Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.
The detection is performed with the static analysis of the application’s Dalvik bytecode, represented as Smali, with the androguard
library.
This analysis leads to the generation of a report, according to a technical detail level chosen from the user.
Features
-v 1
) for newbies-v 2
)-v 3
) txt
html
from a Bootstrap templateAlso Read – Lynis : Security Auditing Tool for Unix/Linux Systems
Usage
Options
usage: androwarn [-h] -i INPUT [-o OUTPUT] [-v {1,2,3}] [-r {txt,html,json}]
[-d]
[-L {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}]
[-w]
version: 1.4
optional arguments:
-h, –help show this help message and exit
-i INPUT, –input INPUT
APK file to analyze
-o OUTPUT, –output OUTPUT
Output report file (default
“./_.”) -v {1,2,3}, –verbose {1,2,3}
Verbosity level (ESSENTIAL 1, ADVANCED 2, EXPERT 3)
(default 1)
-r {txt,html,json}, –report {txt,html,json}
Report type (default “html”)
-d, –display-report Display analysis results to stdout -L {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}, –log-level
{debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}
Log level (default “ERROR”)
-w, –with-playstore-lookup
Enable online lookups on Google Play{debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}
Log level (default “ERROR”)
-w, –with-playstore-lookup
Enable online lookups on Google Play
Common usage
$ python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3
By default, the report is generated in the current folder.
An HTML report is now contained in a standalone file, CSS/JS resources are inlined.
Sample application
A sample application has been built, concentrating several malicious behaviours.
The APK is available in the _SampleApplication/bin/
folder and the HTML report is available in the _SampleReports
folder.
Dependencies and installation
pip install androwarn
and then directly use $ androwarn
pip install -r requirements.txt
Changelog
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…