anais-apk-forensic 1.0.0

package/scripts/setup.sh

@@ -0,0 +1,206 @@
+#!/bin/bash
+
+###############################################
+# Quick Setup Script
+# Sets up the analysis framework and validates
+###############################################
+
+set -e
+
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+echo -e "${BLUE}"
+echo "╔════════════════════════════════════════════╗"
+echo "║  Anais Static Core Setup ║"
+echo "╚════════════════════════════════════════════╝"
+echo -e "${NC}"
+
+# Check if on macOS or Linux
+if [[ "$OSTYPE" == "darwin"* ]]; then
+    OS="macos"
+    echo -e "${GREEN}[+] Detected macOS${NC}"
+elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
+    OS="linux"
+    echo -e "${GREEN}[+] Detected Linux${NC}"
+else
+    echo -e "${RED}[!] Unsupported OS${NC}"
+    exit 1
+fi
+
+# Function to check if command exists
+command_exists() {
+    command -v "$1" >/dev/null 2>&1
+}
+
+# Check Python3
+echo -e "\n${YELLOW}[*] Checking Python3...${NC}"
+if command_exists python3; then
+    PYTHON_VERSION=$(python3 --version | awk '{print $2}')
+    echo -e "${GREEN}[+] Python3 found: $PYTHON_VERSION${NC}"
+else
+    echo -e "${RED}[!] Python3 not found${NC}"
+    echo "Install with:"
+    if [ "$OS" = "macos" ]; then
+        echo "  brew install python3"
+    else
+        echo "  sudo apt-get install python3 python3-pip"
+    fi
+    exit 1
+fi
+
+# Check Java
+echo -e "\n${YELLOW}[*] Checking Java...${NC}"
+if command_exists java; then
+    JAVA_VERSION=$(java -version 2>&1 | head -n 1)
+    echo -e "${GREEN}[+] Java found: $JAVA_VERSION${NC}"
+else
+    echo -e "${RED}[!] Java not found${NC}"
+    echo "Install with:"
+    if [ "$OS" = "macos" ]; then
+        echo "  brew install openjdk"
+    else
+        echo "  sudo apt-get install default-jdk"
+    fi
+    exit 1
+fi
+
+# Check APKTool
+echo -e "\n${YELLOW}[*] Checking APKTool...${NC}"
+if command_exists apktool; then
+    APKTOOL_VERSION=$(apktool --version 2>&1 | head -n 1)
+    echo -e "${GREEN}[+] APKTool found: $APKTOOL_VERSION${NC}"
+else
+    echo -e "${YELLOW}[!] APKTool not found${NC}"
+    echo "Install with:"
+    if [ "$OS" = "macos" ]; then
+        echo "  brew install apktool"
+    else
+        echo "  sudo apt-get install apktool"
+    fi
+fi
+
+# Check JADX
+echo -e "\n${YELLOW}[*] Checking JADX...${NC}"
+if command_exists jadx; then
+    JADX_VERSION=$(jadx --version 2>&1 | head -n 1)
+    echo -e "${GREEN}[+] JADX found: $JADX_VERSION${NC}"
+else
+    echo -e "${YELLOW}[!] JADX not found${NC}"
+    echo "Install with:"
+    if [ "$OS" = "macos" ]; then
+        echo "  brew install jadx"
+    else
+        echo "  Download from: https://github.com/skylot/jadx/releases"
+    fi
+fi
+
+# Check YARA
+echo -e "\n${YELLOW}[*] Checking YARA...${NC}"
+if command_exists yara; then
+    YARA_VERSION=$(yara --version 2>&1)
+    echo -e "${GREEN}[+] YARA found: $YARA_VERSION${NC}"
+else
+    echo -e "${YELLOW}[!] YARA not found${NC}"
+    echo "Install with:"
+    if [ "$OS" = "macos" ]; then
+        echo "  brew install yara"
+    else
+        echo "  sudo apt-get install yara"
+    fi
+fi
+
+# Install Python packages
+echo -e "\n${YELLOW}[*] Checking Python packages...${NC}"
+
+REQUIRED_PACKAGES=("androguard" "yara-python" "requests" "cryptography")
+MISSING_PACKAGES=()
+
+for package in "${REQUIRED_PACKAGES[@]}"; do
+    if python3 -c "import ${package//-/_}" 2>/dev/null; then
+        echo -e "${GREEN}[+] $package installed${NC}"
+    else
+        echo -e "${YELLOW}[!] $package not installed${NC}"
+        MISSING_PACKAGES+=("$package")
+    fi
+done
+
+if [ ${#MISSING_PACKAGES[@]} -ne 0 ]; then
+    echo -e "\n${YELLOW}[*] Installing missing Python packages...${NC}"
+    pip3 install "${MISSING_PACKAGES[@]}"
+fi
+
+# Make scripts executable
+echo -e "\n${YELLOW}[*] Setting execute permissions...${NC}"
+chmod +x malware_analyzer.sh
+chmod +x scripts/dynamic_analysis_helper.sh
+
+if [ -d "analysis_tools" ]; then
+    chmod +x analysis_tools/*.py
+fi
+
+echo -e "${GREEN}[+] Scripts are now executable${NC}"
+
+# Create necessary directories
+echo -e "\n${YELLOW}[*] Creating directories...${NC}"
+mkdir -p "${HOME}/Documents/Anais-Reports"
+mkdir -p "${HOME}/Documents/Anais-Reports/reports"
+echo -e "${GREEN}[+] Directories created in ${HOME}/Documents/Anais-Reports${NC}"
+
+# Validate YARA rules
+echo -e "\n${YELLOW}[*] Validating YARA rules...${NC}"
+if [ -f "rules/yara_general_rules.yar" ]; then
+    if yara -w rules/yara_general_rules.yar rules/yara_general_rules.yar >/dev/null 2>&1; then
+        echo -e "${GREEN}[+] yara_general_rules.yar is valid${NC}"
+    else
+        echo -e "${YELLOW}[!] yara_general_rules.yar has warnings${NC}"
+    fi
+fi
+
+# Summary
+echo -e "\n${BLUE}═══════════════════════════════════════${NC}"
+echo -e "${BLUE}           Setup Summary${NC}"
+echo -e "${BLUE}═══════════════════════════════════════${NC}"
+
+echo -e "\n${GREEN}✓ Setup Complete!${NC}\n"
+
+echo "Quick Start:"
+echo "  1. Analyze an APK:"
+echo "     ./malware_analyzer.sh /path/to/app.apk"
+echo ""
+echo "  2. Dynamic analysis (with device connected):"
+echo "     ./scripts/dynamic_analysis_helper.sh dex-dump com.package.name"
+echo ""
+echo "  3. View documentation:"
+echo "     cat ANALYZER_README.md"
+echo ""
+
+# Check if ADB is available for dynamic analysis
+if command_exists adb; then
+    echo -e "${GREEN}[+] ADB found - Dynamic analysis available${NC}"
+    echo ""
+else
+    echo -e "${YELLOW}[!] ADB not found - Dynamic analysis will not be available${NC}"
+    echo "Install with:"
+    if [ "$OS" = "macos" ]; then
+        echo "  brew install android-platform-tools"
+    else
+        echo "  sudo apt-get install android-tools-adb"
+    fi
+    echo ""
+fi
+
+# Check for Frida
+if command_exists frida; then
+    echo -e "${GREEN}[+] Frida found - Advanced hooking available${NC}"
+else
+    echo -e "${YELLOW}[!] Frida not found - Install for advanced dynamic analysis${NC}"
+    echo "Install with: pip3 install frida-tools"
+fi
+
+echo ""
+echo -e "${BLUE}═══════════════════════════════════════${NC}"
+echo ""

package/scripts/validate_framework.sh

@@ -0,0 +1,224 @@
+#!/bin/bash
+# Test script untuk validasi framework
+# Run this untuk test framework dengan dummy APK
+
+set -e
+
+echo "═══════════════════════════════════════════════════════════"
+echo "  Anais Static Core - Validation Test"
+echo "═══════════════════════════════════════════════════════════"
+echo ""
+
+# Test 1: Check all scripts exist
+echo "[TEST 1] Checking script files..."
+files=(
+    "anais.sh"
+    "scripts/dynamic_analysis_helper.sh"
+    "scripts/setup.sh"
+    "analysis_tools/check_zip_encryption.py"
+    "analysis_tools/fix_apk_headers.py"
+    "analysis_tools/detect_obfuscation.py"
+    "analysis_tools/sast_scanner.py"
+    "analysis_tools/apk_basic_info.py"
+    "analysis_tools/manifest_analyzer.py"
+    "analysis_tools/network_analyzer.py"
+    "analysis_tools/report_generator.py"
+)
+
+missing=0
+for file in "${files[@]}"; do
+    if [ -f "$file" ]; then
+        echo "  ✓ $file"
+    else
+        echo "  ✗ $file (MISSING)"
+        missing=$((missing + 1))
+    fi
+done
+
+if [ $missing -eq 0 ]; then
+    echo "✓ All script files present"
+else
+    echo "✗ $missing files missing"
+    exit 1
+fi
+echo ""
+
+# Test 2: Check permissions
+echo "[TEST 2] Checking execute permissions..."
+if [ -x "anais.sh" ] && [ -x "scripts/dynamic_analysis_helper.sh" ] && [ -x "scripts/setup.sh" ]; then
+    echo "✓ Main scripts are executable"
+else
+    echo "✗ Scripts not executable. Run: chmod +x *.sh"
+    exit 1
+fi
+echo ""
+
+# Test 3: Check Python scripts
+echo "[TEST 3] Checking Python scripts syntax..."
+python_errors=0
+for script in analysis_tools/*.py; do
+    if python3 -m py_compile "$script" 2>/dev/null; then
+        echo "  ✓ $(basename $script)"
+    else
+        echo "  ✗ $(basename $script) (SYNTAX ERROR)"
+        python_errors=$((python_errors + 1))
+    fi
+done
+
+if [ $python_errors -eq 0 ]; then
+    echo "✓ All Python scripts valid"
+else
+    echo "✗ $python_errors Python scripts have syntax errors"
+    exit 1
+fi
+echo ""
+
+# Test 4: Check YARA rules
+echo "[TEST 4] Validating YARA rules..."
+if command -v yara >/dev/null 2>&1; then
+    if [ -f "rules/yara_general_rules.yar" ]; then
+        if yara -w rules/yara_general_rules.yar rules/yara_general_rules.yar >/dev/null 2>&1; then
+            echo "  ✓ rules/yara_general_rules.yar"
+        else
+            echo "  ⚠ rules/yara_general_rules.yar (has warnings)"
+        fi
+    fi
+    echo "✓ YARA rules validated"
+else
+    echo "⚠ YARA not installed, skipping rule validation"
+fi
+echo ""
+
+# Test 5: Check documentation
+echo "[TEST 5] Checking documentation files..."
+docs=(
+    "README.md"
+    "docs/ARCHITECTURE.txt"
+    "docs/Workflow and Reference.md"
+    "analyzer_config.json"
+)
+
+for doc in "${docs[@]}"; do
+    if [ -f "$doc" ]; then
+        echo "  ✓ $doc"
+    else
+        echo "  ✗ $doc (MISSING)"
+    fi
+done
+echo ""
+
+# Test 6: Check directories
+echo "[TEST 6] Checking directory structure..."
+if [ -d "analysis_tools" ]; then
+    echo "  ✓ analysis_tools/"
+else
+    echo "  ✗ analysis_tools/ (MISSING)"
+fi
+
+if [ -d "scripts" ]; then
+    echo "  ✓ scripts/"
+else
+    echo "  ✗ scripts/ (MISSING)"
+fi
+
+if [ -d "rules" ]; then
+    echo "  ✓ rules/"
+else
+    echo "  ✗ rules/ (MISSING)"
+fi
+
+if [ -d "docs" ]; then
+    echo "  ✓ docs/"
+else
+    echo "  ✗ docs/ (MISSING)"
+fi
+
+if [ -d "${HOME}/Documents/Anais-Reports" ]; then
+    echo "  ✓ ~/Documents/Anais-Reports/"
+else
+    echo "  ⚠ ~/Documents/Anais-Reports/ (will be created on first run)"
+fi
+echo ""
+
+# Test 7: Check dependencies
+echo "[TEST 7] Checking dependencies..."
+
+check_cmd() {
+    if command -v "$1" >/dev/null 2>&1; then
+        echo "  ✓ $1"
+        return 0
+    else
+        echo "  ✗ $1 (NOT INSTALLED)"
+        return 1
+    fi
+}
+
+deps_missing=0
+check_cmd python3 || deps_missing=$((deps_missing + 1))
+check_cmd java || deps_missing=$((deps_missing + 1))
+check_cmd apktool || deps_missing=$((deps_missing + 1))
+check_cmd jadx || deps_missing=$((deps_missing + 1))
+check_cmd yara || deps_missing=$((deps_missing + 1))
+
+if [ $deps_missing -eq 0 ]; then
+    echo "✓ All dependencies installed"
+else
+    echo "⚠ $deps_missing dependencies missing (run setup.sh for details)"
+fi
+echo ""
+
+# Test 8: Check Python packages
+echo "[TEST 8] Checking Python packages..."
+
+check_pkg() {
+    if python3 -c "import ${1//-/_}" 2>/dev/null; then
+        echo "  ✓ $1"
+        return 0
+    else
+        echo "  ✗ $1 (NOT INSTALLED)"
+        return 1
+    fi
+}
+
+pkgs_missing=0
+check_pkg androguard || pkgs_missing=$((pkgs_missing + 1))
+check_pkg yara-python || pkgs_missing=$((pkgs_missing + 1))
+check_pkg requests || pkgs_missing=$((pkgs_missing + 1))
+check_pkg cryptography || pkgs_missing=$((pkgs_missing + 1))
+
+if [ $pkgs_missing -eq 0 ]; then
+    echo "✓ All Python packages installed"
+else
+    echo "⚠ $pkgs_missing Python packages missing"
+    echo "  Install with: pip3 install androguard yara-python requests cryptography"
+fi
+echo ""
+
+# Summary
+echo "═══════════════════════════════════════════════════════════"
+echo "                    TEST SUMMARY"
+echo "═══════════════════════════════════════════════════════════"
+echo ""
+
+if [ $missing -eq 0 ] && [ $python_errors -eq 0 ]; then
+    echo "✅ FRAMEWORK VALIDATION PASSED"
+    echo ""
+    echo "Framework is ready to use!"
+    echo ""
+    echo "Quick Start:"
+    echo "  1. Run setup (if not done): ./scripts/setup.sh"
+    echo "  2. Analyze an APK: ./anais.sh app.apk"
+    echo ""
+    
+    if [ $deps_missing -gt 0 ] || [ $pkgs_missing -gt 0 ]; then
+        echo "⚠️  Some dependencies are missing. The framework will work with"
+        echo "   limited functionality. Run ./scripts/setup.sh for details."
+    fi
+else
+    echo "❌ FRAMEWORK VALIDATION FAILED"
+    echo ""
+    echo "Please fix the errors above before using the framework."
+    exit 1
+fi
+
+echo "═══════════════════════════════════════════════════════════"

package/src/cli.ts

@@ -0,0 +1,91 @@
+#!/usr/bin/env node
+
+import { executeForensicAnalysis } from "./index";
+import {
+  formatError,
+  formatSuccess,
+  printBanner,
+  printSeparator,
+} from "./utils";
+
+const main = async () => {
+  const args = process.argv.slice(2);
+
+  if (args.length === 0) {
+    printBanner();
+    console.log("Usage:");
+    console.log("  anais <apk-file-path>     Analyze an APK file");
+    console.log("  anais --version           Show version");
+    console.log("  anais --help              Show this help message");
+    process.exit(0);
+  }
+
+  if (args[0] === "--version" || args[0] === "-v") {
+    console.log("Anais APK Forensic CLI v1.0.0");
+    process.exit(0);
+  }
+
+  if (args[0] === "--help" || args[0] === "-h") {
+    printBanner();
+    console.log("Usage:");
+    console.log("  anais <apk-file-path>     Analyze an APK file");
+    console.log("  anais --version           Show version");
+    console.log("  anais --help              Show this help message");
+    console.log("\nDescription:");
+    console.log("  Comprehensive APK security analysis and SAST scanner");
+    console.log("  - Decompilation with APKTool and JADX");
+    console.log("  - YARA malware detection");
+    console.log("  - Obfuscation detection");
+    console.log("  - Network traffic analysis");
+    console.log("  - AndroidManifest analysis");
+    console.log("  - Entropy analysis for encrypted payloads");
+    process.exit(0);
+  }
+
+  const apkPath = args[0];
+
+  try {
+    console.log(`🔍 Anais APK Forensic Analysis\n`);
+    printSeparator();
+    console.log();
+
+    const result = await executeForensicAnalysis(apkPath);
+
+    console.log();
+    printSeparator();
+
+    if (result.success) {
+      console.log(`\n${formatSuccess("Analysis completed successfully!")}\n`);
+
+      if (result.workspaceDir) {
+        console.log(`📁 Workspace: ${result.workspaceDir}`);
+      }
+
+      if (result.reportPath) {
+        console.log(`📄 Report: ${result.reportPath}`);
+      }
+
+      if (result.jsonReportPath) {
+        console.log(`📊 JSON Report: ${result.jsonReportPath}`);
+      }
+
+      console.log(
+        "\n💡 Tip: Open the report with your preferred markdown viewer",
+      );
+      console.log(`   e.g., cat "${result.reportPath}"\n`);
+    } else {
+      console.log(`\n${formatError("Analysis failed!")}\n`);
+      console.log(`Error: ${result.message}`);
+      if (result.error) {
+        console.log(`Details: ${result.error}`);
+      }
+      process.exit(1);
+    }
+  } catch (error) {
+    console.error(`\n${formatError("Unexpected error during analysis:")}`);
+    console.error(error);
+    process.exit(1);
+  }
+};
+
+main();

package/src/index.ts

@@ -0,0 +1,123 @@
+import { spawn } from "child_process";
+import { AnalysisResult } from "./types";
+import {
+  fileExists,
+  getAnaisScriptPath,
+  getBasename,
+  getProjectRoot,
+  resolveAbsolutePath,
+} from "./utils";
+
+export * from "./types";
+
+export const executeForensicAnalysis = async (
+  apkPath: string,
+): Promise<AnalysisResult> => {
+  return new Promise((resolve, reject) => {
+    // Resolve absolute path
+    const absoluteApkPath = resolveAbsolutePath(apkPath);
+
+    // Check if APK file exists
+    if (!fileExists(absoluteApkPath)) {
+      return resolve({
+        success: false,
+        apkPath,
+        message: `APK file not found: ${apkPath}`,
+        error: "File not found",
+      });
+    }
+
+    console.log(`\n📱 APK: ${getBasename(absoluteApkPath)}`);
+    console.log(`📂 Path: ${absoluteApkPath}\n`);
+
+    // Get paths
+    const scriptDir = getProjectRoot();
+    const anaisScript = getAnaisScriptPath();
+
+    if (!fileExists(anaisScript)) {
+      return resolve({
+        success: false,
+        apkPath,
+        message: `Analysis script not found: ${anaisScript}`,
+        error: "Script not found",
+      });
+    }
+
+    console.log(`🚀 Executing analysis...\n`);
+
+    // Spawn the bash script
+    const analysis = spawn("bash", [anaisScript, absoluteApkPath], {
+      cwd: scriptDir,
+      env: {
+        ...process.env,
+        PYTHONWARNINGS: "ignore",
+      },
+    });
+
+    let stdout = "";
+    let stderr = "";
+    let workspaceDir = "";
+    let reportPath = "";
+
+    // Capture stdout
+    analysis.stdout.on("data", (data) => {
+      const output = data.toString();
+      process.stdout.write(output);
+      stdout += output;
+
+      // Extract workspace directory from output
+      const workspaceMatch = output.match(/Workspace initialized: (.+)/);
+      if (workspaceMatch) {
+        workspaceDir = workspaceMatch[1].trim();
+      }
+
+      // Extract report path
+      const reportMatch = output.match(/Main report: (.+\.md)/);
+      if (reportMatch) {
+        reportPath = reportMatch[1].trim();
+      }
+    });
+
+    // Capture stderr (though we're logging warnings there)
+    analysis.stderr.on("data", (data) => {
+      stderr += data.toString();
+      // Don't print stderr to console as it's handled by the script
+    });
+
+    // Handle process completion
+    analysis.on("close", (code) => {
+      if (code === 0) {
+        const jsonReportPath = reportPath.replace(/\.md$/, ".json");
+
+        resolve({
+          success: true,
+          apkPath: absoluteApkPath,
+          workspaceDir,
+          reportPath,
+          jsonReportPath: fileExists(jsonReportPath)
+            ? jsonReportPath
+            : undefined,
+          message: "Analysis completed successfully",
+        });
+      } else {
+        resolve({
+          success: false,
+          apkPath: absoluteApkPath,
+          workspaceDir,
+          message: `Analysis failed with exit code ${code}`,
+          error: stderr || "Unknown error",
+        });
+      }
+    });
+
+    // Handle errors
+    analysis.on("error", (error) => {
+      reject({
+        success: false,
+        apkPath: absoluteApkPath,
+        message: "Failed to execute analysis script",
+        error: error.message,
+      });
+    });
+  });
+};

package/src/types/index.ts

@@ -0,0 +1,44 @@
+/**
+ * Analysis result from the forensic analysis
+ */
+export interface AnalysisResult {
+  success: boolean;
+  apkPath: string;
+  workspaceDir?: string;
+  reportPath?: string;
+  jsonReportPath?: string;
+  message: string;
+  error?: string;
+}
+
+/**
+ * CLI command options
+ */
+export interface CLIOptions {
+  help?: boolean;
+  version?: boolean;
+  verbose?: boolean;
+  output?: string;
+}
+
+/**
+ * Original types (kept for compatibility)
+ */
+export interface CommandLineOptions {
+  inputFile: string;
+  outputFile?: string;
+  verbose?: boolean;
+}
+
+export interface ApkAnalysisResult {
+  packageName: string;
+  versionCode: number;
+  versionName: string;
+  permissions: string[];
+  activities: string[];
+  services: string[];
+  receivers: string[];
+  providers: string[];
+}
+
+export type AnalysisStatus = "pending" | "in-progress" | "completed" | "failed";

package/src/utils/index.ts

@@ -0,0 +1,6 @@
+/**
+ * Utility functions export
+ */
+
+export * from "./output";
+export * from "./paths";