QARK - Quick Android Review Kit
QARK (Quick Android Review Kit) is a Python-based tool designed to look for several security-related Android application vulnerabilities, either in source code or packaged APKs.
The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the vulnerabilities it finds. There is no need to root the test device, as this tool focuses on vulnerabilities that can be exploited under otherwise secure conditions.
Requirements:
- Python 2.7.6
- JRE 1.6+ (preferably 1.7+)
- OSX or RHEL6.6 (Others may work, but not fully tested)
Usage:
To run in interactive mode:
$ python qarkMain.pyTo run in headless mode:
$ python qarkMain.py --source 1 --pathtoapk /Users/foo/qark/sampleApps/goatdroid /goatdroid.apk --exploit 1 --install 1 or $ python qarkMain.py --source 2 -c /Users/foo/qark/sampleApps/goatdroid/goatdroid --manifest /Users/foo/qark/sampleApps/goatdroid/goatdroid/AndroidManifest.xml --exploit 1 --install 1
QARK is an easy to use tool capable of finding common security vulnerabilities in Android applications. Unlike commercial products, it is 100% free to use. QARK features educational information allowing security reviewers to locate precise, in-depth explanations of the vulnerabilities. QARK automates the use of multiple decompilers, leveraging their combined outputs, to produce superior results, when decompiling APKs. Finally, the major advantage QARK has over traditional tools, that just point you to possible vulnerabilities, is that it can produce ADB commands, or even fully functional APKs, that turn hypothetical vulnerabilities into working "POC" exploits.
Included in the types of security vulnerabilities this tool attempts to find are:
- Inadvertently exported components
- Improperly protected exported components
- Intents which are vulnerable to interception or eavesdropping
- Improper x.509 certificate validation
- Creation of world-readable or world-writeable files
- Activities which may leak data
- The use of Sticky Intents
- Insecurely created Pending Intents
- Sending of insecure Broadcast Intents
- Private keys embedded in the source
- Weak or improper cryptography use
- Potentially exploitable WebView configurations
- Exported Preference Activities
- Tapjacking
- Apps which enable backups
- Apps which are debuggable
- Apps supporting outdated API versions, with known vulnerabilities
You might also like:
- Introspy(iOS) - Tool For Blackbox iOS App Analysis
- LinEnum - Local Linux Enumeration & Privilege Escalation Script
- Vulscan - Advanced Vulnerability Scanning with Nmap
- pWeb Suite - Web Application Penetration Testing Toolkit
- OWASP Bricks - Web Application Security Learning Platform
- WebVulScan - Web Application Vulnerability Scanner
- Zarp - Network Attack Tool
- bWAPP - An Extremely Buggy Web App For Practising Hacking
- bee-box - A Custom Linux VM Pre-installed with bWAPP
- HconSTF - An Open Source Security Assessment Toolkit
- pytbull - Intrusion Detection/Prevention System (IDS/IPS) Testing Framework
- RIPS - Tool For Detecting Vulnerabilities in PHP Applications
- Samurai Web Testing Framework - A Virtual Machine Focused on Web Application Testing
- Nessus - An Advanced Vulnerability Scanner
- Resolver - A Reverse DNS Lookup Tool
- Arachni - Web Application Security Scanner Framework
- Sanewall - A Firewall Builder For Linux
- Santoku - A Linux Distro For Mobile Security, Malware Analysis, and Forensics
- SpiderFoot - An Open Source Intelligence Automation Tool
- PacketFence - An Open Source Network Access Control System
- Suricata - An Open Source IDS / IPS / NSM engine
- Malwasm - Tool For Malware Reverse Engineers
- Nishang - PowerShell For Penetration Testing and Offensive Security
Post a Comment