Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.
The detection is performed with the static analysis of the application’s Dalvik bytecode, represented as Smali, with the androguard library.
This analysis leads to the generation of a report, according to a technical detail level chosen from the user.
Features
-v 1) for newbies-v 2)-v 3) txthtml from a Bootstrap templateAlso Read – Lynis : Security Auditing Tool for Unix/Linux Systems
Usage
Options
usage: androwarn [-h] -i INPUT [-o OUTPUT] [-v {1,2,3}] [-r {txt,html,json}]
[-d]
[-L {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}]
[-w]
version: 1.4
optional arguments:
-h, –help show this help message and exit
-i INPUT, –input INPUT
APK file to analyze
-o OUTPUT, –output OUTPUT
Output report file (default
“./_.”) -v {1,2,3}, –verbose {1,2,3}
Verbosity level (ESSENTIAL 1, ADVANCED 2, EXPERT 3)
(default 1)
-r {txt,html,json}, –report {txt,html,json}
Report type (default “html”)
-d, –display-report Display analysis results to stdout -L {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}, –log-level
{debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}
Log level (default “ERROR”)
-w, –with-playstore-lookup
Enable online lookups on Google Play{debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}
Log level (default “ERROR”)
-w, –with-playstore-lookup
Enable online lookups on Google Play
Common usage
$ python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3
By default, the report is generated in the current folder.
An HTML report is now contained in a standalone file, CSS/JS resources are inlined.
Sample application
A sample application has been built, concentrating several malicious behaviours.
The APK is available in the _SampleApplication/bin/ folder and the HTML report is available in the _SampleReports folder.
Dependencies and installation
pip install androwarn and then directly use $ androwarnpip install -r requirements.txtChangelog
Squid is a full-featured caching proxy server that supports HTTP, HTTPS, and FTP. It is most…
Chromium is a fast, lightweight, open-source web browser developed primarily by Google. It serves as the…
MySQL Workbench is a cross-platform graphical tool for MySQL database administration. It brings together everything a…
NFS (Network File System) is a distributed file sharing protocol that lets you mount remote directories…
VirtualBox is an open-source, cross-platform virtualization application that lets you run multiple operating systems simultaneously on…
SSH (Secure Shell) is a cryptographic network protocol that creates a secure, encrypted connection between your…