权限申请

{% if permissions %}

{% for perm, desc in permissions.items %} {% endfor %}
权限 状态 信息 描述
{{ perm }} {% if desc.status == 'dangerous' %} 危险 {% else %} 正常 {% endif %} {{ desc.info}} {{ desc.description }}
{% else %}

No Permissions required.

{% endif %}

应用程序传输安全(ATS)

{% if ats_analysis and 'ats_summary' in ats_analysis and ats_analysis.ats_summary|length > 0 %}
危险
{{ ats_analysis.ats_summary.high }}
警告
{{ ats_analysis.ats_summary.warning }}
普通
{{ ats_analysis.ats_summary.info }}
安全
{{ ats_analysis.ats_summary.secure }}
{% endif %} {% if ats_analysis and 'ats_findings' in ats_analysis %} {% for findings in ats_analysis.ats_findings %} {% endfor %} {% endif %}
编号 问题 严重度 描述
{{ forloop.counter }} {{findings.issue}} {% if findings.severity == "high" %} 危险 {% elif findings.severity == "secure" %} 安全 {% elif findings.severity == "warning" %} 警告 {% elif findings.severity == "info" %} 普通 {% endif %} {{findings.description}}
{% endif %}

{% if app_type not in 'Dylib,A' %}IPA {% endif %}二进制代码分析

{% if binary_analysis and 'summary' in binary_analysis and binary_analysis.summary|length > 0 %}
危险
{{ binary_analysis.summary.high }}
警告
{{ binary_analysis.summary.warning }}
普通
{{ binary_analysis.summary.info }}
安全
{{ binary_analysis.summary.secure }}
抑制规则
{{ binary_analysis.summary.suppressed }}
{% endif %} {% if binary_analysis and 'findings' in binary_analysis %} {% for issue, details in binary_analysis.findings.items %} {% endfor %} {% endif %}
编号 问题 严重度 标准 描述 选项
{{ forloop.counter }} {{ issue }} {% if details|key:"severity" == 'info' %} 普通 {% elif details|key:"severity" == 'good' %} 安全 {% elif details|key:"severity" == 'high' %} 危险 {% elif details|key:"severity" == 'warning' %} 警告 {% endif %} {% if average_cvss %} CVSS V2: {{ details|key:"cvss" }} {% if details|key:"cvss" > 6 %} (high) {% elif details|key:"cvss" == 0 %} (info) {% elif details|key:"cvss" >= 4 %} (medium) {% elif details|key:"cvss" < 4 %} (low) {% endif %}
{% endif %} {% if details|key:"cwe" %} CWE: {{ details|key:"cwe" }}{% endif %} {% if details|key:"owasp-mobile" %}
OWASP Top 10: {{ details|key:"owasp-mobile" }}{% endif %} {% if details|key:"masvs" %}
OWASP MASVS: {{ details|key:"masvs" }}{% endif %}
{{ details|key:"detailed_desc" }}
{% if app_type not in 'Dylib,A' %}

IPA 二进制分析

{% if not macho_analysis %} Binary Analysis Failed. {% else %} {% endif %}
防护 状态 严重度 描述
NX {{macho_analysis.nx.has_nx}} {{macho_analysis.nx.severity}} {{macho_analysis.nx.description}}
PIE {{macho_analysis.pie.has_pie}} {{macho_analysis.pie.severity}} {{macho_analysis.pie.description}}
栈守护者 {{macho_analysis.stack_canary.has_canary}} {{macho_analysis.stack_canary.severity}} {{macho_analysis.stack_canary.description}}
ARC {{macho_analysis.arc.has_arc}} {{macho_analysis.arc.severity}} {{macho_analysis.arc.description}}
路径搜索 {{macho_analysis.rpath.has_rpath}} {{macho_analysis.rpath.severity}} {{macho_analysis.rpath.description}}
代码签名 {{macho_analysis.code_signature.has_code_signature}} {{macho_analysis.code_signature.severity}} {{macho_analysis.code_signature.description}}
是否加密 {{macho_analysis.encrypted.is_encrypted}} {{macho_analysis.encrypted.severity}} {{macho_analysis.encrypted.description}}
符号剥离 {{macho_analysis.symbol.is_stripped}} {{macho_analysis.symbol.severity}} {{macho_analysis.symbol.description}}
{% endif %} {% if app_type not in 'A' %}

动态库二进制分析

{% if app_type not in 'Dylib' %} {% endif %} {% if not dylib_analysis %} No Dylibs found. {% endif %} {% for dy in dylib_analysis %} {% if app_type not in 'Dylib' %} {% endif %} {% endfor %}
编号 动态链接库NX 栈守护者 ARC 路径搜索 代码签名 加密 符号剥离
{{ forloop.counter }} {{dy.name}}{{dy.nx.has_nx}}
{{dy.nx.severity}}
{{dy.nx.description}}
{{dy.stack_canary.has_canary}}
{{dy.stack_canary.severity}}
{{dy.stack_canary.description}}
{{dy.arc.has_arc}}
{{dy.arc.severity}}
{{dy.arc.description}}
{{dy.rpath.has_rpath}}
{{dy.rpath.severity}}
{{dy.rpath.description}}
{{dy.code_signature.has_code_signature}}
{{dy.code_signature.severity}}
{{dy.code_signature.description}}
{{dy.encrypted.is_encrypted}}
{{dy.encrypted.severity}}
{{dy.encrypted.description}}
{{dy.symbol.is_stripped}}
{{dy.symbol.severity}}
{{dy.symbol.description}}
{% endif %} {% if app_type in 'A' %}

静态库二进制分析

{% if binary_info.arch == 'MachO' %} {% if not dylib_analysis %} No Static Objects found. {% endif %} {% for dy in dylib_analysis %} {% endfor %}
NO 静态对象 NX 栈守护者 ARC 路径搜索 符号剥离
{{ forloop.counter }} {{dy.name}} {{dy.nx.has_nx}}
{{dy.nx.severity}}
{{dy.nx.description}}
{{dy.stack_canary.has_canary}}
{{dy.stack_canary.severity}}
{{dy.stack_canary.description}}
{{dy.arc.has_arc}}
{{dy.arc.severity}}
{{dy.arc.description}}
{{dy.rpath.has_rpath}}
{{dy.rpath.severity}}
{{dy.rpath.description}}
{{dy.symbol.is_stripped}}
{{dy.symbol.severity}}
{{dy.symbol.description}}
{% else %} {% if not dylib_analysis %} No Static Objects found. {% endif %} {% for so in dylib_analysis %} {% endfor %}
编号 共享对象 NX 栈守护者 路径搜索 运行路径 加固 符号剥离
{{ forloop.counter }} {{so.name}} {{so.nx.is_nx}}
{{so.nx.severity}}
{{so.nx.description}}
{{so.stack_canary.has_canary}}
{{so.stack_canary.severity}}
{{so.stack_canary.description}}
{{so.rpath.rpath}}
{{so.rpath.severity}}
{{so.rpath.description}}
{{so.runpath.runpath}}
{{so.runpath.severity}}
{{so.runpath.description}}
{{so.fortify.is_fortified}}
{{so.fortify.severity}}
{{so.fortify.description}}
{{so.symbol.is_stripped}}
{{so.symbol.severity}}
{{so.symbol.description}}
{% endif %}
{% endif %} {% if app_type not in 'Dylib,A' %}

文件分析

{% for item in file_analysis %} {% endfor %}
编号 问题 文件
{{ forloop.counter }} {{ item.issue }} {% for file in item.files %} {% if file.type %} {{ file.file_path }} {% else %} {{ file.file_path }} {% endif %}
{% endfor %}
{% endif %} {% if virus_total %}

VIRUSTOTAL 扫描

{% if virus_total.items|length < 9 %} {% comment %} Basic check to determine if the response is a msg or a result {% endcomment %}

  {{ virus_total.verbose_msg }}

{% else %}

   {{ virus_total.positives }} / {{ virus_total.total }}  AVs found this file Malicious!    Full Report

{% if virus_total.positives > 0 %} {% for av_name,av_result in virus_total.scans.items %} {% if av_result.detected == True %} {% endif %} {% endfor %}
病毒 发现
{{ av_name }} {{ av_result.result }}
{% endif %}{% comment %} if results.positive > 0 {% endcomment %} {% endif %}{% comment %} if this is the upload msg or a result {% endcomment %}
{% endif %}

服务器位置

{% if domains %}


此应用程序可能与以下OFAC批准的国家名单进行通信。

{% for domain, details in domains.items %} {% if details|key:"ofac" == True %} {% endif %} {% endfor %}
域名 国家/地区
{{domain}} IP: {{details|key:"geolocation"|key:"ip"}}
国家: {{details|key:"geolocation"|key:"country_long"}}
地区: {{details|key:"geolocation"|key:"region"}}
城市: {{details|key:"geolocation"|key:"city"}}
{% endif %}

恶意域名检测

{% if domains %} {% for domain, details in domains.items %} {% endfor %}
域名 状态 定位
{{domain}} {% if details|key:"bad" == "yes" %} 恶意应用
                      URL: {{details|key:"domain_or_url"}}
                      IP: {{details|key:"ip"}}
                      描述: {{details|key:"desc"}}
                      
{% else %} ok
{% endif %}
{% if details|key:"geolocation" %} IP: {{details|key:"geolocation"|key:"ip"}}
国家: {{details|key:"geolocation"|key:"country_long"}}
地区: {{details|key:"geolocation"|key:"region"}}
城市: {{details|key:"geolocation"|key:"city"}}
纬度: {{details|key:"geolocation"|key:"latitude"}}
经度: {{details|key:"geolocation"|key:"longitude"}}
查看: Google 地图 {% else %} No Geolocation information available. {% endif %}
{% endif %}

URLS

{% if urls %} {% for urldict in urls %} {% endfor %}
URL 文件
{% for u in urldict|key:"urls" %} {{ u }}
{% endfor %}
{{urldict|key:"path"}}
{% endif %}

Google Firebase DB

{% if firebase_urls %} {% for item in firebase_urls %} {% endfor %}
FIREBASE URL 详细
{{ item.url }} {% if item.open %} 危险
Firebase Database is exposed publicly. {% else %} 普通
App talks to a Firebase database. {% endif %}
{% endif %}

邮件

{% if emails %} {% for email_dict in emails %} {% endfor %}
邮件 文件
{% for e in email_dict|key:"emails" %} {{ e }}
{% endfor %}
{{email_dict|key:"path"}}
{% endif %}

跟踪器

{% if trackers %} {% for trk in trackers|key:"trackers" %} {% endfor %}
名称 类别 URL
{{trk.name}} {{trk.categories}} {{trk.url}}
{% endif %}

硬编码

{% for val in secrets %} {{ val }}
{% endfor %}

字符串

{% for string in strings %} {{string}}
{% endfor %}
{% if app_type in 'Dylib,A' %}

符号

{% for val in file_analysis %} {{ val }}
{% endfor %}

{% endif %} {% if app_type not in 'Dylib,A' %}

资源库

{% for lib in libraries %} {{ lib }}
{% endfor %}

文件

{% for file in files %} {{ file}}
{% endfor %}

{% endif %}
{% if app_type not in 'Dylib,A' %} {% endif %} {% endblock %} {% block extra_scripts %} {% endblock %}