Making releases for python programs in android
It’s been a while since I lastest got Digenpy for android ready, so I decided to take a look at it again and re-do it. After I finised most of the work, I realized I didn’t have a build-and-test apk system, so I’ve built one.
Here are the steps I followed, as described by android documentation:
- Download android sdk
- Get java development kit (sun-java6-jdk in debian. Only available in debian stable at this time)
- Launch “android” executable from sdk tools/ directory and specify it to download the APIs you want, and the platform tools.
- Generate apk with ant *
- Align apk with zipalign from tools directory *
- Set up a virtual machine in emulator *
- Launch app in emulator *
* I’ve made a little script, hosted here , it also can do debian packages and windows exes (I will talk about it in my next article). After apk building it launches android emulator to test it.
Let’s get all of it togheter. We need to install a few things and configure the script.
First of all, we’ll need to install android SDK on a good path, like /usr/local/share/android-sdk.
$ wget http://dl.google.com/android/android-sdk_r15-linux.tgz -O - |tar xvzf - # mv android-sdk-linux /usr/local/share/android-sdk
Then, we install sun-java6-jdk, only debian stable is covered here.
# apt-get install sun-java6-jdk sun-java6-jre
Finally, we’ll install the android platform tools and sdk, launching (as root) the android app.
# /usr/local/share/android-sdk/tools/android
Inside there, we’ll select an API (I’ve chosen 10) and the platform-tools and SDK-tools.
Android tool
To be able to emulate, first we’ll have to create the config for an emulator, we’ll do it trough tools/Manage AVDs
Android virtual device manager
Now, we will download the template for android-python apps, uncompress it, and put our script on raw/res/script.py, then execute package_generator script.
wget http://android-scripting.googlecode.com/hg/android/script_for_android_template.zip unzip script_for_android_template.zip mv hello_world.py raw/res/script.py
Package_generator.sh apk
And there we have it: It will generate a nice APK, and launch the emulator with the apk installed so we can test it.
Adding nessus support to airoscript
OpenVAS, THE framework for vulnerability scanning and management, is normally used via it’s standard GUI, but I recently discovered it provides a nice batch mode, wich I’ll be using in this post to add it to airoscript, and make a little independient TUI for it.
OpenVAS strcutrue. Source: wikimedia commons
I know that plugins on airoscrip-ng are making it grow bigger than it should, this plugin isn’t even going to enter airoscript-ng on trunk. It’s just an example, for both OpenVAS batch usage and airoscript plugin making (making them portable)
I’m planning on making a simple jabashit based interface to independently load airoscrit-compatible plugins, so that problem will be solved. Then, let’s have a look at the idea of having OpenVAS in airoscript via plugin, it’s fair simple:
enabled_plugins+="Scan selected client with OpenVAS"
wait_for_openvasd() {
while [ "1" ]; do ps aux|grep "openvasd: waiting for incoming connections" && break ; done
}
openvas_autodetect_hosts(){
# Ok, this is not nice for this post, so for now I'll let it unimplemented.
}
rootify(){
# So we are not forced to be root, and made it compatible with ubuntu and debian bot sudo and su.
[[ $UID == 0 ]] && { $@; } || { [[ type -f sudo ]] && sudo $@ || su -c "$@"; }
}
yesno(){
read -p "$@" ans
[[ $ans ~= "y" ]] && return 0 || return 1
}
check_dump_path(){
[[ -n $DUMP_PATH ]] && return 0 || return 1
}
Scan_selected_client_with_OpenVAS(){
check_dump_path || DUMP_PATH="./"
yesno "Have you already configured wireless interface?" || configure
yesno "Autodetect hosts? (If not, you'll be asked to enter them)" && {
openvas_autodetect_hosts
} || {
echo -e "Enter list of hosts, one line each, end with EOF"
cat << EOF > $DUMP_PATH/available_hosts
}
pgrep openvasd || rootify "openvasd &>$DUMP_PATH/openvasd_log &"
wait_for_openvasd && {
read -p "Enter username: " user
read -p "Enter password: " pass
openvas-client -T html_graph -x -q localhost 9390 $user $pass $DUMP_PATH/available_hosts $DUMP_PATH/OpenVAS_results
}
}
Let’s explain this a little. I’ve made a wait_for_openvasd function, wich will wait until openvas sais it’s waiting for incoming connections, so we can safely launch openvasd, then this and if this is successfull openvas-client.
The other two functions, yesno and check_dump_path are for airoscript-ng compatibility. So that right now, you can source that file wherever you want and execute Scan_selected_client_with_OpenVAS and it will work.
I’ll be launching openvas-client in batch mode, without human interaction, and return results in HTML. If you’re in a configured interface, and with a file “Hosts” with all the hosts you want to test, you’d want to use this command:
pgrep openvasd || openvasd &> log & wait_for_openvasd && openvas_client -T html_graph -x -q localhost 9390 YOUR_USER YOUR_PASS ./Hosts OpenVAS_results.html && x-www-browser OpenVAS_results.html
And you’ll get a nice graph opened in your web browser.
Easly creating nice menus with jabashit
This is more like a installing + quickstart guide for jabashit.
First of all, we need to get a working copy of jabashit, and make.
# apt-get install make tar
# wget -O - https://github.com/XayOn/jabashit/tarball/master | tar xvz && make -C XayOn-*
Ok, we’re done for, jabashit is installed on your system =) Easy & nice huh?
Now, we’re making a simple shell script using jabashit, remember, it’s not sh compatible so we have to use bash here.
#!/bin/bash
source $(source_jabashit)
load TUI screen_display # screen_display is a dep of TUI.
mkmenu -t "System utilities" -o "Process monitor" -f "top" -o "Cpu Info" -f "cat /proc/cpuinfo" -o "Exit" -f "echo"
To this point, it’s not much more than I had on previous jabashit release post, but now jabashit has a whole lot of plugins like this one:
#!/bin/bash
source $(source_jabashit)
load device_utils TUI screen_display
_cdtool(){ read -p "$(_ 'Enter device: ')" a; read -p "$(_ 'Enter destination or source file: ')" a; cdtool $1 $a $b; }
mkmenu -t "Cd Utils" -o "Save a CD/DVD to disk" -f '_cdtool save' -o "Burn directory to CD/DVD" -f '_cdtool write_dir' -o "Burn iso image to CD/DVD" -f '_cdtool write_iso'
Debianizing airoscript-ng and python-digenpy
I’m currently packaging for debian two of my best apps, python-digenpy and airoscript-ng
For airoscript-ng I’ve made a few mistakes (that hopefully some debiian mentor will tell me), like versioning it as 1.2-1 instead of 1.2-3, and getting python-digenpy (wich I have not uploaded to d-m yet) as recommends.
I’ll probably upload debian packaging to a git server, separated from aircrack-ng svn, and with svn included (so I can update it easyli), I could get some ideas for that, It’s not optimal.
Airoscript-ng 1.2-3 released
This evening I’ve released airoscript-ng 1.2-3 (yeah, I know, an epic version number), with a nice set of new features, including:
- Working AUTO mode
- With essid filtering, automatic cracking of the AP with best signal
- New command line options (including autoconfig, essid filtering...)
- Wordlist generator wizardry with digenpy and john the ripper plugin
- New re-organised attacks menus
- Fixed WPA crack, it'll work now (with a good dictionary)
- Added (experimental) dsniff, sslstrip and
- Added new artwork, improved appearence A LOT
- Made startup more usable, lees $clear executed.
- Improved exit, it'll delete all virtual interfaces created upon exit.
You can download it at Its google code page or, as always, get it on the aircrack-ng subversion repository =)
SocialStickers is coming out soon
SocialStickers, a web application (python+tornado 
) made for creating printed stickers about some data got from twitter, is almost rewritten.
I’m re-writing it to have a new nice 2.0 interface (hell, it’s a social-twitter-whaever oriented app, so it has to have one), it has yet a great backend, just lacks the frontend and the twitter autentication part.
The project aims at all those people that organise twitter-based events and then makes “handmade ids” with everyone’s twitter id, for generic events organization and standard friend 2.0 partys.
Get 2.0 with SocialStickers, wait for it!
Note that you can contribute with its development at its github page
Codenv project ended. Long life to jabashit!
Jabashit menu creator
Using jabashit you can create a nice menu like the one in the image with:
source $(source_jabashit)
load screen_display TUI
mkmenu -t "Menu title" -o "Option Foo bar baz" -f "echo" -o "Option baz stuff" -f "echo"
Digenpy, windows and android announcement
Thanks to Javier Jarava from RSA.com I ended up adding support to Digenpy for woking on windows. To achieve this, follow this simple steps:
- Install a python intepreter ()
- Install pygtk bundle ()
- Dwonload Digenpy ()
- Install Digenpy:
- Launch digenpy-gtk with python
So… points -1-3 are straightforward, lets start with point 4.
Installing Digenpy
To install digenpy you’ll just have to uncompress it and execute “setup.bat” by double-clicking on it ( )
Then, to launch digenpy-gtk, just double-click on digenpy-gtk.bat
Since lastest versions, I’ve included a simple windows NSI installer, just doble click and install!
I’m also working on an android release, wait for it!
Released CodEnv
CodEnv is a set of vim configurations wrapped under a script and a screen config that will allow you to post on your favourite blogs, keep track of the time and tickets in a trac environment and confortably use Vim as an IDE.
It’s gracefully integrated with CoPim with just modifying its screenrc.
Give it a try!
CoPIM First release. Working on CodEnv
CoPIM is a set of console tools to integrate a full personal information manager with a console interface.
To achieve this, I’m making use of some existing and really powerfull tools, as screen, mutt, irssi, wyrd and abook.
CoPIM functionality list:
- Read mail with mutt (sidebar with mailbox lists included) and integrate it with abook
- Communicate via IM/SIP/Skype with your contactacts (full integration with abook too) via IRSSI
- Reminders, via IRSSI (for notifications, in a future they’ll be graphical (optional)) and wyrd( powered by REMIND)
I’m also making irssi much nicer with some plugins. Come and try it!
After that, I’m working on CodEnv, a similar environment directly aimed at development, a custom VIM install and some usefull tools for managing it. Also, I’ll probably patch worklog to save time in configurable units.
