Diviei · August 9, 2019 02:41
diff --git a/apks_related.py b/apks_related.py
 #!/usr/bin/python
 # -*- coding: utf-8 -*-

 __author__ = "Daniel Vaca [email protected]"

 import os
 import argparse
 import time
 try:
    import requests
 except ImportError:
    print "requests module is required"
    print "run `pip install requests`"

 searches = [
    #APK properties
    'app:"%(app)s" AND package_name:"%(package_name)s" AND developer:"%(company)s"',
    '(app:"%(app)s" AND package_name:"%(package_name)s" AND developer:"%(company)s") AND displayed_version:"%(displayed_version)s"',
    '(app:"%(app)s" AND package_name:"%(package_name)s" AND developer:"%(company)s") AND size:[%(min_size)s TO %(max_size)s]',
    '(app:"%(app)s" OR package_name:"%(package_name)s" OR developer:"%(company)s") AND size:[%(min_size)s TO %(max_size)s]',
    
    #Static analysis properties
    'cert:%(certificate)s',
    'cert:%(certificate)s AND (app:"%(app)s" AND package_name:"%(package_name)s" AND developer:"%(company)s")',
    'url:(%(joined_urls)s)',

    #Network properties
    'network.hosts:(%(network_hosts_joined)s)',
    'network.http:(%(network_http_joined)s)', 
    'network.domains:(%(network_domains_joined)s)'
 ]

 base_url = "https://api.koodous.com"

 class bcolors:
    HEADER = '\033[95m'
    OKBLUE = '\033[94m'
    OKGREEN = '\033[92m'
    WARNING = '\033[93m'
    FAIL = '\033[91m'
    ENDC = '\033[0m'

    def disable(self):
        self.HEADER = ''
        self.OKBLUE = ''
        self.OKGREEN = ''
        self.WARNING = ''
        self.FAIL = ''
        self.ENDC = ''
 def print_apk(apk):
    print bcolors.OKGREEN
    print "App: %s" % apk.get("app")
    print "Package name: %s" % apk.get("package_name")
    print "Company: %s" % apk.get("company")
    print "Size (bytes): %i" % apk.get("size")
    print "Displayed version: %s" % apk.get("displayed_version")
    print bcolors.ENDC
 def search_apks(search):
    r = requests.get(base_url + "/apks?search=%s" % search)
    return r
 def get_apk_analysis(sha256):
    r = requests.get(base_url + "/apks/%s/analysis" % sha256)
    return r.json()
 def generate_searches(apk):
    for search in searches:
        aux = search % apk
        r = search_apks(aux)
        print aux
        print "Total matches: %i \n" % r.json().get("count")
        time.sleep(2)

 def main():
    apk_hash = raw_input("Enter search (md5, sha1 or sha256 for an specific APK): ")
    r = search_apks(apk_hash)
    os.system('clear')

    #There is no results
    if len(r.json().get("results")) == 0:
        print bcolors.FAIL
        print "There is no results for %s" % apk_hash
        print bcolors.ENDC
        return 0

    apk = r.json().get("results")[0]

    print_apk(apk)

    if apk.get("analyzed") == False:
        print "APK is not analyzed yet"
        return 0
    
    print "Getting info from analysis..."
    time.sleep(1)
    analysis = get_apk_analysis(apk.get("sha256"))

    apk['certificate'] = analysis.get("androguard").get("certificate").get("sha1")
    apk['joined_urls'] = '"' + '" AND "'.join(analysis.get("androguard").get("urls")) + '"'
    apk['min_size'] = apk.get("size") - 100000 # ~100kbs
    apk['max_size'] = apk.get("size") + 100000 # ~100kbs
    
    if len(analysis.get("cuckoo").get("network").get("hosts")) > 0:
        apk['network_hosts_joined'] = '"' + '", "'.join(analysis.get("cuckoo").get("network").get("hosts")) + '"'
    else:
        apk['network_hosts_joined'] = ""

    if len(analysis.get("cuckoo").get("network").get("http")) > 0:
        apk['network_http_joined'] = '"' + '", "'.join([x.get("uri") for x in analysis.get("cuckoo").get("network").get("http")]) + '"'
    else:
        apk['network_http_joined'] = ""
    
    if len(analysis.get("cuckoo").get("network").get("domains")) > 0:
        apk['network_domains_joined'] = '"' + '", "'.join([x.get("domain") for x in analysis.get("cuckoo").get("network").get("domains")]) + '"'
    else:
        apk['network_domains_joined'] = ""

    print "Analysis loaded\n"
    print "Generating searches...\n"
    time.sleep(1)
    generate_searches(apk)

 if __name__ == '__main__':
    os.system('clear')
    main()
	#!/usr/bin/python
	# -- coding: utf-8 --

	__author__ = "Daniel Vaca [email protected]"

	import os
	import argparse
	import time
	try:
	import requests
	except ImportError:
	print "requests module is required"
	print "run `pip install requests`"

	searches = [
	#APK properties
	'app:"%(app)s" AND package_name:"%(package_name)s" AND developer:"%(company)s"',
	'(app:"%(app)s" AND package_name:"%(package_name)s" AND developer:"%(company)s") AND displayed_version:"%(displayed_version)s"',
	'(app:"%(app)s" AND package_name:"%(package_name)s" AND developer:"%(company)s") AND size:[%(min_size)s TO %(max_size)s]',
	'(app:"%(app)s" OR package_name:"%(package_name)s" OR developer:"%(company)s") AND size:[%(min_size)s TO %(max_size)s]',

	#Static analysis properties
	'cert:%(certificate)s',
	'cert:%(certificate)s AND (app:"%(app)s" AND package_name:"%(package_name)s" AND developer:"%(company)s")',
	'url:(%(joined_urls)s)',

	#Network properties
	'network.hosts:(%(network_hosts_joined)s)',
	'network.http:(%(network_http_joined)s)',
	'network.domains:(%(network_domains_joined)s)'
	]

	base_url = "https://api.koodous.com"

	class bcolors:
	HEADER = '\033[95m'
	OKBLUE = '\033[94m'
	OKGREEN = '\033[92m'
	WARNING = '\033[93m'
	FAIL = '\033[91m'
	ENDC = '\033[0m'

	def disable(self):
	self.HEADER = ''
	self.OKBLUE = ''
	self.OKGREEN = ''
	self.WARNING = ''
	self.FAIL = ''
	self.ENDC = ''
	def print_apk(apk):
	print bcolors.OKGREEN
	print "App: %s" % apk.get("app")
	print "Package name: %s" % apk.get("package_name")
	print "Company: %s" % apk.get("company")
	print "Size (bytes): %i" % apk.get("size")
	print "Displayed version: %s" % apk.get("displayed_version")
	print bcolors.ENDC
	def search_apks(search):
	r = requests.get(base_url + "/apks?search=%s" % search)
	return r
	def get_apk_analysis(sha256):
	r = requests.get(base_url + "/apks/%s/analysis" % sha256)
	return r.json()
	def generate_searches(apk):
	for search in searches:
	aux = search % apk
	r = search_apks(aux)
	print aux
	print "Total matches: %i \n" % r.json().get("count")
	time.sleep(2)

	def main():
	apk_hash = raw_input("Enter search (md5, sha1 or sha256 for an specific APK): ")
	r = search_apks(apk_hash)
	os.system('clear')

	#There is no results
	if len(r.json().get("results")) == 0:
	print bcolors.FAIL
	print "There is no results for %s" % apk_hash
	print bcolors.ENDC
	return 0

	apk = r.json().get("results")[0]

	print_apk(apk)

	if apk.get("analyzed") == False:
	print "APK is not analyzed yet"
	return 0

	print "Getting info from analysis..."
	time.sleep(1)
	analysis = get_apk_analysis(apk.get("sha256"))

	apk['certificate'] = analysis.get("androguard").get("certificate").get("sha1")
	apk['joined_urls'] = '"' + '" AND "'.join(analysis.get("androguard").get("urls")) + '"'
	apk['min_size'] = apk.get("size") - 100000 # ~100kbs
	apk['max_size'] = apk.get("size") + 100000 # ~100kbs

	if len(analysis.get("cuckoo").get("network").get("hosts")) > 0:
	apk['network_hosts_joined'] = '"' + '", "'.join(analysis.get("cuckoo").get("network").get("hosts")) + '"'
	else:
	apk['network_hosts_joined'] = ""

	if len(analysis.get("cuckoo").get("network").get("http")) > 0:
	apk['network_http_joined'] = '"' + '", "'.join([x.get("uri") for x in analysis.get("cuckoo").get("network").get("http")]) + '"'
	else:
	apk['network_http_joined'] = ""

	if len(analysis.get("cuckoo").get("network").get("domains")) > 0:
	apk['network_domains_joined'] = '"' + '", "'.join([x.get("domain") for x in analysis.get("cuckoo").get("network").get("domains")]) + '"'
	else:
	apk['network_domains_joined'] = ""

	print "Analysis loaded\n"
	print "Generating searches...\n"
	time.sleep(1)
	generate_searches(apk)

	if __name__ == '__main__':
	os.system('clear')
	main()