AndroPyTool is a framework for automated static and dynamic feature extraction from Android applications, targeting security researchers and developers for malware analysis. It consolidates multiple analysis tools to generate comprehensive feature sets in JSON, CSV, or MongoDB formats, aiding in malware detection and classification.

How It Works

AndroPyTool orchestrates a suite of established Android analysis tools, including DroidBox, FlowDroid, Strace, AndroGuard, and VirusTotal. It performs pre-static, static, and dynamic analyses on provided APK files. The framework's advantage lies in its integrated approach, automating the execution and data aggregation from these diverse tools, thereby simplifying the complex process of feature engineering for Android malware research.

Quick Start & Requirements

• Docker: docker pull alexmyg/andropytool followed by docker run --volume=</PATH/TO/FOLDER/WITH/APKS/>:/apks alexmyg/andropytool -s /apks/ <ARGUMENTS>
• Source: Requires Ubuntu, Docker, Android SDK (API 16), Java 8, and Python. Extensive setup involves installing system dependencies, SDK components, and Python libraries.
• Dependencies: Docker, Git, Java 8, Android SDK (platform-tools, tools, android-16, sys-img-armeabi-v7a-android-16), Python 3, pip, virtualenv.
• Docs: https://github.com/alexMyG/AndroPyTool

Highlighted Details

• Integrates DroidBox, FlowDroid, Strace, AndroGuard, and VirusTotal.
• Supports static and dynamic analysis.
• Outputs features in JSON, CSV, and MongoDB formats.
• Includes malware classification based on VirusTotal reports.

Maintenance & Community

The project mentions contributions for fixing Droidbox images. Further community or maintenance activity is not detailed in the README.

Licensing & Compatibility

The README does not explicitly state a license. Compatibility for commercial use or closed-source linking is not specified.

Limitations & Caveats

The source installation process is complex and has only been tested on Ubuntu, requiring significant manual setup of the Android SDK and Java environment. Dynamic analysis with DroidBox may require specific configurations or troubleshooting.