-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathtriplex.py
More file actions
162 lines (123 loc) · 5.65 KB
/
triplex.py
File metadata and controls
162 lines (123 loc) · 5.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#!/usr/bin/env python3
import os
import sys
import xml.etree.ElementTree as ET
import re
class bcolors:
OK = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
RESET = '\033[0m'
INFO = '\033[94m'
def banner():
print(""" ____ ____ __ ____ __ ____ _ _
(_ _)( _ \( )( _ \( ) ( __)( \/ )
)( ) / )( ) __// (_/\ ) _) ) (
(__) (__\_)(__)(__) \____/(____)(_/\_) by S1rN3tZ
""")
def help():
print(bcolors.INFO + "[*]" + bcolors.RESET + " usage: echo path/to/appRepo/ | python3 triplex.py")
def find_android_manifest(repo_path):
for root, dirs, files in os.walk(repo_path):
if "AndroidManifest.xml" in files:
return os.path.join(root, "AndroidManifest.xml")
return None
def get_exported_components_with_intents(manifest_path):
exported_components = []
tree = ET.parse(manifest_path)
root = tree.getroot()
namespace = {'android': 'http://schemas.android.com/apk/res/android'}
package_name = root.attrib.get('package', '')
components = ["activity", "receiver", "service"]
for component in components:
for elem in root.findall(f".//{component}", namespace):
exported = elem.attrib.get('{http://schemas.android.com/apk/res/android}exported')
if exported == "true" and has_intent_filter(elem):
component_name = elem.attrib.get('{http://schemas.android.com/apk/res/android}name')
if component_name:
if component_name.startswith("."):
component_name = package_name + component_name
elif "." not in component_name:
component_name = package_name + "." + component_name
exported_components.append({
"component_type": component,
"component_name": component_name,
})
return exported_components
def has_intent_filter(component):
return component.find('intent-filter') is not None
def find_smali_files(repo_path, components):
smali_paths = []
smali_dirs = [os.path.join(repo_path, d) for d in os.listdir(repo_path) if d.startswith("smali")]
for component in components:
component_name = component['component_name']
component_path = component_name.replace('.', '/') + ".smali"
for smali_dir in smali_dirs:
smali_file_path = os.path.join(smali_dir, component_path)
if os.path.exists(smali_file_path):
smali_paths.append({
"component_name": component_name,
"path": smali_file_path
})
break # Stop after first match
return smali_paths
def extract_extras(smali_files):
regex_match = re.compile(
r"const-string v\d+, \"(?P<extra>.*?)\"\s+invoke-virtual \{.*?\}, Landroid/content/Intent;->(?P<method>get[A-Za-z]+Extra|putExtra)"
)
component_intents = {}
for smali_file in smali_files:
component_name = smali_file['component_name']
file_path = smali_file['path']
if component_name not in component_intents:
component_intents[component_name] = {'Methods': [], 'Extras': []}
with open(file_path, 'r', encoding='utf-8') as f:
content = f.read()
matches = regex_match.finditer(content)
for match in matches:
extra = match.group('extra')
method = match.group('method')
if method not in component_intents[component_name]['Methods']:
component_intents[component_name]['Methods'].append(method)
if extra not in component_intents[component_name]['Extras']:
component_intents[component_name]['Extras'].append(extra)
return component_intents
def main():
banner()
repo_path = sys.stdin.read().strip()
if not os.path.exists(repo_path):
print(bcolors.WARNING + "[!]" + bcolors.RESET + " Repository path does not exist.")
help()
sys.exit(1)
manifest_path = find_android_manifest(repo_path)
if not manifest_path:
print(bcolors.WARNING + "[!]" + bcolors.RESET + " AndroidManifest.xml not found.")
help()
sys.exit(1)
exported_components = get_exported_components_with_intents(manifest_path)
if not exported_components:
print(bcolors.WARNING + "[!]" + bcolors.RESET + " No exported components with intents found.")
help()
sys.exit(1)
smali_files = find_smali_files(repo_path, exported_components)
if not smali_files:
print(bcolors.WARNING + "[!]" + bcolors.RESET + " No smali files found.")
help()
sys.exit(1)
component_intents = extract_extras(smali_files)
for component in exported_components:
component_name = component['component_name']
print(bcolors.OK + "[+]" + bcolors.RESET + f" Exported {component['component_type'].capitalize()}: " +
bcolors.OK + f"{component_name}" + bcolors.RESET)
if component_intents.get(component_name):
if component_intents[component_name]['Methods']:
print(bcolors.INFO + " [*]" + bcolors.RESET + " Extras Methods:")
for method in component_intents[component_name]['Methods']:
print(" |_ " + bcolors.INFO + f"{method}" + bcolors.RESET)
if component_intents[component_name]['Extras']:
print(bcolors.INFO + " [*]" + bcolors.RESET + " Extras keys:")
for extra in component_intents[component_name]['Extras']:
print(" |_ " + bcolors.INFO + f"{extra}" + bcolors.RESET)
print()
if __name__ == "__main__":
main()