AndroidManifestExplorer 1.0.0__tar.gz

androidmanifestexplorer-1.0.0/AndroidManifestExplorer.egg-info/PKG-INFO

@@ -0,0 +1,114 @@
+Metadata-Version: 2.4
+Name: AndroidManifestExplorer
+Version: 1.0.0
+Summary: A professional tool to automate attack surface detection in Android applications by parsing Manifest files.
+Home-page: https://github.com/mateofumis/AndroidManifestExplorer
+Author: Mateo Fumis
+Author-email: mateofumis@mfumis.com
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security
+Classifier: Intended Audience :: Information Technology
+Classifier: Environment :: Console
+Requires-Python: >=3.6
+Description-Content-Type: text/markdown
+Requires-Dist: colorama>=0.4.4
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# **📲 AndroidManifestExplorer**
+
+A high-performance static analysis utility designed to automate the discovery of attack surfaces in Android applications. By parsing decompiled `AndroidManifest.xml` files, this tool identifies exposed components, security misconfigurations, and deep-link vectors, providing ready-to-use `adb` payloads for immediate dynamic verification.
+
+## **🎯 Security Objectives**
+
+* **Attack Surface Mapping**: Identify all exported Activities, Services, Broadcast Receivers, and Content Providers.  
+* **Implicit Export Detection**: Flag components that are exported by default due to the presence of intent-filters without explicit `android:exported="false"` attributes.
+* **Deep Link Analysis**: Extract URI schemes and hosts to facilitate intent-fuzzing and unauthorized navigation testing.  
+* **Permission Audit**: Highlight unprotected components and evaluate the strength of defined custom permissions.  
+* **Config Analysis**: Detect high-risk flags such as `debuggable="true"`, `allowBackup="true"`, and `testOnly="true"`.
+
+## **🚀 Installation**
+
+### Prerequisites
+- Python 3.6+
+- [apktool](https://apktool.org/) (for decompiling binary XML)
+
+### **Setup**
+
+1. Clone the repository and install the dependencies:
+
+```bash
+$: git clone https://github.com/mateofumis/AndroidManifestExplorer.git
+$: cd AndroidManifestExplorer
+$: pip install .
+```
+
+- Alternatively, install the requirements directly:
+
+```bash
+$: pip install -r requirements.txt
+```
+
+1. Using PyPI (Available for `pip` or `pipx`)
+
+```bash
+# with pip/pip3
+$: pip install AndroidManifestExplorer
+# or pipx
+$: pipx install AndroidManifestExplorer
+```
+
+## **🛠 Usage Workflow**
+
+### **1. Decompile Target APK**
+
+The tool operates on the plain-text XML output of `apktool`.
+
+```bash
+$: apktool d target_app.apk -o output_dir
+```
+
+### **2. Execute Scan**
+
+Run the explorer against the generated manifest:
+
+```bash
+$: AndroidManifestExplorer -f output_dir/AndroidManifest.xml
+```
+
+If running the script directly without installation:
+
+```bash
+$: python3 AndroidManifestExplorer.py -f output_dir/AndroidManifest.xml
+```
+
+## **📊 Technical Output Overview**
+
+The tool categorizes findings by risk and generates specific `adb` commands:
+
+* **Activities**: Generates `am start` commands.  
+* **Services**: Generates `am start-service` commands.  
+* **Receivers**: Generates `am broadcast` commands.  
+* **Providers**: Generates `content query` commands with a default SQLi test payload (`--where "1=1"`).
+
+### **Example Result:**
+
+```
+[+] ACTIVITY EXPORTED: com.package.name.InternalActivity  
+    [!] NO PERMISSION REQUIRED (High Risk)  
+    [>] ADB: adb shell am start -n com.package.name/com.package.name.InternalActivity  
+    [★] DEEP LINK DETECTED: secret-app://debug_panel  
+    [>] Attack: adb shell am start -W -a android.intent.action.VIEW -d "secret-app://debug_panel" com.package.name
+```
+## **⚖️  Disclaimer**
+
+This tool is intended for professional security research and authorized penetration testing only. Unauthorized use against systems without prior written consent is strictly prohibited and may violate local and international laws. The developer assumes no liability for misuse or damage caused by this utility.

androidmanifestexplorer-1.0.0/AndroidManifestExplorer.egg-info/SOURCES.txt

@@ -0,0 +1,9 @@
+AndroidManifestExplorer.py
+README.md
+setup.py
+AndroidManifestExplorer.egg-info/PKG-INFO
+AndroidManifestExplorer.egg-info/SOURCES.txt
+AndroidManifestExplorer.egg-info/dependency_links.txt
+AndroidManifestExplorer.egg-info/entry_points.txt
+AndroidManifestExplorer.egg-info/requires.txt
+AndroidManifestExplorer.egg-info/top_level.txt

androidmanifestexplorer-1.0.0/AndroidManifestExplorer.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

androidmanifestexplorer-1.0.0/AndroidManifestExplorer.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+AndroidManifestExplorer = AndroidManifestExplorer:main

androidmanifestexplorer-1.0.0/AndroidManifestExplorer.egg-info/requires.txt

@@ -0,0 +1 @@
+colorama>=0.4.4

androidmanifestexplorer-1.0.0/AndroidManifestExplorer.egg-info/top_level.txt

@@ -0,0 +1 @@
+AndroidManifestExplorer

androidmanifestexplorer-1.0.0/AndroidManifestExplorer.py

@@ -0,0 +1,130 @@
+#!/usr/bin/env python3
+# Author: Mateo Fumis (hackermater) - linkedin.com/in/mateo-gabriel-fumis
+import xml.etree.ElementTree as ET
+import argparse
+import sys
+from colorama import init, Fore, Style
+
+init(autoreset=True)
+
+ANDROID_NS = '{http://schemas.android.com/apk/res/android}'
+
+def get_attr(element, attr_name):
+    """Helper to get attributes handling the namespace"""
+    return element.get(f"{ANDROID_NS}{attr_name}")
+
+def analyze_deep_links(activity_node, full_name, package_name):
+    """Extracts schemes and hosts to build Deep Link attacks"""
+    found_uris = set()
+    
+    for intent in activity_node.findall('intent-filter'):
+        data_tags = intent.findall('data')
+        
+        for data in data_tags:
+            scheme = get_attr(data, 'scheme')
+            host = get_attr(data, 'host')
+            
+            if scheme:
+                uri = f"{scheme}://"
+
+                if host: uri += host
+                found_uris.add(uri)
+
+    for uri in sorted(found_uris):
+        print(f"{Fore.LIGHTGREEN_EX}    [★] DEEP LINK DETECTED: {uri}")
+        print(f"{Fore.WHITE}    [>] Attack: adb shell am start -W -a android.intent.action.VIEW -d \"{uri}\" {package_name}")
+
+def analyze_manifest(manifest_path):
+    try:
+        tree = ET.parse(manifest_path)
+        root = tree.getroot()
+        package_name = root.get('package')
+        
+        print(f"{Fore.CYAN}{'='*70}")
+        print(f"{Fore.CYAN}{Style.BRIGHT}[*] AndroidManifestExplorer - Analyzing: {package_name}")
+        print(f"{Fore.CYAN}{'='*70}")
+
+        app_tag = root.find('application')
+
+        if app_tag is not None:
+            debuggable = get_attr(app_tag, 'debuggable')
+            allow_backup = get_attr(app_tag, 'allowBackup')
+            test_only = get_attr(app_tag, 'testOnly')
+            
+            if debuggable == 'true':
+                print(f"{Fore.RED}[CRITICAL] debuggable='true' -> Potential data extraction and RCE.")
+            
+            if allow_backup == 'true':
+                print(f"{Fore.YELLOW}[WARN] allowBackup='true' -> Potential data theft via 'adb backup'.")
+                print(f"{Fore.WHITE}    Command: adb backup {package_name}")
+
+            if test_only == 'true':
+                print(f"{Fore.YELLOW}[INFO] testOnly='true' -> Test/Debug APK.")
+
+        print(f"\n{Fore.CYAN}[*] Attack Surface Detected:{Style.RESET_ALL}\n")
+
+        components = {
+            'activity': {'cmd': 'am start -n', 'color': Fore.GREEN},
+            'receiver': {'cmd': 'am broadcast -n', 'color': Fore.MAGENTA},
+            'service':  {'cmd': 'am start-service -n', 'color': Fore.BLUE},
+            'provider': {'cmd': 'content query --uri', 'color': Fore.RED}
+        }
+
+        if app_tag is not None:
+            for comp_type, info in components.items():
+                for node in app_tag.findall(comp_type):
+                    name = get_attr(node, 'name')
+                    exported = get_attr(node, 'exported')
+                    permission = get_attr(node, 'permission')
+                    
+                    if not name: continue
+                    
+                    if name.startswith('.'):
+                        full_name = f"{package_name}{name}"
+                    elif '.' not in name:
+                        full_name = f"{package_name}.{name}"
+                    else:
+                        full_name = name
+
+                    has_intent_filter = node.find('intent-filter') is not None
+                    is_vuln = exported == 'true' or (exported is None and has_intent_filter)
+
+                    if is_vuln:
+                        print(f"{info['color']}[+] {comp_type.upper()} EXPORTED: {full_name}")
+                        
+                        if permission:
+                            print(f"{Fore.YELLOW}    [!] Requires permission: {permission} (Check if custom/weak)")
+                        else:
+                            print(f"{Fore.RED}    [!] NO PERMISSION REQUIRED (High Risk)")
+
+                        if comp_type == 'provider':
+                            authority = get_attr(node, 'authorities')
+                            if authority:
+                                auth_clean = authority.split(';')[0]
+                                print(f"{Fore.WHITE}    [>] ADB: adb shell {info['cmd']} content://{auth_clean}/")
+                                print(f"{Fore.WHITE}    [>] SQLi Test: adb shell {info['cmd']} content://{auth_clean}/ --where \"1=1\"")
+                        else:
+                            print(f"{Fore.WHITE}    [>] ADB: adb shell {info['cmd']} {package_name}/{full_name}")
+
+                        if comp_type == 'activity' and has_intent_filter:
+                            analyze_deep_links(node, full_name, package_name)
+                        
+                        print("-" * 50)
+
+    except FileNotFoundError:
+        print(f"{Fore.RED}[!] Error: File not found at {manifest_path}")
+    except ET.ParseError:
+        print(f"{Fore.RED}[!] Error: File is not a valid XML. Did you decompile it with APKtool?")
+    except Exception as e:
+        print(f"{Fore.RED}[!] Unexpected error: {e}")
+
+def main():
+    """Main entry point for console_scripts"""
+    parser = argparse.ArgumentParser(description='AndroidManifestExplorer - Mobile Security Tool')
+    parser.add_argument('-f', '--file', required=True, help='Path to AndroidManifest.xml (Decompiled with APKtool/Jadx)')
+    args = parser.parse_args()
+    
+    analyze_manifest(args.file)
+
+if __name__ == "__main__":
+    main()

androidmanifestexplorer-1.0.0/PKG-INFO

@@ -0,0 +1,114 @@
+Metadata-Version: 2.4
+Name: AndroidManifestExplorer
+Version: 1.0.0
+Summary: A professional tool to automate attack surface detection in Android applications by parsing Manifest files.
+Home-page: https://github.com/mateofumis/AndroidManifestExplorer
+Author: Mateo Fumis
+Author-email: mateofumis@mfumis.com
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Security
+Classifier: Intended Audience :: Information Technology
+Classifier: Environment :: Console
+Requires-Python: >=3.6
+Description-Content-Type: text/markdown
+Requires-Dist: colorama>=0.4.4
+Dynamic: author
+Dynamic: author-email
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# **📲 AndroidManifestExplorer**
+
+A high-performance static analysis utility designed to automate the discovery of attack surfaces in Android applications. By parsing decompiled `AndroidManifest.xml` files, this tool identifies exposed components, security misconfigurations, and deep-link vectors, providing ready-to-use `adb` payloads for immediate dynamic verification.
+
+## **🎯 Security Objectives**
+
+* **Attack Surface Mapping**: Identify all exported Activities, Services, Broadcast Receivers, and Content Providers.  
+* **Implicit Export Detection**: Flag components that are exported by default due to the presence of intent-filters without explicit `android:exported="false"` attributes.
+* **Deep Link Analysis**: Extract URI schemes and hosts to facilitate intent-fuzzing and unauthorized navigation testing.  
+* **Permission Audit**: Highlight unprotected components and evaluate the strength of defined custom permissions.  
+* **Config Analysis**: Detect high-risk flags such as `debuggable="true"`, `allowBackup="true"`, and `testOnly="true"`.
+
+## **🚀 Installation**
+
+### Prerequisites
+- Python 3.6+
+- [apktool](https://apktool.org/) (for decompiling binary XML)
+
+### **Setup**
+
+1. Clone the repository and install the dependencies:
+
+```bash
+$: git clone https://github.com/mateofumis/AndroidManifestExplorer.git
+$: cd AndroidManifestExplorer
+$: pip install .
+```
+
+- Alternatively, install the requirements directly:
+
+```bash
+$: pip install -r requirements.txt
+```
+
+1. Using PyPI (Available for `pip` or `pipx`)
+
+```bash
+# with pip/pip3
+$: pip install AndroidManifestExplorer
+# or pipx
+$: pipx install AndroidManifestExplorer
+```
+
+## **🛠 Usage Workflow**
+
+### **1. Decompile Target APK**
+
+The tool operates on the plain-text XML output of `apktool`.
+
+```bash
+$: apktool d target_app.apk -o output_dir
+```
+
+### **2. Execute Scan**
+
+Run the explorer against the generated manifest:
+
+```bash
+$: AndroidManifestExplorer -f output_dir/AndroidManifest.xml
+```
+
+If running the script directly without installation:
+
+```bash
+$: python3 AndroidManifestExplorer.py -f output_dir/AndroidManifest.xml
+```
+
+## **📊 Technical Output Overview**
+
+The tool categorizes findings by risk and generates specific `adb` commands:
+
+* **Activities**: Generates `am start` commands.  
+* **Services**: Generates `am start-service` commands.  
+* **Receivers**: Generates `am broadcast` commands.  
+* **Providers**: Generates `content query` commands with a default SQLi test payload (`--where "1=1"`).
+
+### **Example Result:**
+
+```
+[+] ACTIVITY EXPORTED: com.package.name.InternalActivity  
+    [!] NO PERMISSION REQUIRED (High Risk)  
+    [>] ADB: adb shell am start -n com.package.name/com.package.name.InternalActivity  
+    [★] DEEP LINK DETECTED: secret-app://debug_panel  
+    [>] Attack: adb shell am start -W -a android.intent.action.VIEW -d "secret-app://debug_panel" com.package.name
+```
+## **⚖️  Disclaimer**
+
+This tool is intended for professional security research and authorized penetration testing only. Unauthorized use against systems without prior written consent is strictly prohibited and may violate local and international laws. The developer assumes no liability for misuse or damage caused by this utility.

androidmanifestexplorer-1.0.0/README.md

@@ -0,0 +1,88 @@
+# **📲 AndroidManifestExplorer**
+
+A high-performance static analysis utility designed to automate the discovery of attack surfaces in Android applications. By parsing decompiled `AndroidManifest.xml` files, this tool identifies exposed components, security misconfigurations, and deep-link vectors, providing ready-to-use `adb` payloads for immediate dynamic verification.
+
+## **🎯 Security Objectives**
+
+* **Attack Surface Mapping**: Identify all exported Activities, Services, Broadcast Receivers, and Content Providers.  
+* **Implicit Export Detection**: Flag components that are exported by default due to the presence of intent-filters without explicit `android:exported="false"` attributes.
+* **Deep Link Analysis**: Extract URI schemes and hosts to facilitate intent-fuzzing and unauthorized navigation testing.  
+* **Permission Audit**: Highlight unprotected components and evaluate the strength of defined custom permissions.  
+* **Config Analysis**: Detect high-risk flags such as `debuggable="true"`, `allowBackup="true"`, and `testOnly="true"`.
+
+## **🚀 Installation**
+
+### Prerequisites
+- Python 3.6+
+- [apktool](https://apktool.org/) (for decompiling binary XML)
+
+### **Setup**
+
+1. Clone the repository and install the dependencies:
+
+```bash
+$: git clone https://github.com/mateofumis/AndroidManifestExplorer.git
+$: cd AndroidManifestExplorer
+$: pip install .
+```
+
+- Alternatively, install the requirements directly:
+
+```bash
+$: pip install -r requirements.txt
+```
+
+1. Using PyPI (Available for `pip` or `pipx`)
+
+```bash
+# with pip/pip3
+$: pip install AndroidManifestExplorer
+# or pipx
+$: pipx install AndroidManifestExplorer
+```
+
+## **🛠 Usage Workflow**
+
+### **1. Decompile Target APK**
+
+The tool operates on the plain-text XML output of `apktool`.
+
+```bash
+$: apktool d target_app.apk -o output_dir
+```
+
+### **2. Execute Scan**
+
+Run the explorer against the generated manifest:
+
+```bash
+$: AndroidManifestExplorer -f output_dir/AndroidManifest.xml
+```
+
+If running the script directly without installation:
+
+```bash
+$: python3 AndroidManifestExplorer.py -f output_dir/AndroidManifest.xml
+```
+
+## **📊 Technical Output Overview**
+
+The tool categorizes findings by risk and generates specific `adb` commands:
+
+* **Activities**: Generates `am start` commands.  
+* **Services**: Generates `am start-service` commands.  
+* **Receivers**: Generates `am broadcast` commands.  
+* **Providers**: Generates `content query` commands with a default SQLi test payload (`--where "1=1"`).
+
+### **Example Result:**
+
+```
+[+] ACTIVITY EXPORTED: com.package.name.InternalActivity  
+    [!] NO PERMISSION REQUIRED (High Risk)  
+    [>] ADB: adb shell am start -n com.package.name/com.package.name.InternalActivity  
+    [★] DEEP LINK DETECTED: secret-app://debug_panel  
+    [>] Attack: adb shell am start -W -a android.intent.action.VIEW -d "secret-app://debug_panel" com.package.name
+```
+## **⚖️  Disclaimer**
+
+This tool is intended for professional security research and authorized penetration testing only. Unauthorized use against systems without prior written consent is strictly prohibited and may violate local and international laws. The developer assumes no liability for misuse or damage caused by this utility.

androidmanifestexplorer-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

androidmanifestexplorer-1.0.0/setup.py

@@ -0,0 +1,31 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="AndroidManifestExplorer",
+    version="1.0.0",
+    author="Mateo Fumis",
+    author_email="mateofumis@mfumis.com",
+    description="A professional tool to automate attack surface detection in Android applications by parsing Manifest files.",
+    long_description=open("README.md", encoding="utf-8").read(),
+    long_description_content_type="text/markdown",
+    url="https://github.com/mateofumis/AndroidManifestExplorer",
+    packages=find_packages(),
+    py_modules=["AndroidManifestExplorer"],
+    install_requires=[
+        "colorama>=0.4.4",
+    ],
+    entry_points={
+        "console_scripts": [
+            "AndroidManifestExplorer=AndroidManifestExplorer:main",
+        ],
+    },
+    classifiers=[
+        "Programming Language :: Python :: 3",
+        "License :: OSI Approved :: Apache Software License",
+        "Operating System :: OS Independent",
+        "Topic :: Security",
+        "Intended Audience :: Information Technology",
+        "Environment :: Console",
+    ],
+    python_requires=">=3.6",
+)