glorifiedgrep
is exactly what it sounds like... glorified grep.
What motivated this project is seeing lots of tools for static analysis of applications specially Android applications. But most of these applications are all pretty much doing the same thing.
The aim of glorifiedgrep
is to have a python module that allows the creation of such tools without the extra heavy lifting required. Underneath, glorifiedgrep
uses ripgrep to search for predefined patterns.
Best effort has been given to document and reference all the methods. Refer to the docs for further documentation.
What can glorifiedgrep
be used for?
- Analyze applications pythonically
- Build tools for application analysis without the overhead of writing all of your own code.
If you are not sure what a method is called, glorified grep offers a helper method to search for them.
from glorifiedgrep import GlorifiedAndroid
g = GlorifiedAndroid('/path/to/apk')
print(g.search_methods('webview'))
['code_webview_content_access', 'code_webview_database', 'code_webview_debug_enabled', 'code_webview_file_access', 'code_webview_get_request', 'code_webview_js_enabled', 'code_webview_post_request', 'owasp_webview_cert_pinning', 'owasp_webview_loadurl', 'owasp_webview_native_function', 'owasp_webview_ssl_ignore']
glorifiedgrep
has one hard dependency. ripgrep. It will attempt to load rg
from path, but this can be overwritten using rg_path
paramter in the class. Refer to the docs for more info.
If you are using Python 3.8, cffi
might not install correctly, and you have to follow instructions on their site on how to solve that.
Developed using python 3.7 It is recommended that you use virtualenv to install as some dependencies might break your other libs.
pip3 install glorifiedgrep
git clone https://github.com/securisec/glorifiedgrep.git
cd glorifiedgrep
pip install .
libmagic
is required. Easiest way to install it is brew install libmagic
Currently, glorifiedgrep
supports Android APK analysis OOB. It takes an apk file path, decompiles it using jadx, and then performs various analysis depending on the methods called.
The GlorifiedAndroid class does support flexiblity.
- If you dont want to use the built in req of jadx, and want to use your pwn decompiler, then you can use
This class takes source_path as a paramter. The source_path should include all of you decompiled java codes.
from glorifiedgrep.android import CodeAnalysis
- It also supports the concept of projects. By default, GlorifiedAndroid class will will setup all the output into
/tmp/GlorifiedAndroid/
directory. This can be overwritten using theoutput_dir
parameter. In the future, if theapk_path
andoutput_dir
parameters are both specified, then it will not try to decompile again.
glorifiedgrep
offers the following Android sub modules that can be used independantly of the main GlorifiedAndroid class. Invoke as from glorifiedgrep.android import ClassName
- CertAnalysis: Perform analysis on an Android RSA signing cert. Takes the path to the cert as an argument.
- CodeAnalysis: Perform code analysis on a directory that contains the decompiled java classes. Takes the path to the source directory as an argument.
- ManifestAnalysis: Perform analysis on the Android application manifest file. Takes path to the manifest file as an argument.
- OtherAnalysis: Perform other source code related analysis.
- OWASPAnalysis: Perform source code analysis based on OWASP MASVS.
- There are a few other modules that are available which includes malware, utils and react. Refer to the docs for more information.
from glorifiedgrep import GlorifiedAndroid
glory = GlorifiedAndroid('/path/to/apk')
Not implemented yet
Not implemented yet
- Ubuntu
- OSX
- Does not work properly on Windows
All pull requests must accompany test cases. If not, they will be rejected.