About Super-Analyzer
Super-Aalyzer is a tool that automatically diagnoses and analyzes Android vulnerabilities for apk.
https://github.com/SUPERAndroidAnalyzer/super
A tool called Super-Aalyzer is disclosed on the github above, but the github does not provide detailed installation methods.
Therefore, I wrote this article to share how to install it.
For your information, I installed it in the kali-linux environment, and it can be installed in ubuntu in the same way, so please refer to it.
Install
1) root account access
Please make sure to access the root account before proceeding with the full-fledged download. You have to proceed with the installation with the root account to install it without any errors.
2) Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
There will be a screen like [Figure 2], but you can enter 1 and enter ENTER.
3) cargo-deb Install
cargo install cargo-deb
Cargo is the package manager of RUST.
Install cargo-deb using cargo.
Entering the above command will install the cargo-deb.
After installation, the cargo-deb must be updated, so the same command must be entered again to proceed with the update.
It will stop for a long time at 90/91, just don't worry and wait as the installation will take a long time.
4) git clone super-analyzer
git clone https://github.com/SUPERAndroidAnalyzer/super.git
After completing the cargo-deb patch, import the super-analyzer files into git clone.
When you access the downloaded super directory, you can see that there is a sh file for each operating system as shown in Figure 4.
I will install super-analyzer using the debian_build.sh file because it is a kali-linux environment. However, if you run debian_build.sh right away, you will need to modify the contents of the file slightly to prevent installation.
For ubuntu users, you can modify ubuntu_build.sh in the same way.
If you open debian_build.sh with vim, you can see the contents as shown in [Figure 5].
Replace the contents of debian_build.sh with [Figure 5] → [Figure 6] and save it.
5) Execute shell script
./debian_build.sh
Running the sh file installs super-analyzer.
6) cargo build
cargo build
Finally, if you do the cargo build, all installations are finished!
Use super-analyzer
1) execute super-analyzer
Type "super-analyzer --help" to confirm that super-analyzer is running normally as shown in [Figure 7]
2) APK analysis using super-analyzer
super-analyzer -v [apk]
Let's analyze any apk file by entering the command.
With the release of a cute Android friend, vulnerability analysis begins for the apk file.
Personally, I think it's very cute lol
After the vulnerability analysis, analysis results are generated, and can be found in [result] → [package name] → [index.html].
When accessing [index.html], a vulnerability analysis report is provided as shown in [Figure 9].
The level of vulnerability consists of various difficulties from Low to Critical, and in the case of Critical and High, it is a vulnerability with a high risk probability.
Of course, it is not necessarily a dangerous case, so don't believe in it and use it only for reference.
As shown in [Figure 10], it can be confirmed that the point where the vulnerability occurred is provided together with the decompiled code to inform it in detail.
Finish
So far, we have learned about super-analyzer installation and simple use.
Thank you for reading it.