Home

Awesome

AMAnDe

What's AMAnDe

AMAnDe stands for Android Manifest Anomaly Detector. It's a new tool whose objective is to extract and gather information from an Android Manifest. When we deal with huge Manifests, it is often difficult to get all relevant datas (like deeplink URIs, exported provider, etc.) With AMAnDe all of this information is deeply analyzed and presented to you in a simple manner.

AMAnDe can also directly take an APK file as input. In this case, the following files (if exist) will also be analyzed :

All results take into consideration Android versions and their corresponding default values and configurations.

Installation

python3 -m pip install -r requirements.txt

Usage

Using the script requires to specify the following mandatory options :

AMAnDe is developed with its own logger which can take value 0,1 and 2 to respectively display INFO, WARNING or CRITICAL information.

./main.py -h
./main.py -min 10 examples/AmazeFileManager_AndroidManifest.xml
./main.py -min 15 -target 20 -max 30 examples/AmazeFileManager_AndroidManifest.xml -v 2
./main.py -min 28 -target 30 examples/Signal_AndroidManifest.xml --json output.json
./main.py -min 20 -max 33 --adb com.example.package
./main.py -min 21 -max 31 example.apk

If you want interesting XML files (backup rules and network_security_config) to be parsed, please submit an APK file. Otherwise, give the script a simple Manifest file but the results will not be as relevant.

Checks

Basic information

With an APK:

Permissions

Backup functionality

With an APK:

With ADB:

Network Security Config

With an APK and if the file exists:

Components

Firebase

Task Hijacking

Contributing

We encourage any contribution aiming at improving this tool. If you want to contribute please check our guidelines in CONTRIBUTING.