Manifestor

Permission scanner for Android's Manfiest.xml

quick links

Home -> SensePost Labs -> Tools we've built -> PoC Projects -> Manifestor

sensepost manifestor

Find Manifestor on GitHub

author

Saurabh Harit

what is Manifestor.py?

Android applications may share the data of a content provider with other applications installed on your device. For example, if you receive an image attachment in an email, your mail client will have to share it with an image viewer. One way of sharing a content provider's data with other applications is by using "grant-uri-permission" tag in AndroidManifest.xml. Using this tag, a content provider can specify a path, path pattern or path prefix. However, if this path is mistakenly set to "/", any other installed application would be able to access data of that content provider.

<grant-uri-permission android:pathPrefix="/" />

Manifestor.py extracts AndroidManifest.xml from an Android application package (.apk), decodes it and scans it for such permission flaws. As an output, it will display you the set path and whether or not it could be vulnerable. Below is the usage:

  Options:
    -h, --help            show this help message and exit
    -o OUTPUTDIR, --output-dir=OUTPUTDIR
                          Output directory to use. This path will be used to
                          download the apk files to your machine
    -a APKS, --apk=APKS   Path (on Android device) of APK(s) to scan. Example:
                          /system/app/Gmail.apk. If the value of this switch is
                          set to scan_all, the script will automatically scan
                          all apks in /system/app and /system/sd/app folder
    -l LOCALFILES, --local=LOCALFILES
                          Path (on the local machine) to APK(s).
    -A APKPATHS, --apkpath=APKPATHS
                          Path (on Android device) to search for APK(s) to scan.
                          Example: /system/app

As input, it accepts an apk file path or a folder name on your phone. If you have apk files on your local machine, you can use "-l" switch. "-o" switch lets you specify the folder where the apk files will be downloaded and saved from you android device. If this switch is not specified, the files are saved in the current folder. This tool is in early stages of development. You are more than welcome to modify/enhance it.

license

GPLv3

cost

Free

who should use it ?

Pen-testers, Security professionals, Android geeks with a rooted phone

requirements

To run this script, you need the following:

Python 2.6
Android SDK should be installed
Path or Environment variables should be set for Android SDK tools (Example on Mac OS - export PATH=${PATH}:/Users/path-to-android-sdk/tools)
Rooted Android device with find command (via Busybox etc.)
USB debugging enabled

If apks are on your device, then it should be connected to your machine via USB cable

More details:

Manifestor.py is available for download or from the resource links available on the right-hand side.

Content links:

Neighbouring sections

For more information please contact us...