mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00

Files

T

mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders

2026-03-10 21:02:12 +01:00

2.4 KiB

Raw Blame History

API Reference: Android Malware Reverse Engineering with JADX Agent

Overview

Reverse engineers Android APKs using apktool for manifest extraction, JADX for Java decompilation, and regex-based source code analysis for malicious patterns (C2 URLs, SMS interception, overlay attacks).

Dependencies

Package	Version	Purpose
hashlib	stdlib	APK hash computation
xml.etree	stdlib	AndroidManifest.xml parsing

External Tools Required

Tool	Purpose
apktool	APK disassembly and manifest extraction
jadx	DEX to Java decompilation with deobfuscation

Core Functions

`compute_apk_hashes(apk_path)`

Generates MD5 and SHA-256 hashes for APK identification.

`extract_manifest(apk_path, output_dir)`

Extracts AndroidManifest.xml and parses permissions, activities, services, receivers.

Returns: dict with package, permissions, activities, services, receivers

`analyze_permissions(permissions)`

Classifies permissions against a list of 16 dangerous Android permissions.

Risk: CRITICAL if SMS/accessibility/device-admin, HIGH if >5 dangerous
Returns: dict with categorized permission lists and risk level

`decompile_with_jadx(apk_path, output_dir)`

Runs JADX with --deobf flag for deobfuscated Java source output.

Timeout: 300 seconds

`search_source_code(source_dir, patterns)`

Searches decompiled Java source for 10 malicious pattern categories.

Returns: dict[str, list[dict]] - pattern name to file/match pairs

`analyze_apk(apk_path, output_base)`

Full pipeline: hashes -> manifest -> permissions -> decompile -> code analysis.

Malicious Code Patterns

Pattern	Indicator
urls	HTTP/HTTPS C2 server addresses
ips	Hardcoded IP addresses
exec_commands	Runtime.exec() shell command execution
reflection	Class.forName() dynamic class loading
dex_loading	DexClassLoader for loading additional code
overlay_attack	TYPE_APPLICATION_OVERLAY for phishing overlays
accessibility_abuse	AccessibilityService for keylogging/automation
sms_intercept	SMS_RECEIVED broadcast interception

Dangerous Permissions Checked

READ_SMS, SEND_SMS, RECEIVE_SMS, READ_CONTACTS, CAMERA, RECORD_AUDIO, ACCESS_FINE_LOCATION, READ_PHONE_STATE, BIND_ACCESSIBILITY_SERVICE, BIND_DEVICE_ADMIN, REQUEST_INSTALL_PACKAGES

Usage

python agent.py malware.apk

2.4 KiB Raw Blame History