-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathandroid-scriptdroid.bat
130 lines (112 loc) · 7.04 KB
/
android-scriptdroid.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
@ECHO OFF
SET /P Filelocation=Please Enter Location:
mkdir %Filelocation%OUTPUT
:: Code to check for presence of Comments
grep -H -i -n -e "//" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_comment.txt"
type -H -i "%Filelocation%*.java" |gawk "//*/,/*//" >>
"%Filelocation%OUTPUTMultilineComments.txt"
grep -H -i -n -v "TODO" "%Filelocation%OUTPUTTemp_comment.txt" >>
"%Filelocation%OUTPUTSinglelineComments.txt"
del %Filelocation%OUTPUTTemp_comment.txt
:: Code to check for insecure usage of SharedPreferences
grep -H -i -n -C2 -e "putString" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTverify_sharedpreferences.txt"
grep -H -i -n -C2 -e "MODE_PRIVATE" "%Filelocation%*.java" >> "%Filelocation%OUTPUTModeprivate.txt"
grep -H -i -n -C2 -e "MODE_WORLD_READABLE" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTWorldreadable.txt"
grep -H -i -n -C2 -e "MODE_WORLD_WRITEABLE" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTWorldwritable.txt"
grep -H -i -n -C2 -e "addPreferencesFromResource" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTverify_sharedpreferences.txt"
:: Code to check for possible TapJacking attack
grep -H -i -n -e filterTouchesWhenObscured="true" "%Filelocation%........reslayout*.xml" >>
"%Filelocation%OUTPUTTemp_tapjacking.txt"
grep -H -i -n -e "<Button" "%Filelocation%........reslayout*.xml" >>
"%Filelocation%OUTPUTtapjackings.txt"
grep -H -i -n -v filterTouchesWhenObscured="true" "%Filelocation%OUTPUTtapjackings.txt" >>
"%Filelocation%OUTPUTTemp_tapjacking.txt"
del %Filelocation%OUTPUTTemp_tapjacking.txt
:: Code to check usage of external storage card for storing information
grep -H -i -n -e "WRITE_EXTERNAL_STORAGE" "%Filelocation%........AndroidManifest.xml" >>
"%Filelocation%OUTPUTSdcardStorage.txt"
grep -H -i -n -e "getExternalStorageDirectory()" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTSdcardStorage.txt"
grep -H -i -n -e "sdcard" "%Filelocation%*.java" >> "%Filelocation%OUTPUTSdcardStorage.txt"
:: Code to check for possible scripting javscript injection
grep -H -i -n -e "addJavascriptInterface()" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTTemp_probableXss.txt"
grep -H -i -n -e "setJavaScriptEnabled(true)" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTTemp_probableXss.txt"
grep -H -i -n -v "import" "%Filelocation%OUTPUTTemp_probableXss.txt" >>
"%Filelocation%OUTPUTprobableXss.txt"
del %Filelocation%OUTPUTTemp_probableXss.txt
:: Code to check for presence of possible weak algorithms
grep -H -i -n -e "MD5" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_weakencryption.txt"
grep -H -i -n -e "base64" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_weakencryption.txt"
grep -H -i -n -e "des" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_weakencryption.txt"
grep -H -i -n -v "import" "%Filelocation%OUTPUTTemp_weakencryption.txt" >>
"%Filelocation%OUTPUTWeakencryption.txt"
del %Filelocation%OUTPUTTemp_weakencryption.txt
:: Code to check for weak transportation medium
grep -H -i -n -C3 "http://" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_overhttp.txt"
grep -H -i -n -C3 -e "HttpURLConnection" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTTemp_overhttp.txt"
grep -H -i -n -C3 -e "URLConnection" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTTemp_OtherUrlConnection.txt"
grep -H -i -n -C3 -e "URL" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTTemp_OtherUrlConnection.txt"
grep -H -i -n -e "TrustAllSSLSocket-Factory" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTBypassSSLvalidations.txt"
grep -H -i -n -e "AllTrustSSLSocketFactory" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTBypassSSLvalidations.txt"
grep -H -i -n -e "NonValidatingSSLSocketFactory" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTBypassSSLvalidations.txt"
grep -H -i -n -v "import" "%Filelocation%OUTPUTTemp_OtherUrlConnection.txt" >>
"%Filelocation%OUTPUTOtherUrlConnections.txt"
del %Filelocation%OUTPUTTemp_OtherUrlConnection.txt
grep -H -i -n -v "import" "%Filelocation%OUTPUTTemp_overhttp.txt" >>
"%Filelocation%OUTPUTUnencryptedTransport.txt"
del %Filelocation%OUTPUTTemp_overhttp.txt
:: Code to check for Autocomplete ON
grep -H -i -n -e "<Input" "%Filelocation%........reslayout*.xml" >>
"%Filelocation%OUTPUTTemp_autocomp.txt"
grep -H -i -n -v "textNoSuggestions" "%Filelocation%OUTPUTTemp_autocomp.txt" >>
"%Filelocation%OUTPUTAutocompleteOn.txt"
del %Filelocation%OUTPUTTemp_autocomp.txt
:: Code to presence of possible SQL Content
grep -H -i -n -e "rawQuery" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "compileStatement" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "db" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "sqlite" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "database" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "insert" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "delete" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "select" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "table" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -e "cursor" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_sqlcontent.txt"
grep -H -i -n -v "import" "%Filelocation%OUTPUTTemp_sqlcontent.txt" >>
"%Filelocation%OUTPUTSqlcontents.txt"
del %Filelocation%OUTPUTTemp_sqlcontent.txt
:: Code to check for Logging mechanism
grep -H -i -n -F "Log." "%Filelocation%*.java" >> "%Filelocation%OUTPUTLogging.txt"
:: Code to check for Information in Toast messages
grep -H -i -n -e "Toast.makeText" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_Toast.txt"
grep -H -i -n -v "//" "%Filelocation%OUTPUTTemp_Toast.txt" >>
"%Filelocation%OUTPUTToast_content.txt"
del %Filelocation%OUTPUTTemp_Toast.txt
:: Code to check for Debugging status
grep -H -i -n -e "android:debuggable" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTDebuggingAllowed.txt"
:: Code to check for presence of Device Identifiers
grep -H -i -n -e "uid|user-id|imei|deviceId|deviceSerialNumber|devicePrint|X-DSN|phone
|mdn|did|IMSI|uuid" "%Filelocation%*.java" >> "%Filelocation%OUTPUTTemp_Identifiers.txt"
grep -H -i -n -v "//" "%Filelocation%OUTPUTTemp_Identifiers.txt" >>
"%Filelocation%OUTPUTDevice_Identifier.txt"
del %Filelocation%OUTPUTTemp_Identifiers.txt
:: Code to check for presence of Location Info
grep -H -i -n -e "getLastKnownLocation()|requestLocationUpdates()|getLatitude()|getLongitude()
|LOCATION" "%Filelocation%*.java" >> "%Filelocation%OUTPUTLocationInfo.txt"
:: Code to check for possible Intent Injection
grep -H -i -n -C3 -e "Action.getIntent(" "%Filelocation%*.java" >>
"%Filelocation%OUTPUTIntentValidation.txt"