MalwareBehaviour class¶

class glorifiedgrep.android.modules.malware.MalwareBehaviour(apk_path: str = None, output_dir: str = None, project_dir: str = None, rg_path: str = 'rg', jadx_path: str = 'jadx', clean_dir: bool = False)¶

This class is used to identify various behaviours that can be normal, but often displayed by malware. This class inherits from the _CodeAnalysis class directly, and is instantiated in the same manner as the GlorifiedAndroid class. Any parameters that the GlorifiedAndroid class takes can be passed to this class.

Parameters:

apk_path (str) – Path to the APK
output_dir (str) – Output dir for decompilation and unzipping, defaults to /tmp/GlorifiedAndroid
project_dir (str) – Project directory used for already decompiled and processed apks, defaults to None
json_output (bool) – Returns a Json object instead of dict. Defaults to False
rg_path (str) – path to ripgrep. Defaults to looking for it in path
jadx_path (str) – path to jadx. Defaults to looking for it in path
clean_dir (bool) – delete the output directory before processing

Raises:

NotValidPythonVersion – Raises if python version 3 is not used
DifferentAPKExists – Raises if decompiled APK is different than what is already decompiled
DependentBinaryMissing – Raises if ripgrep, or jadx is not found

>>> from glorifiedgrep.android.modules.malware import MalwareBehaviour
>>> m = MalwareBehaviour('/path/to/apk', output_dir='/out/dir')

__init__(apk_path: str = None, output_dir: str = None, project_dir: str = None, rg_path: str = 'rg', jadx_path: str = 'jadx', clean_dir: bool = False)¶

The init method for the whole GlorifiedAndroid module. This is interted throughout

Parameters:

apk_path (str) – Path to the APK
output_dir (str) – Output dir for decompilation and unzipping, defaults to /tmp/glorified_android
project_dir (str) – Project directory used for already decompiled and processed apks, defaults to None
rg_path (str) – path to ripgrep. Defaults to looking for it in path
jadx_path (str) – path to jadx. Defaults to looking for it in path
clean_dir (bool) – delete the output directory before processing

Raises:

NotValidPythonVersion – Raises if python version 3 is not used
DifferentAPKExists – Raises if decompiled APK is different than what is already decompiled
DependentBinaryMissing – Raises if ripgrep, or jadx is not found

>>> # The default output directory is temp/GlorifiedAndroid folder. This can be
>>> # overriden using output_dir='some/path'
>>> a = GlorifiedAndroid('/path/to/apk', output_dir='/out/dir')

Typically, the prefix for the file path is removed when processing filepaths in the various code analysis classes. This can be adjusted using

>>> a.remove_dir_prefix = ''

If ripgrep or jadx is not in path, analysis will not be complete. To pass a user defined path for either jadx or rg, the GlorifiedAndroid class can be instantiated as follows.

>>> a = GlorifiedAndroid('/path/to/apk', jadx_path='path/to/jadx', rg_path='/path/to/rg')

code_accessibility_service(show_code: bool = False) → GreppedOut¶

Identifies if the application uses AccessibilityService and its various classes. It also looks for the accessibilityEvent method. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_accessibility_service()

code_add_javascriptinterface(show_code: bool = False) → GreppedOut¶

Leads to vulnerabilities in android version jellybean and below | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_add_javascriptinterface()

code_android_contacts_content_provider(show_code: bool = False) → GreppedOut¶

Idicates imports, or any other place where the ContactsContract class and its providors are being used. This typically indicates that the app can read various contact information from the phones contact list. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_android_contacts_content_provider()

code_apache_http_get_request(show_code: bool = False) → GreppedOut¶

Detects the HttpGet method from the apache library. This is generally used to make GET requests. | Reference | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_apache_http_get_request()

code_apache_http_other_request_methods(show_code: bool = False) → GreppedOut¶

Detects the HttpPut, HttpDelete, HttpHead, HttpTrace and HttpOptions methods from the apache library. | Reference | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_apache_http_post_request()

code_apache_http_post_request(show_code: bool = False) → GreppedOut¶

Detects the HttpPost method from the apache library. This is generally used to make GET requests. | Reference | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_apache_http_post_request()

code_api_builder(show_code: bool = False) → GreppedOut¶

This method makes a best effort to detect api string builders within the decompiled Java code.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_api_builder()

code_apk_files(show_code: bool = False) → GreppedOut¶

This method will identify if calls to apk files are hardcoded.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_apk_files()

code_aws_query(show_code: bool = False) → GreppedOut¶

This method will identify where AWS queries are being made. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_aws_query()

code_base64_decode(show_code: bool = False) → GreppedOut¶

This method will identify base64 decode operations.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_base64_decode()

code_base64_encode(show_code: bool = False) → GreppedOut¶

This method will identify base64 encode operations.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_base64_encode()

code_boot_completed_persistance(show_code: bool = False) → GreppedOut¶

Identifies if the application uses BOOT_COMPLETED action which is typically used to start a service or a receiver on reboot. This indicates persistance. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_boot_completed_persistance()

code_broadcast_messages(show_code: bool = False) → GreppedOut¶

This method will identify what broadcast messages are being sent in the decompiled code. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_broadcast_messages()

code_broadcast_send(show_code: bool = False) → GreppedOut¶

This method will identify code that indicates broadcast messages being sent.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_broadcast_send()

code_browser_db_access(show_code: bool = False) → GreppedOut¶

Identifies code that accesses the browser db. This db usually includes browsing history. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_browser_db_access()

code_byte_constants(show_code: bool = False) → GreppedOut¶

This method will create a dictionary of hardcoded byte constants.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_byte_constants()

code_call_log(show_code: bool = False) → GreppedOut¶

Identifies code that retreives call logs. May be possible malware behaviour. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_call_log()

code_camera_access(show_code: bool = False) → GreppedOut¶

Identifies code that accesses the camera and picture taking functionality. | Reference | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_camera_access()

code_cipher_instance(show_code: bool = False) → GreppedOut¶

Find all instances of Cipher.getInstance in the decompiled source. class provides the functionality of a cryptographic cipher for encryption and decryption. It forms the core of the Java Cryptographic Extension (JCE) framework. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_cipher_instance()

code_class_extends(show_code: bool = False) → GreppedOut¶

This method looks for any classes that are extending another class.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_class_extends()

code_class_init(class_name: str, show_code: bool = False) → glorifiedgrep.out.GreppedOut¶

This method will first identify import statemants from the provided class_name and then look for all new instances of new class_name. class_name can either be a class like Date, or a package name like java.utils.Date

Parameters:	class_name (str) – A valid class name. Can be either name; i.e. Date, or package name i.e java.utils.Date. show_code (bool, optional) – Show the full matched line, by default False, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_class_init()

code_clipboard_manager(show_code: bool = False) → GreppedOut¶

This method will identify where valies are being set or read from the clipboard. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_clipboard_manager()

code_command_exec(show_code: bool = False) → GreppedOut¶

Find all commands executed in shell using /bin/sh or .exec() in the decompiled source

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_command_exec()

code_cookies(show_code: bool = False) → GreppedOut¶

This method will identify where cookies are being set. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_cookies()

code_create_new_file(show_code: bool = False) → GreppedOut¶

Identifies code that creates new files in the android system. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_create_new_file()

code_create_sockets(show_code: bool = False) → GreppedOut¶

An InetSocketAddress is a special SocketAddress designed to represent the standard TCP Protocol address, so it thus has methods to set/query the host name, IP address, and Socket of the remote side of the connection (or, in fact the local side too) | Reference Android SDK | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_create_sockets()

code_create_tempfile(show_code: bool = False) → GreppedOut¶

Find all code which is using Java createTempFile | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_create_tempfile()

code_database_interaction(show_code: bool = False) → GreppedOut¶

Identifies code that is reading database files. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_database_interaction()

code_database_query(show_code: bool = False) → GreppedOut¶

Identifies code that queries any database on the device. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_database_query()

code_debuggable_check(show_code: bool = False) → GreppedOut¶

This method looks for code what will check if the app is debuggable at run time. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_debuggable_check()

code_debugger_check(show_code: bool = False) → GreppedOut¶

This method looks for usage of isDebuggerConnected in the decompiled code. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_debugger_check()

code_deserialization(show_code: bool = False) → GreppedOut¶

ObjectInputSteam when used with ‘readObject’ ‘readObjectNodData’ ‘readResolve’ ‘readExternal’ will likely result in a Deserialization vulnerability | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_deserialization()

code_device_id(show_code: bool = False) → GreppedOut¶

This method will identify where device id is being obtained. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_device_id()

code_device_serial_number(show_code: bool = False) → GreppedOut¶

This method looks for Build.SERIAL which can sometimes be used in addition with other things to build unique tokens. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_device_serial_number()

code_download_manager(show_code: bool = False) → GreppedOut¶

Identifies if the application uses the DownloadManager class to download files from onlines services. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_download_manager()

code_dynamic_dexclassloader(show_code: bool = False) → GreppedOut¶

Find all instances of DexClassLoader in the decompiled source. This can be used to execute code not installed as part of an application. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_dynamic_dexclassloader()

code_dynamic_other_classloader(show_code: bool = False) → GreppedOut¶

Find all instances of BaseDexClassLoader, SecureClassLoader, DelegateLastClassLoader, DexClassLoader, InMemoryDexClassLoader, PathClassLoader, URLClassLoader, Classloader in the decompiled source. This can be used to execute code not installed as part of an application. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_dynamic_other_classloader()

code_exif_data(show_code: bool = False) → glorifiedgrep.out.GreppedOut¶

Detects if the ExifInterface class is imported and then instantiated. This class is typically used to either set or get meta data from images | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_exif_data()

code_external_file_access(show_code: bool = False) → GreppedOut¶

This method will identify where external files are being used. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_external_file_access()

code_file_observer(show_code: bool = False) → GreppedOut¶

Find all instances of the FileObserver class being used. This class is used to check for file access or change and fire and event. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_file_observer()

code_file_read(show_code: bool = False) → GreppedOut¶

This method looks for FileInputStream within the decompiled Java code which would indicate which files the app is reading. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_file_read()

code_file_write(show_code: bool = False) → GreppedOut¶

This method looks for getByes() method which can indicate files being written by the app. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_write_file()

code_find_intents(show_code: bool = False) → GreppedOut¶

This method will identify intent builders.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_find_intents()

code_firebase_imports(show_code: bool = False) → GreppedOut¶

Identifies if he MediaStore class or some of its common subclasses are being used by the app. These classes are used to get media file metadata from both internal and external storage. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_firebase_imports()

code_get_environment_var(show_code: bool = False) → GreppedOut¶

This method looks for usage of getenv in the decompiled code. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_get_environment_var()

code_google_api_keys(show_code: bool = False) → GreppedOut¶

Searches for Firebase or Google services API keys. It is likely that an app that uses Firebase will have keys in their sources, but these keys should be checked for what kind of access they allow.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_google_api_keys()

code_gps_location(show_code: bool = False) → GreppedOut¶

This method will identify where GPS locations are being used.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_gps_location()

code_hashing_algorithms(show_code: bool = False) → GreppedOut¶

This method will identify hashing algorithms being used.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_hashing_algorithms()

code_hashing_custom(show_code: bool = False) → GreppedOut¶

This method will identify custom hashing algorithms being used. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_hashing_custom()

code_http_request_methods(show_code: bool = False) → GreppedOut¶

This method will identify what HTTP request methods are being used. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_http_request_methods()

code_imports(class_name: str) → list¶

Returns an array of filepaths where a import statement matched the class_name. It does use a word boundary to get more of an exact match

Parameters:	class_name (str) – Name of the absolute or relative class
Returns:	List of file paths where a match has been found
Return type:	list

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_imports()

code_intent_filters(show_code: bool = False) → GreppedOut¶

This identifies all the different types of intent filters

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_intent_filters()

code_intent_parameters(show_code: bool = False) → GreppedOut¶

This method will identify usage of the getStringExtra which is used to create parameters for intents. | Reference Android SDK | Reference OWASP

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_intent_parameters()

code_invisible_elements(show_code: bool = False) → GreppedOut¶

Identifies code will set the visibility of an element to invisible. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_invisible_elements()

code_jar_urlconnection(show_code: bool = False) → GreppedOut¶

Identifies code that is using the JarURLConnection API. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_jar_urlconnection()

code_js_read_file(show_code: bool = False) → GreppedOut¶

Gets or Sets whether JavaScript running in the context of a file scheme URL can access content from other file scheme URLs. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_js_read_file()

code_key_generator(show_code: bool = False) → GreppedOut¶

Find all instances of KeyGenerator and its methods in the decompiled source. This class provides the functionality of a secret (symmetric) key generator | Reference | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_key_generator()

code_keystore_files(show_code: bool = False) → GreppedOut¶

This method will identify where Bouncy castle bks or jks files are being used.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_keystore_files()

code_load_native_library(show_code: bool = False) → GreppedOut¶

This method identifies where native libaries and loaded in the decompiled code. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_load_native_library()

code_location(show_code: bool = False) → GreppedOut¶

Identifies code that receives location information. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_location()

code_location_manager(show_code: bool = False) → GreppedOut¶

Identifies code that receives updated location information. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_location_manager()

code_logging(show_code: bool = False) → GreppedOut¶

This method looks for the usage of Log class from Android SDK. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_logging()

code_make_http_request(show_code: bool = False) → GreppedOut¶

This method will identify when a HTTP connection is being made in the decompiled code. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_make_http_request()

code_make_https_request(show_code: bool = False) → GreppedOut¶

This method will identify when a HTTPS connection is being made in the decompiled code. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_make_http_request()

code_mediastore(show_code: bool = False) → GreppedOut¶

Identifies if he MediaStore class or some of its common subclasses are being used by the app. These classes are used to get media file metadata from both internal and external storage. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_mediastore()

code_notification_access(show_code: bool = False) → GreppedOut¶

Identifies code that can access notifications. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_notification_access()

code_notification_manager(show_code: bool = False) → GreppedOut¶

Identifies code that controls notifications. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_notification_manager()

code_null_cipher(show_code: bool = False) → GreppedOut¶

This method will identify nullciphers are being used. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_null_cipher()

code_object_deserialization(show_code: bool = False) → GreppedOut¶

This method will identify where cookies are being set. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_object_deserialization()

code_package_installed(show_code: bool = False) → GreppedOut¶

Detects the usage of the getInstalledPackages method from the PackageManager class. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_apache_http_post_request()

code_parse_uri(show_code: bool = False) → GreppedOut¶

Identifies code that is parsing a URI. This could be related to web urls, or content provider urls. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_parse_uri()

code_password_finder(show_code: bool = False) → GreppedOut¶

This method will identify possible passwords in the code.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_password_finder()

code_phone_sensors(show_code: bool = False) → GreppedOut¶

Identifies code that initiates various sensors available by Android. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_phone_sensors()

code_rabbit_amqp(show_code: bool = False) → GreppedOut¶

Checks if Rabbit amqp imports are present

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_rabbit_amqp()

code_read_sms_messages(show_code: bool = False) → GreppedOut¶

Searches for SmsMessage class which is typically used to read SMS messages send to a device. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_read_sms_messages()

code_reflection(show_code: bool = False) → GreppedOut¶

Identifies code that allows reflections in Java. This is a finding. Refer to the references for the risk and usage of reflections. | Reference | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_reflection()

code_regex_matcher(show_code: bool = False) → GreppedOut¶

Identifies code that is processing regex. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_regex_matcher()

code_regex_pattern(show_code: bool = False) → GreppedOut¶

Identifies code that compiles regex patterns. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_regex_pattern()

code_root_access(show_code: bool = False) → GreppedOut¶

Identifies code that indicates if the app requests su access.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_root_access()

code_screenshots(show_code: bool = False) → GreppedOut¶

Identifies usage of Bitmap and BitmapFactory classes. Although these are for bitmap compression and manipulation, they are often used to take screenshots. | Reference | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_screenshots()

code_sdcard(show_code: bool = False) → GreppedOut¶

This method will identify strings matching sdcard usage.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_sdcard()

code_search(regex: str, rg_options: str = '', show_code: bool = False) → GreppedOut¶

Run any checks against the decompiled code. The regex should be in raw string format

Parameters:	regex (str) – Regex pattern rg_options (str) – ripgrep options, space seperated string, defaults to ‘’ show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

code_send_sms_text(show_code: bool = False) → GreppedOut¶

Identifies code can send SMS/Text messages. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_send_sms_text()

code_services(show_code: bool = False) → GreppedOut¶

This method will identify what services are being started or being bound to. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_services()

code_shared_preferences(show_code: bool = False) → GreppedOut¶

This method discovers SharePreference and getSharePreference from the decompiled code. Interface for accessing and modifying preference data returned by Context.getSharedPreferences within the decompiled Java code. | Reference | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_shared_preferences()

code_sim_information(show_code: bool = False) → GreppedOut¶

This method will identify where device sim card information is being obtained. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_sim_information()

code_sql_injection_points(show_code: bool = False) → GreppedOut¶

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_sql_injection_points()

code_sql_injection_user_input(show_code=False)¶

Find places in code where a variable is being concatanated with a SQL statement

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut – GreppedOut object Examples ——– (rtype: dict) >>> from glorifiedgrep import GlorifiedAndroid >>> a = GlorifiedAndroid(‘/path/to/apk’) >>> a.code_sql_inection_points()

code_sql_java_implementation(show_code: bool = False) → GreppedOut¶

This method looks for any other SQL queries that are implemented in Java. This searches for .query, .insert, .update and .delete methods. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_sql_java_implementation()

code_sql_query_other(show_code: bool = False) → GreppedOut¶

This method looks for any other SQL queries like INSERT, DROP etc in the decompiled code. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_sql_query_other()

code_sql_select_raw_query(show_code: bool = False) → GreppedOut¶

This method looks for any SELECT queries in the decompiled code.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_sql_select_raw_query()

code_sqlcipher_password(show_code: bool = False) → GreppedOut¶

This getWritableDatabase and the getReadableDatabase methods from sqlcipher classes (3rd party) takes the db password as their argument. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_sqlcipher_password()

code_sqlite_operations(show_code: bool = False) → GreppedOut¶

This getWritableDatabase and the getReadableDatabase methods db instances for sqlite opertations. These calls can be followed to check what data is being entered in the database. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_sqlite_operations()

code_ssl_connections(show_code: bool = False) → GreppedOut¶

This method will identify if SSL is being used by the application. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_ssl_connections()

code_stack_trace(show_code: bool = False) → GreppedOut¶

This method will identify where AWS queries are being made. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_stack_trace()

code_static_iv(show_code: bool = False) → GreppedOut¶

This method will identify static IV’s. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_static_iv()

code_string_constants(show_code: bool = False) → GreppedOut¶

This method will create a dictionary of hardcoded string constants.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_string_constants()

code_stub_packed(show_code: bool = False) → GreppedOut¶

This method looks for indication that the application is packed.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_stub_packed()

code_system_file_exists(show_code: bool = False) → GreppedOut¶

Detects if the exists method from the File class is being called. This method is typically used to check if the path in the class constructor exists in the system. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_apache_http_post_request()

code_system_service(show_code: bool = False) → GreppedOut¶

This method will identify systemservices being called. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_system_service()

code_tcp_sockets(show_code: bool = False) → GreppedOut¶

This method will identify TCP sockets being opened by the decompiled code. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_tcp_sockets()

code_trust_all_ssl(show_code: bool = False) → GreppedOut¶

Identifies code that willl allow all SSL connections to succeed without verifying the hostname. This is a finding. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_trust_all_ssl()

code_udp_sockets(show_code: bool = False) → GreppedOut¶

This method will identify UDP sockets being opened by the decompiled code. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_udp_sockets()

code_weak_hashing(show_code: bool = False) → GreppedOut¶

This method will identify where weak hashing algorithems such as MD5, MD4, SHA1 or any RC hashes are used. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_weak_hashing()

code_websocket_usage(show_code: bool = False) → GreppedOut¶

Detects common Websockets init classes. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_websocket_usage()

code_webview_content_access(show_code: bool = False) → GreppedOut¶

This method looks for any webview implementations where the webview has can access data from a content provider. | Reference Android SDK | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_webview_content_access()

code_webview_database(show_code: bool = False) → GreppedOut¶

This allows developers to determine whether any WebView used in the application has stored any of the following types of browsing data and to clear any such stored data for all WebViews in the application. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_webview_database()

code_webview_debug_enabled(show_code: bool = False) → GreppedOut¶

This method looks to see if debug is enabled in webview. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_webview_debug_enabled()

code_webview_file_access(show_code: bool = False) → GreppedOut¶

This method looks for any webview implementations where the webview has file access. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_webview_file_access()

code_webview_get_request(show_code: bool = False) → GreppedOut¶

This method will identify webview get requests. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_webview_get_request()

code_webview_js_enabled(show_code: bool = False) → GreppedOut¶

This method looks for any webview implementations where JavaScript is enabled. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_webview_js_enabled()

code_webview_post_request(show_code: bool = False) → GreppedOut¶

This method will identify webview get requests. | Reference Android SDK

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_webview_post_request()

code_xml_processor(show_code: bool = False) → GreppedOut¶

This method will identify possible weaknesses in XML parsing and creation. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_xml_processor()

code_xor_encryption(show_code: bool = False) → GreppedOut¶

This method looks for XOR encryption operation within the decompiled code.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_xor_encryption()

code_xpath(show_code: bool = False) → GreppedOut¶

This method will identify if SSL is being used by the application. | Reference

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> from glorifiedgrep import GlorifiedAndroid
>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.code_xpath()

malware_access_call_logs(show_code: bool = False) → GreppedOut¶

Identify classes commonly used with taking screenshots

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_access_call_logs()

malware_access_camera(show_code: bool = False) → GreppedOut¶

Identify classes commonly used with accessing the camera.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_access_camera()

malware_accessibility_services(show_code: bool = False) → GreppedOut¶

Identifies if the application uses varios classes and methods related to accessibility services. Malware will often use this to have a higher level control of the device.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_accessibility_services()

malware_boot_completed_persistance(show_code: bool = False) → GreppedOut¶

Identifies if the application uses BOOT_COMPLETED action which is typically used to start a service or a receiver on reboot. This indicates persistance.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_boot_completed_persistance()

malware_browser_db_access(show_code: bool = False) → GreppedOut¶

Identifies code that accesses the browser db. This db usually includes browsing history.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_browser_db_access()

malware_database_query(show_code: bool = False) → GreppedOut¶

Identifies code that queries any database on the device.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_database_query()

malware_debug(show_code: bool = False) → GreppedOut¶

Identifies if the app is either debuggable, or if it is connected to a debugger.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_debug()

malware_download_files(show_code: bool = False) → GreppedOut¶

Identifies if the application uses the DownloadManager class to download files from onlines services.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_download_files()

malware_get_external_storage(show_code: bool = False) → GreppedOut¶

Identify code that is commonly used to get path to the external storage directory.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_get_external_storage()

malware_get_installed_packages(show_code: bool = False) → GreppedOut¶

Identifies if the getInstalledPackages method from the PackageManager class is being called. Malware will usually use this method to enumerate all the installed apps in a device.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_obtain_file_metadata()

malware_obtain_file_metadata(show_code: bool = False) → GreppedOut¶

Identifies if he MediaStore class or some of its common subclasses are being used by the app. These classes are used to get media file metadata from both internal and external storage.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_obtain_file_metadata()

malware_screen_unlock(show_code: bool = False) → GreppedOut¶

Find android.intent.action.USER_PRESENT in the manifest which is usually an intent used to detect when the screen is unlocked. The receiver for the intent should be inspected more closely.

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> a = GlorifiedAndroid('/path/to/apk')
>>> a.malware_screen_unlock()

malware_take_screenshots(show_code: bool = False) → GreppedOut¶

Identify classes commonly used with taking screenshots

Parameters:	show_code (bool, optional) – Show the full matched line, by default False
Returns:	GreppedOut object
Return type:	GreppedOut

Examples

>>> m.malware_take_screenshots()

MalwareBehaviour class¶

glorifiedgrep

Navigation

Related Topics