Androick是一个python工具,可帮助在android上进行取证分析。输入软件包名称,一些选项,程序将自动下载apk,数据,文件权限,清单,数据库和日志。它易于使用,避免了所有重复性任务!
安装
只需克隆此git存储库
Python
python >= 2.6
Python-magic
开发包
aapt
adb
hprof-conv
其他
a rooted device
sqlite3
使用
1) show help message
./androick.py -h
2) show informations
./androick.py -a
3) select device to use
./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
4) find package name
./androick.py [-v] -f <Part of package name>
5) download all related things of application
./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
6) select only things you want extract
./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] [-m --memory-dump] [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
7) how to use option --keyLogs
--keyLogs="key1,key2,key3"
if more than one package
--keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3"
Example :
./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player
/!\ The memory dump option will mostly not works with production builds
文章来源及下载:
https://github.com/Flo354/Androick
你可能喜欢