You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+9-28Lines changed: 9 additions & 28 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
# LibScout
2
2
3
-
LibScout is a light-weight and effective static analysis tool to detect third-party libraries in Android apps. The detection is resilient against common bytecode obfuscation techniques such as identifier renaming or code-based obfuscations such as reflection-based API hiding or control-flow randomization.<br>
4
-
LibScout requires the original library SDKs (compiled .jar/.aar files) to extract library profiles that can be used for detection on Android apps.
3
+
LibScout is a light-weight and effective static analysis tool to detect third-party libraries in Android/Java apps. The detection is resilient against common bytecode obfuscation techniques such as identifier renaming or code-based obfuscations such as reflection-based API hiding or control-flow randomization. Further LibScout is capable of pinpointing exact library versions.<br>
4
+
LibScout requires the original library SDKs (compiled .jar/.aar files) to extract library profiles that can be used for detection on Android apps. Pre-generated library profiles are hosted at the repository [LibScout-Profiles](https://github.com/reddr/LibScout-Profiles).
5
5
6
6
Unique features:
7
7
* Library detection resilient against many kinds of bytecode obfuscation
@@ -21,26 +21,10 @@ If you use LibScout in a scientific publication, we would appreciate citations u
21
21
22
22
## Library Profiles and Scripts
23
23
24
-
To facilitate usage of LibScout we are happy to release our datasets to the community. <br>
25
-
You can find the following resources in the data/scripts directory:<br>
24
+
Ready-to-use library profiles and library meta-data can be found in the repository [LibScout-Profiles](https://github.com/reddr/LibScout-Profiles).
25
+
It further includes scripts to automatically retrieve complete library version histories.
26
26
27
-
28
-
### Library Profiles (last updated: 06/27/2017)
29
-
30
-
You can find all <b>library profiles</b> (ready-to-use) for lib detection in apps in the data directory as compressed .zip file.<br>
31
-
It currently includes <b>205</b> unique libraries and <b>3,071</b> library versions.<br> For convenience, data/library-data.csv contains a complete list of library/-versions including meta data such as release dates.
32
-
33
-
### Scripts (scripts/mvn-central)
34
-
The scripts directory further contains a python script to automatically download original library SDKs including complete version histories from maven-central.<br>
35
-
The set of libraries we currently retrieve is stored in a json file.<br>
36
-
37
-
38
-
Due to copyright reasons we cannot publicy provide the original library SDKs. If you are interested in this data, send us an email.
39
-
We also welcome contributions to LibScout or our library database (either original SDKs or scripts for automatic retrieval from sources other than mvn central).<br><br>
40
-
Contact us for comments, feedback, how to contribute: Erik Derr [[email protected]]
41
-
42
-
43
-
## Detecting vulnerable library versions
27
+
### Detecting vulnerable library versions
44
28
45
29
LibScout has builtin functionality to report library versions with the following security vulnerabilities.<br>
46
30
Detected vulnerable versions are tagged with <b>[SECURITY]</b>, patches with <b>[SECURITY-FIX]</b>. <br>
@@ -67,17 +51,14 @@ These results have been reported to Google's [ASI program](https://developer.and
67
51
## LibScout Repo Structure
68
52
<pre><code>
69
53
|_ build.xml (ant build file to generate runnable .jar)
70
-
|_ data (library profiles and supplemental data sets)
0 commit comments