-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathscanner.py
More file actions
97 lines (75 loc) · 3.34 KB
/
scanner.py
File metadata and controls
97 lines (75 loc) · 3.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import os
import subprocess
import re
from datetime import datetime
# Config
OUTPUT_FILE = f"malware_scan_{datetime.now().strftime('%Y%m%d_%H%M%S')}.txt"
KNOWN_MALWARE_SIGNATURES = ["spyware", "trojan", "virus", "hack", "stealer", "watcher", "tracker"]
SUSPICIOUS_PERMISSIONS = ["READ_SMS", "RECORD_AUDIO", "ACCESS_FINE_LOCATION", "READ_CALL_LOG"]
def run_adb_command(command):
try:
result = subprocess.run(f"adb {command}", shell=True, capture_output=True, text=True)
return result.stdout.strip()
except Exception as e:
return f"Error: {e}"
def scan_installed_apps():
print("[+] Scanning installed apps...")
apps = run_adb_command("shell pm list packages -f")
suspicious_apps = []
for line in apps.split('\n'):
if any(sig in line.lower() for sig in KNOWN_MALWARE_SIGNATURES):
suspicious_apps.append(line)
return suspicious_apps
def scan_running_processes():
print("[+] Checking running processes...")
processes = run_adb_command("shell ps -A")
suspicious_processes = []
for line in processes.split('\n'):
if any(sig in line.lower() for sig in KNOWN_MALWARE_SIGNATURES):
suspicious_processes.append(line)
return suspicious_processes
def scan_network_connections():
print("[+] Checking network connections...")
connections = run_adb_command("shell netstat -tuln")
suspicious_connections = []
for line in connections.split('\n'):
if "ESTABLISHED" in line and ("0.0.0.0" in line or ":443" in line):
suspicious_connections.append(line)
return suspicious_connections
def scan_permissions():
print("[+] Checking dangerous permissions...")
all_packages = run_adb_command("shell pm list packages").split('\n')
suspicious_permissions = []
for package in all_packages:
pkg = package.replace("package:", "").strip()
perms = run_adb_command(f"shell dumpsys package {pkg}")
for perm in SUSPICIOUS_PERMISSIONS:
if perm in perms:
suspicious_permissions.append(f"{pkg} uses {perm}")
return suspicious_permissions
def save_results(results):
with open(OUTPUT_FILE, "w") as f:
f.write(f"Malware Scan Report - {datetime.now()}\n")
f.write("="*50 + "\n")
f.write("\n[+] Suspicious Apps:\n")
f.write(("\n".join(results["apps"]) if results["apps"] else "None found.")) # Parentheses added
f.write("\n\n[+] Suspicious Processes:\n")
f.write(("\n".join(results["processes"]) if results["processes"] else "None found.")) # Parentheses added
f.write("\n\n[+] Suspicious Network Connections:\n")
f.write(("\n".join(results["connections"]) if results["connections"] else "None found.")) # Parentheses added
f.write("\n\n[+] Dangerous Permissions:\n")
f.write(("\n".join(results["permissions"]) if results["permissions"] else "None found.")) # Parentheses added
print(f"\n[+] Scan completed! Results saved to: {OUTPUT_FILE}")
def main():
if not run_adb_command("devices"):
print("[!] No ADB device connected. Exiting.")
return
results = {
"apps": scan_installed_apps(),
"processes": scan_running_processes(),
"connections": scan_network_connections(),
"permissions": scan_permissions()
}
save_results(results)
if __name__ == "__main__":
main()