{ "info": { "author": "Nightwatch Cybersecurity", "author_email": "research@nightwatchcybersecurity.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Environment :: Console", "License :: OSI Approved :: Apache Software License", "Operating System :: OS Independent", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7" ], "description": "# truegaze\n[![PyPI version](https://badge.fury.io/py/truegaze.svg)](https://badge.fury.io/py/truegaze)\n[![Build Status](https://travis-ci.org/nightwatchcybersecurity/truegaze.svg?branch=master)](https://travis-ci.org/nightwatchcybersecurity/truegaze)\n[![codecov](https://codecov.io/gh/nightwatchcybersecurity/truegaze/branch/master/graph/badge.svg)](https://codecov.io/gh/nightwatchcybersecurity/truegaze)\n![GitHub](https://img.shields.io/github/license/nightwatchcybersecurity/truegaze.svg)\n\nA static analysis tool for Android and iOS applications focusing on security issues outside the\nsource code such as resource strings, third party libraries and configuration files.\n\n## Requirements\nPython 3 is required and you can find all required modules in the **requirements.txt** file.\nOnly tested on Python 3.7 but should work on other 3.x releases. No plans to 2.x support at\nthis time.\n\n## Installation\nYou can install this via PIP as follows:\n```\npip install truegaze\ntruegaze\n```\nTo download and run manually, do the following:\n```\ngit clone https://github.com/nightwatchcybersecurity/truegaze.git\ncd truegaze\npip -r requirements.txt\npython -m truegaze.cli\n```\n\n## How to use \nTo list modules:\n```\ntruegaze list\n```\nTo scan an application:\n```\ntruegaze scan test.apk\ntruegaze scan test.ipa\n```\nTo scan multiple applications:\n```\ntruegaze scan *.apk\ntruegaze scan *.ipa\n```\n\n## Sample output\nListing modules:\n```\nuser@localhost:~/$ truegaze list\nTotal active plugins: 3\n+----------------+-------------------------------------------+---------+-------+\n| Name | Description | Android | iOS |\n+----------------+-------------------------------------------+---------+-------+\n| AdobeMobileSdk | Detection of incorrect SSL configuration | True | True |\n| | in the Adobe Mobile SDK | | |\n+----------------+-------------------------------------------+---------+-------+\n| FirebasePlugin | Detection of insecure Firebase databases | True | False |\n| | and GCP storage buckets | | |\n+----------------+-------------------------------------------+---------+-------+\n| WeakKeyPlugin | Detection of weak Android signing keys | True | False |\n+----------------+-------------------------------------------+---------+-------+\n```\n\nScanning an application:\n```\nuser@localhost:~/$ truegaze scan ~/test.ipa\nIdentified as an iOS application via a manifest located at: Payload/IPAPatch-DummyApp.app/Info.plist\nScanning using the \"AdobeMobileSdk\" plugin\n-- Found 1 configuration file(s)\n-- Scanning \"Payload/IPAPatch-DummyApp.app/Base.lproj/ADBMobileConfig.json'\n---- FOUND: The [\"analytics\"][\"ssl\"] setting is missing or false - SSL is not being used\n---- FOUND: The [\"remotes\"][\"analytics.poi\"] URL doesn't use SSL: http://assets.example.com/c234243g4g4rg.json\n---- FOUND: The [\"remotes\"][\"messages\"] URL doesn't use SSL: http://assets.example.com/b34343443egerg.json\n---- FOUND: A \"templateurl\" in [\"messages\"][\"payload\"] doesn't use SSL: http://my.server.com/?user={user.name}&zip={user.zip}&c16={%sdkver%}&c27=cln,{a.PrevSessionLength}\n---- FOUND: A \"templateurl\" in [\"messages\"][\"payload\"] doesn't use SSL: http://my.43434server.com/?user={user.name}&zip={user.zip}&c16={%sdkver%}&c27=cln,{a.PrevSessionLength}\nDone!\n```\n\nDisplay installed version:\n```\nuser@localhost:~/$ truegaze version\nCurrent version: v0.2\n```\n\n## Online tests\nMost of the tests are run offline and do not need access to the Internet. In order to run the tests that\nrequire online access, use the \"--online\" option. Please use legally.\n\n# Development Information\n\n## Structure\nThe application is command line and will consist of several modules that check for various\nvulnerabilities. Each module does its own scanning, and all results get printed to command line.\n\n## Reporting bugs and feature requests\nPlease use the GitHub issue tracker to report issues or suggest features:\nhttps://github.com/nightwatchcybersecurity/truegaze\n\nYou can also send emai to ***research /at/ nightwatchcybersecurity [dot] com***\n\n## Wishlist\n * More unit test coverage for code that interacts with Click \n * Ability to extract additional files from online source\n * Ability to check if a particular vulnerability is exploitable\n * Ability to produce JSON or XML output that can feed into other tools\n * More modules!\n\n## About the name\n\"True Gaze\" or \"\u0418\u0441\u0442\u0438\u043d\u043d\u043e\u0435 \u0417\u0440\u0435\u043d\u0438\u0435\" is a magical spell that reveals the invisible (from the book \"Last Watch\" by Sergei Lukyanenko)\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/nightwatchcybersecurity/truegaze", "keywords": "", "license": "GNU", "maintainer": "", "maintainer_email": "", "name": "truegaze", "package_url": "https://pypi.org/project/truegaze/", "platform": "", "project_url": "https://pypi.org/project/truegaze/", "project_urls": { "Bug Reports": "https://github.com/nightwatchcybersecurity/truegaze/issues", "Homepage": "https://github.com/nightwatchcybersecurity/truegaze", "Source": "https://github.com/nightwatchcybersecurity/truegaze" }, "release_url": "https://pypi.org/project/truegaze/0.1.4/", "requires_dist": [ "androguard (>=3.3.4)", "asn1crypto (>=0.24.0)", "beautifultable (>=0.7.0)", "click (>=7.0)", "cryptography (>=2.3.1)", "jsonschema (>=3.0.1)", "requests (>=2.22.0)", "requests-mock (>=1.7.0)", "pytest (>=5.0.0)", "pytest-cov (>=2.7.1)", "tldextract (>=2.2.1)", "roca-detect (==1.2.12)" ], "requires_python": ">=3.5", "summary": "Static analysis tool for Android/iOS apps focusing on security issues outside the source code.", "version": "0.1.4" }, "last_serial": 5863857, "releases": { "0.1.1": [ { "comment_text": "", "digests": { "md5": "d046d4a9175c72801852c9ff8148c584", "sha256": "cab193c896b918f505c8d453dd562e4785fe09c046e9a8857e28ab3412984883" }, "downloads": -1, "filename": "truegaze-0.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "d046d4a9175c72801852c9ff8148c584", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.7", "size": 14340, "upload_time": "2019-07-05T21:50:23", "url": "https://files.pythonhosted.org/packages/c0/1b/f29c7f91cfd5a5c057e0bd24b9920f3e886bef88750de773563414d43d7a/truegaze-0.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "66ea38567e28f08ff577e79ad2a4fab0", "sha256": "d092b3e116d5adf6442644b74f1a921481cce48f7be98529c1dbee9cda6355e7" }, "downloads": -1, "filename": "truegaze-0.1.1.tar.gz", "has_sig": false, "md5_digest": "66ea38567e28f08ff577e79ad2a4fab0", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.7", "size": 7685, "upload_time": "2019-07-05T21:50:25", "url": "https://files.pythonhosted.org/packages/34/aa/27d5821d1946b48ba13d6cb59da06ea610c90bb621aeccf59210625e2a9d/truegaze-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "f829e322f7fb5c25cbe41c1872042daa", "sha256": "a1b516d8fc6f4105c96e4c2f5a37d29bc66b2e26ade1dedbbb55dc0cc26b6ab3" }, "downloads": -1, "filename": "truegaze-0.1.2-py3-none-any.whl", "has_sig": false, "md5_digest": "f829e322f7fb5c25cbe41c1872042daa", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.5", "size": 14240, "upload_time": "2019-07-31T01:57:38", "url": "https://files.pythonhosted.org/packages/50/70/abab3a0b1263851bd71f706115410e0ac697c2cbfb3c1f7dbae74c7b223c/truegaze-0.1.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "b69cfd8f2358ef7be2f064f7b0be47ce", "sha256": "2dab040e88ee1f15423d360f62c1bbdf532c547d726fea30899a8285bf8e6f45" }, "downloads": -1, "filename": "truegaze-0.1.2.tar.gz", "has_sig": false, "md5_digest": "b69cfd8f2358ef7be2f064f7b0be47ce", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.5", "size": 7644, "upload_time": "2019-07-31T01:57:40", "url": "https://files.pythonhosted.org/packages/79/09/8cc260768151886b6ae691310e859a34ac63daf10b14957ac21e2bb68c47/truegaze-0.1.2.tar.gz" } ], "0.1.3": [ { "comment_text": "", "digests": { "md5": "4e9a472c99f4a418fc8dcd0cacb04f2f", "sha256": "fd479545b317a3ff95e31e072e291db74bc1bb9c953892c218daae6e015806cd" }, "downloads": -1, "filename": "truegaze-0.1.3-py3-none-any.whl", "has_sig": false, "md5_digest": "4e9a472c99f4a418fc8dcd0cacb04f2f", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.5", "size": 16607, "upload_time": "2019-09-01T02:33:04", "url": "https://files.pythonhosted.org/packages/29/7e/5488ef5c035582d1c1d53ea685e01499f94ecf383bf8dde8aed27e798f4a/truegaze-0.1.3-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "06c74155589179578b8114feec9af07d", "sha256": "12a4790fec46146e073180ff97f197f6752715f0d6b03ea8eb2097c9b2bce016" }, "downloads": -1, "filename": "truegaze-0.1.3.tar.gz", "has_sig": false, "md5_digest": "06c74155589179578b8114feec9af07d", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.5", "size": 10096, "upload_time": "2019-09-01T02:33:06", "url": "https://files.pythonhosted.org/packages/57/51/84ae4a34488124ba78dec8be224db8332fda234469ac1570c1d8f11989db/truegaze-0.1.3.tar.gz" } ], "0.1.4": [ { "comment_text": "", "digests": { "md5": "42153e5edb164759ef86beda83034130", "sha256": "8d66b176f57ac7a84047a2a8d37b5a4f3b00bcbd8163de449e19c6dfd4f642d1" }, "downloads": -1, "filename": "truegaze-0.1.4-py3-none-any.whl", "has_sig": false, "md5_digest": "42153e5edb164759ef86beda83034130", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.5", "size": 18593, "upload_time": "2019-09-20T19:41:57", "url": "https://files.pythonhosted.org/packages/0c/ce/90421afed86c9363bf4ad441d466aa976e68547f1757c2195e012d90953c/truegaze-0.1.4-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c82d38861d1b6c9ce3a93dcf348c7263", "sha256": "359a76e421920fdedb97e40449fdaeed2ff7394a880d5a74b45bd74b8ded94e8" }, "downloads": -1, "filename": "truegaze-0.1.4.tar.gz", "has_sig": false, "md5_digest": "c82d38861d1b6c9ce3a93dcf348c7263", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.5", "size": 11163, "upload_time": "2019-09-20T19:41:59", "url": "https://files.pythonhosted.org/packages/3f/a1/670cbee692fa6e004dae2ffca9679f23b5d7e867b224c77401b21d8df0de/truegaze-0.1.4.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "42153e5edb164759ef86beda83034130", "sha256": "8d66b176f57ac7a84047a2a8d37b5a4f3b00bcbd8163de449e19c6dfd4f642d1" }, "downloads": -1, "filename": "truegaze-0.1.4-py3-none-any.whl", "has_sig": false, "md5_digest": "42153e5edb164759ef86beda83034130", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.5", "size": 18593, "upload_time": "2019-09-20T19:41:57", "url": "https://files.pythonhosted.org/packages/0c/ce/90421afed86c9363bf4ad441d466aa976e68547f1757c2195e012d90953c/truegaze-0.1.4-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "c82d38861d1b6c9ce3a93dcf348c7263", "sha256": "359a76e421920fdedb97e40449fdaeed2ff7394a880d5a74b45bd74b8ded94e8" }, "downloads": -1, "filename": "truegaze-0.1.4.tar.gz", "has_sig": false, "md5_digest": "c82d38861d1b6c9ce3a93dcf348c7263", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.5", "size": 11163, "upload_time": "2019-09-20T19:41:59", "url": "https://files.pythonhosted.org/packages/3f/a1/670cbee692fa6e004dae2ffca9679f23b5d7e867b224c77401b21d8df0de/truegaze-0.1.4.tar.gz" } ] }