Pithus

Pithus is a free and open-source platform to analyze Android applications for activists, journalists, NGOs, researchers...

Analyses, which we want to be as comprehensive as possible, rely on multiple well-known tools such as:

• APKiD
• ssdeep
• Dexofuzzy
• Quark-Engine
• AndroGuard
• MobSF
• Exodus-core

When an APK is submitted, it is analyzed by the different tools listed above. Each report is stored in ElasticSearch. Analysis steps are defined in tasks.py file.

The beta version is available at beta.pithus.org.

Development environment setup

Pithus is currently in beta so if you want to contribute, please refer to the Cookiecutter documentation.

On Linux:

git clone [email protected]:Pithus/bazaar.git
cd bazaar

It is possible to run the entire development stack with docker-compose:

# Build the project
docker-compose -f local.yml build

# Run the project
docker-compose -f local.yml up

# Alternatively you can add -d to run it as a daemon
docker-compose -f local.yml up -d

Then browse to http://localhost:8001 and enjoy Pithus!

⚠️Important⚠️:

It is possible that you might have an error for a missing index while browsing to the address the first time. It is probable that Django hasn't been properly loaded. To fix that, add a blank line in any of the Django file, save it and refresh the page in the browser.

Set up the internal Python interpreter with Visual Studio Code

It is possible to run the entire development environment in a Docker container. This will allow you to run on the same Python interpreter as anyone else contributing to this project. To do so with Visual Studio Code, follow these steps:

• Install the Python and the Remote Containers extensions.
• Open the command palette and look for the option: "Remote Containers: Attach to running container".
• Choose bazaar_local_django.
• VSCode will restart, and you will be presented with a new window of VSCode.
• Open the file explorer and open the folder /app, the code is there.
• You are all set up!

Note: By default, only your theme and the Remote Containers will be installed, you will need to install more extension in the Docker manually. However, your settings will be imported automatically.

More information on developping in a container in the Visual Studio Code documentation.

SASS

To apply SASS file changes, just run the following command:

sassc bazaar/static/front/sass/project.scss backend/static/front/css/project.css

Reindex after adding a new field

from django.conf import settings
from elasticsearch import Elasticsearch
import json

es = Elasticsearch(settings.ELASTICSEARCH_HOSTS)
mapping = json.load(open('bazaar/es_mappings/apk_analysis.json'))
es.indices.put_mapping(index=settings.ELASTICSEARCH_APK_INDEX, body=mapping.get('mappings'))

Community

Do you have questions? Do you want to chat with us? Come join us on our discord: https://discord.gg/PgdKfp4VMQ.

You can also preview some features, explore the tools and our work process on TryHackMe with our own featured room! https://tryhackme.com/room/androidmalwareanalysis