Difference between revisions of "ORP APK Bot"
From Exploitee.rs
Jump to navigationJump to search
(Created page with "== About == The Discord bot "ORP_APK" iterates through applications in the Google Play store looking for instances of insecure cloud storage, open real time databases, and private keys. After manual verification of the finding, a user can then report the finding to the affected app developer through the use of bot commands. == Services == * Amazon AWS S3 Buckets * Linode Objects Buckets * Digital Ocean Spaces * DreamHost Buckets * Azure Blobs * BackBlaze S3 * IBM Clo...") |
|||
| Line 20: | Line 20: | ||
== Usage == | == Usage == | ||
{| class="wikitable" | |||
!| Command | |||
!| Description | |||
|- | |||
| !start | |||
| Starts the bot in the specified channel. | |||
|- | |||
| !scan <app_id> | |||
| Scans the provided app id (ex: com.google.play) | |||
|- | |||
| !get_findings <app_id> | |||
| Gets previously found findings for a specified app id | |||
|- | |||
| !update_notified <finding_id_num> | |||
| Used to set the finding (based on the finding id) as reported (for reports handled outside of bot). | |||
|- | |||
| !get_email <finding_id_num> <researcher_name> | |||
| Create a report for the specified finding with the specified researchers name (submission is previewed before sending). | |||
|- | |||
| !add_note <Not to application developer here> | |||
| Adds a note to a finding submission (used after !get_email) | |||
|- | |||
| !cancel_email | |||
| Cancels an email after being previewed through !get_email | |||
|- | |||
| !send_email | |||
| Sends an email after being previewed through !get_email | |||
|} | |||
[[Category:Open Research Project]] | [[Category:Open Research Project]] | ||
Revision as of 05:49, 29 May 2022
About
The Discord bot "ORP_APK" iterates through applications in the Google Play store looking for instances of insecure cloud storage, open real time databases, and private keys. After manual verification of the finding, a user can then report the finding to the affected app developer through the use of bot commands.
Services
- Amazon AWS S3 Buckets
- Linode Objects Buckets
- Digital Ocean Spaces
- DreamHost Buckets
- Azure Blobs
- BackBlaze S3
- IBM Cloud Buckets
- Wasabi Object Buckets
- Vultr Objects Buckets
- FireBase Database
- Google Cloud Buckets
- RSA Private Keys
- AWS Creds
Usage
| Command | Description |
|---|---|
| !start | Starts the bot in the specified channel. |
| !scan <app_id> | Scans the provided app id (ex: com.google.play) |
| !get_findings <app_id> | Gets previously found findings for a specified app id |
| !update_notified <finding_id_num> | Used to set the finding (based on the finding id) as reported (for reports handled outside of bot). |
| !get_email <finding_id_num> <researcher_name> | Create a report for the specified finding with the specified researchers name (submission is previewed before sending). |
| !add_note <Not to application developer here> | Adds a note to a finding submission (used after !get_email) |
| !cancel_email | Cancels an email after being previewed through !get_email |
| !send_email | Sends an email after being previewed through !get_email |
