-
-
Save emdete/56de55ab9dadc44c4b6c0101fe752859 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from subprocess import run | |
from urllib.request import urlopen | |
from yaml import load, CLoader | |
def get_ioc(): | |
with urlopen( | |
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/ioc.yaml" | |
) as f: | |
return [ | |
n | |
for e in [e["packages"] for e in load(f, Loader=CLoader) if "packages" in e] | |
for n in e | |
] | |
def find_ioc(): | |
count = 0 | |
res = run( | |
["adb", "shell", "pm", "list", "packages", "-f"], | |
capture_output=True, | |
) | |
if res.returncode == 0: | |
ioc_packages = get_ioc() | |
for l in str(res.stdout).split("\n"): | |
_, l = l.strip().split(":", 1) | |
p, n = l.rsplit("=", 1) | |
t = p.split("/")[1] | |
if n in ioc_packages: | |
print("Diese App könnte Stalkerware sein:", n) | |
count += 1 | |
else: | |
print("Konnte die Liste der Apps nicht ermitteln. Ist das Handy angeschlossen, der Debug-Modus aktiviert und der Rechner authorisiert?") | |
return -1 | |
return count | |
if not find_ioc(): | |
print("Keinen Hinweis auf Stalkerware gefunden.") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment