Last active
March 31, 2026 11:04
-
-
Save suuhm/aaf8dc1d78c65f627c07d4d0c71644ec to your computer and use it in GitHub Desktop.
MVT replacement for fast check your android < Version 7 with stix2 files eg. Stalkerware
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # (c) 2026 suuhm | |
| # https://github.com/suuhm | |
| # Discord: https://discord.gg/2tRn7GWTRm | |
| # Setup: | |
| # sudo apt update && sudo apt install python3-pip adb -y | |
| # | |
| echo "Start downloading Stix2 Files:"; echo; sleep 2 | |
| wget https://github.com/AssoEchap/stalkerware-indicators/raw/refs/heads/master/generated/stalkerware.stix2 | |
| cat stalkerware.stix2 | tr '}' '\n' | tr '{' '\n' | tr ',' '\n' | sed 's/^[ \t]*//' > stix_deep.txt | |
| adb devices && adb shell pm list packages | cut -f 2 -d ":" > installed_apps.txt | |
| HITS=$(grep -Fxf <(grep -oP "('|\")[a-zA-Z0-9._-]+\.[a-zA-Z0-9._-]+('|\")" stix_deep.txt | tr -d "'\" ") <(tr -d ' \r' < installed_apps.txt)) | |
| if [ -z "$HITS" ]; then | |
| echo "✅ No threats found on your device." | |
| else | |
| echo "⚠️ STALKERWARE DETECTED! Generating Report..." | |
| echo "" | |
| # Table Header | |
| printf "%-35s | %-20s | %-15s | %s\n" "PACKAGE NAME" "NAME/TYPE" "CREATED" "DESCRIPTION" | |
| echo "----------------------------------------------------------------------------------------------------------------------------------" | |
| for app in $HITS; do | |
| # Extract metadata from the cleaned STIX file | |
| META_NAME=$(grep -A 10 "$app" stix_deep.txt | grep -m 1 "name" | cut -d':' -f2 | tr -d '" ' || echo "N/A") | |
| META_DESC=$(grep -A 10 "$app" stix_deep.txt | grep -m 1 "description" | cut -d':' -f2- | tr -d '"{}' | sed 's/^[ \t]*//' || echo "N/A") | |
| META_DATE=$(grep -A 10 "$app" stix_deep.txt | grep -m 1 "created" | cut -d':' -f2 | cut -d'T' -f1 | tr -d '" ' || echo "N/A") | |
| if [ -z "$META_NAME" ] || [ "$META_NAME" == "N/A" ]; then | |
| META_NAME=$(grep -A 10 "$app" stix_deep.txt | grep -m 1 "indicator_types" | cut -d'[' -f2 | cut -d']' -f1 | tr -d '" ' || echo "Malware") | |
| fi | |
| printf "%-35s | %-20s | %-15s | %s\n" "$app" "${META_NAME:0:18}" "$META_DATE" "${META_DESC:0:60}" | |
| done | |
| echo "----------------------------------------------------------------------------------------------------------------------------------" | |
| echo "" | |
| echo "💡 Recommendation: Check 'adb shell dumpsys package <package_name>' for more details on the found apps." | |
| fi | |
| exit 0; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment