- 更新apktool为最新版本

- 优化部分环节流程 - 修复excle文件导出时超时行数限制 - 修复脚本执行时卡顿的问题 - 修复Mac下Playload文件权限不足的问题
kelvinBen · Oct 23, 2022 · 827ef29 · 827ef29
1 parent 51ca5a0
commit 827ef29
Show file tree

Hide file tree

Showing 15 changed files with 436 additions and 387 deletions.
diff --git a/app.py b/app.py
@@ -8,21 +8,24 @@
 from libs.core import Bootstrapper
 from libs.task.base_task import BaseTask
 
+
 @click.group(help="Python script for automatically retrieving key information in app.")
 def cli():
     pass
 
 # 创建Android任务
+
+
 @cli.command(help="Get the key information of Android system.")
 @click.option("-i", "--inputs", required=True, type=str, help="Please enter the APK file or DEX file to be scanned or the corresponding APK download address.")
 @click.option("-r", "--rules", required=False, type=str, default="", help="Please enter a rule for temporary scanning of file contents.")
 @click.option("-s", "--sniffer", is_flag=True, default=False, help="Enable the network sniffer function. It is on by default.")
-@click.option("-n", '--no-resource', is_flag=True, default=False,help="Ignore all resource files, including network sniffing. It is not enabled by default.")
-@click.option("-a", '--all',is_flag=True, default=False,help="Output the string content that conforms to the scan rules.It is on by default.")
-@click.option("-t", '--threads',required=False, type=int,default=10,help="Set the number of concurrency. The larger the concurrency, the faster the speed. The default value is 10.")
-@click.option("-o", '--output',required=False, type=str,default=None,help="Specify the result set output directory.")
-@click.option("-p", '--package',required=False,type=str,default="",help="Specifies the package name information that needs to be scanned.")
-def android(inputs: str, rules: str, sniffer: bool, no_resource:bool, all:bool, threads:int, output, package:str) -> None:
+@click.option("-n", '--no-resource', is_flag=True, default=False, help="Ignore all resource files, including network sniffing. It is not enabled by default.")
+@click.option("-a", '--all', is_flag=True, default=False, help="Output the string content that conforms to the scan rules.It is on by default.")
+@click.option("-t", '--threads', required=False, type=int, default=10, help="Set the number of concurrency. The larger the concurrency, the faster the speed. The default value is 10.")
+@click.option("-o", '--output', required=False, type=str, default=None, help="Specify the result set output directory.")
+@click.option("-p", '--package', required=False, type=str, default="", help="Specifies the package name information that needs to be scanned.")
+def android(inputs: str, rules: str, sniffer: bool, no_resource: bool, all: bool, threads: int, output, package: str) -> None:
     try:
         bootstrapper = Bootstrapper(__file__, output, all, no_resource)
         bootstrapper.init()
@@ -31,15 +34,16 @@ def android(inputs: str, rules: str, sniffer: bool, no_resource:bool, all:bool,
     except Exception as e:
         raise e
 
+
 @cli.command(help="Get the key information of iOS system.")
 @click.option("-i", "--inputs", required=True, type=str, help="Please enter IPA file or ELF file to scan or corresponding IPA download address. App store is not supported at present.")
 @click.option("-r", "--rules", required=False, type=str, default="", help="Please enter a rule for temporary scanning of file contents.")
 @click.option("-s", "--sniffer", is_flag=True, default=False, help="Enable the network sniffer function. It is on by default.")
-@click.option("-n", '--no-resource', is_flag=True, default=False,help="Ignore all resource files, including network sniffing. It is not enabled by default.")
-@click.option("-a", '--all',is_flag=True, default=False,help="Output the string content that conforms to the scan rules.It is on by default.")
-@click.option("-t", '--threads',required=False, type=int,default=10,help="Set the number of concurrency. The larger the concurrency, the faster the speed. The default value is 10.")
-@click.option("-o", '--output',required=False, type=str,default=None,help="Specify the result set output directory.")
-def ios(inputs: str, rules: str, sniffer: bool, no_resource:bool, all:bool, threads:int, output:str) -> None:
+@click.option("-n", '--no-resource', is_flag=True, default=False, help="Ignore all resource files, including network sniffing. It is not enabled by default.")
+@click.option("-a", '--all', is_flag=True, default=False, help="Output the string content that conforms to the scan rules.It is on by default.")
+@click.option("-t", '--threads', required=False, type=int, default=10, help="Set the number of concurrency. The larger the concurrency, the faster the speed. The default value is 10.")
+@click.option("-o", '--output', required=False, type=str, default=None, help="Specify the result set output directory.")
+def ios(inputs: str, rules: str, sniffer: bool, no_resource: bool, all: bool, threads: int, output: str) -> None:
     try:
         bootstrapper = Bootstrapper(__file__, output, all, no_resource)
         bootstrapper.init()
@@ -48,15 +52,16 @@ def ios(inputs: str, rules: str, sniffer: bool, no_resource:bool, all:bool, thre
     except Exception as e:
         raise e
 
+
 @cli.command(help="Get the key information of Web system.")
 @click.option("-i", "--inputs", required=True, type=str, help="Please enter the site directory or site file to scan or the corresponding site download address.")
 @click.option("-r", "--rules", required=False, type=str, default="", help="Please enter a rule for temporary scanning of file contents.")
 @click.option("-s", "--sniffer", is_flag=True, default=False, help="Enable the network sniffer function. It is on by default.")
-@click.option("-n", '--no-resource', is_flag=True, default=False,help="Ignore all resource files, including network sniffing. It is not enabled by default.")
-@click.option("-a", '--all',is_flag=True, default=False,help="Output the string content that conforms to the scan rules.It is on by default.")
-@click.option("-t", '--threads',required=False, type=int,default=10,help="Set the number of concurrency. The larger the concurrency, the faster the speed. The default value is 10.")
-@click.option("-o", '--output',required=False, type=str,default=None,help="Specify the result set output directory.")
-def web(inputs: str, rules: str, sniffer: bool, no_resource:bool, all:bool, threads:int, output:str) -> None:
+@click.option("-n", '--no-resource', is_flag=True, default=False, help="Ignore all resource files, including network sniffing. It is not enabled by default.")
+@click.option("-a", '--all', is_flag=True, default=False, help="Output the string content that conforms to the scan rules.It is on by default.")
+@click.option("-t", '--threads', required=False, type=int, default=10, help="Set the number of concurrency. The larger the concurrency, the faster the speed. The default value is 10.")
+@click.option("-o", '--output', required=False, type=str, default=None, help="Specify the result set output directory.")
+def web(inputs: str, rules: str, sniffer: bool, no_resource: bool, all: bool, threads: int, output: str) -> None:
     try:
         bootstrapper = Bootstrapper(__file__, output, all, no_resource)
         bootstrapper.init()
@@ -65,9 +70,10 @@ def web(inputs: str, rules: str, sniffer: bool, no_resource:bool, all:bool, thre
     except Exception as e:
         raise e
 
+
 def main():
     cli()
 
+
 if __name__ == "__main__":
     main()
-
diff --git a/config.py b/config.py
@@ -8,7 +8,7 @@
 # com.alibaba.fastjson -> fastjson
 # com.google.gson -> gson
 # com.fasterxml.jackson -> jackson
-# net.sf.json -> 
+# net.sf.json ->
 # javax.xml.parsers.DocumentBuilder -> dom方式
 # javax.xml.parsers.SAXParser -> sax方式
 # org.jdom.input.SAXBuilder -> jdom
@@ -28,7 +28,7 @@
 # 1. https://以及http://开头的
 # 2. IPv4的ip地址
 # 3. URI地址,URI不能很好的拼接所以此处忽略
-filter_strs =[
+filter_strs = [
     r'https://.*|http://.*',
     # r'.*://([[0-9]{1,3}\.]{3}[0-9]{1,3}).*',
     r'.*://([\d{1,3}\.]{3}\d{1,3}).*',
@@ -50,79 +50,80 @@
     r'.*w3school.com.cn',
     r'.*apple.com',
     r'.*.amap.com',
+    r'.*slf4j.org',
 ]
 
 # AK集合
 filter_ak_map = {
     "Aliyun_OSS": [
-        r'.*accessKeyId.*".*"',
-        r'.*accessKeySecret.*".*"',
-        r'.*secret.*".*"'
+        r'.*accessKeyId.*".*?"',
+        r'.*accessKeySecret.*".*?"',
+        r'.*secret.*".*?"'
     ],
-    #"Amazon_AWS_Access_Key_ID": r"([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}",
-	#"Amazon_AWS_S3_Bucket": [
-	#	r"//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+",
-	#	r"//s3\\.amazonaws\\.com/[a-z0-9._-]+",
-	#	r"[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com",
-	#	r"[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)",
-	#	r"[a-z0-9.-]+\\.s3\\.amazonaws\\.com",
-	#	r"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
-	#],
-	#"Artifactory_API_Token": r"(?:\\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}",
-	#"Artifactory_Password": r"(?:\\s|=|:|\"|^)AP[\\dABCDEF][a-zA-Z0-9]{8,}",
-	# "Authorization_Basic": r"basic\\s[a-zA-Z0-9_\\-:\\.=]+",
-	# "Authorization_Bearer": r"bearer\\s[a-zA-Z0-9_\\-:\\.=]+",
-	#"AWS_API_Key": r"AKIA[0-9A-Z]{16}",
-	#"Basic_Auth_Credentials": r"(?<=:\/\/)[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+",
-	#"Cloudinary_Basic_Auth": r"cloudinary:\/\/[0-9]{15}:[0-9A-Za-z]+@[a-z]+",
-	#"DEFCON_CTF_Flag": r"O{3}\\{.*\\}",
-	#"Discord_BOT_Token": r"((?:N|M|O)[a-zA-Z0-9]{23}\\.[a-zA-Z0-9-_]{6}\\.[a-zA-Z0-9-_]{27})$",
-	#"Facebook_Access_Token": r"EAACEdEose0cBA[0-9A-Za-z]+",
-	#"Facebook_ClientID": r"[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K](.{0,20})?['\"][0-9]{13,17}",
-	#"Facebook_OAuth": r"[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]",
-	#"Facebook_Secret_Key": r"([f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K]|[f|F][b|B])(.{0,20})?['\"][0-9a-f]{32}",
-	#"Firebase": r"[a-z0-9.-]+\\.firebaseio\\.com",
-	#"Generic_API_Key": r"[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
-	#"Generic_Secret": r"[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
-	#"GitHub": r"[g|G][i|I][t|T][h|H][u|U][b|B].*['|\"][0-9a-zA-Z]{35,40}['|\"]",
-	#"GitHub_Access_Token": r"([a-zA-Z0-9_-]*:[a-zA-Z0-9_-][email protected]*)$",
-	#"Google_API_Key": r"AIza[0-9A-Za-z\\-_]{35}",
-	#"Google_Cloud_Platform_OAuth": r"[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
-	#"Google_Cloud_Platform_Service_Account": r"\"type\": \"service_account\"",
-	#"Google_OAuth_Access_Token": r"ya29\\.[0-9A-Za-z\\-_]+",
-	#"HackerOne_CTF_Flag": r"[h|H]1(?:[c|C][t|T][f|F])?\\{.*\\}",
-	#"HackTheBox_CTF_Flag": r"[h|H](?:[a|A][c|C][k|K][t|T][h|H][e|E][b|B][o|O][x|X]|[t|T][b|B])\\{.*\\}$",
-	#"Heroku_API_Key": r"[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
-	# "IP_Address": r"(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])",
-	#"JSON_Web_Token": r"(?i)^((?=.*[a-z])(?=.*[0-9])(?:[a-z0-9_=]+\\.){2}(?:[a-z0-9_\\-\\+\/=]*))$",
-	# "LinkFinder": r"(?:\"|')(((?:[a-zA-Z]{1,10}:\/\/|\/\/)[^\"'\/]{1,}\\.[a-zA-Z]{2,}[^\"']{0,})|((?:\/|\\.\\.\/|\\.\/)[^\"'><,;| *()(%%$^\/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{1,}\\.(?:[a-zA-Z]{1,4}|action)(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{3,}(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-]{1,}\\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\\?|#][^\"|']{0,}|)))(?:\"|')",
-	#"Mac_Address": r"(([0-9A-Fa-f]{2}[:]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{2}[-]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{4}[\\.]){2}[0-9A-Fa-f]{4})$",
-	#"MailChimp_API_Key": r"[0-9a-f]{32}-us[0-9]{1,2}",
-	#"Mailgun_API_Key": r"key-[0-9a-zA-Z]{32}",
-	#"Mailto": r"(?<=mailto:)[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9.-]+",
-	#"Password_in_URL": r"[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
-	#"PayPal_Braintree_Access_Token": r"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}",
-	#"PGP_private_key_block": r"-----BEGIN PGP PRIVATE KEY BLOCK-----",
-	#"Picatic_API_Key": r"sk_live_[0-9a-z]{32}",
-	#"RSA_Private_Key": r"-----BEGIN RSA PRIVATE KEY-----",
-	#"Slack_Token": r"(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
-	#"Slack_Webhook": r"https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
-	#"Square_Access_Token": r"sq0atp-[0-9A-Za-z\\-_]{22}",
-	#"Square_OAuth_Secret": r"sq0csp-[0-9A-Za-z\\-_]{43}",
-	#"SSH_DSA_Private_Key": r"-----BEGIN DSA PRIVATE KEY-----",
-	#"SSH_EC_Private_Key": r"-----BEGIN EC PRIVATE KEY-----",
-	#"Stripe_API_Key": r"sk_live_[0-9a-zA-Z]{24}",
-	#"Stripe_Restricted_API_Key": r"rk_live_[0-9a-zA-Z]{24}",
-	#"TryHackMe_CTF_Flag": r"[t|T](?:[r|R][y|Y][h|H][a|A][c|C][k|K][m|M][e|E]|[h|H][m|M])\\{.*\\}$",
-	#"Twilio_API_Key": r"SK[0-9a-fA-F]{32}",
-	#"Twitter_Access_Token": r"[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}",
-	#"Twitter_ClientID": r"[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{18,25}",
-	#"Twitter_OAuth": r"[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*['|\"][0-9a-zA-Z]{35,44}['|\"]",
-	#"Twitter_Secret_Key": r"[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{35,44}"
+    # "Amazon_AWS_Access_Key_ID": r"([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}",
+    # "Amazon_AWS_S3_Bucket": [
+    #	r"//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+",
+    #	r"//s3\\.amazonaws\\.com/[a-z0-9._-]+",
+    #	r"[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com",
+    #	r"[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)",
+    #	r"[a-z0-9.-]+\\.s3\\.amazonaws\\.com",
+    #	r"amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+    # ],
+    # "Artifactory_API_Token": r"(?:\\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}",
+    # "Artifactory_Password": r"(?:\\s|=|:|\"|^)AP[\\dABCDEF][a-zA-Z0-9]{8,}",
+    # "Authorization_Basic": r"basic\\s[a-zA-Z0-9_\\-:\\.=]+",
+    # "Authorization_Bearer": r"bearer\\s[a-zA-Z0-9_\\-:\\.=]+",
+    # "AWS_API_Key": r"AKIA[0-9A-Z]{16}",
+    # "Basic_Auth_Credentials": r"(?<=:\/\/)[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+",
+    # "Cloudinary_Basic_Auth": r"cloudinary:\/\/[0-9]{15}:[0-9A-Za-z]+@[a-z]+",
+    # "DEFCON_CTF_Flag": r"O{3}\\{.*\\}",
+    # "Discord_BOT_Token": r"((?:N|M|O)[a-zA-Z0-9]{23}\\.[a-zA-Z0-9-_]{6}\\.[a-zA-Z0-9-_]{27})$",
+    # "Facebook_Access_Token": r"EAACEdEose0cBA[0-9A-Za-z]+",
+    # "Facebook_ClientID": r"[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K](.{0,20})?['\"][0-9]{13,17}",
+    # "Facebook_OAuth": r"[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]",
+    # "Facebook_Secret_Key": r"([f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K]|[f|F][b|B])(.{0,20})?['\"][0-9a-f]{32}",
+    # "Firebase": r"[a-z0-9.-]+\\.firebaseio\\.com",
+    # "Generic_API_Key": r"[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
+    # "Generic_Secret": r"[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]",
+    # "GitHub": r"[g|G][i|I][t|T][h|H][u|U][b|B].*['|\"][0-9a-zA-Z]{35,40}['|\"]",
+    # "GitHub_Access_Token": r"([a-zA-Z0-9_-]*:[a-zA-Z0-9_-][email protected]*)$",
+    # "Google_API_Key": r"AIza[0-9A-Za-z\\-_]{35}",
+    # "Google_Cloud_Platform_OAuth": r"[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com",
+    # "Google_Cloud_Platform_Service_Account": r"\"type\": \"service_account\"",
+    # "Google_OAuth_Access_Token": r"ya29\\.[0-9A-Za-z\\-_]+",
+    # "HackerOne_CTF_Flag": r"[h|H]1(?:[c|C][t|T][f|F])?\\{.*\\}",
+    # "HackTheBox_CTF_Flag": r"[h|H](?:[a|A][c|C][k|K][t|T][h|H][e|E][b|B][o|O][x|X]|[t|T][b|B])\\{.*\\}$",
+    # "Heroku_API_Key": r"[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
+    # "IP_Address": r"(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])",
+    # "JSON_Web_Token": r"(?i)^((?=.*[a-z])(?=.*[0-9])(?:[a-z0-9_=]+\\.){2}(?:[a-z0-9_\\-\\+\/=]*))$",
+    # "LinkFinder": r"(?:\"|')(((?:[a-zA-Z]{1,10}:\/\/|\/\/)[^\"'\/]{1,}\\.[a-zA-Z]{2,}[^\"']{0,})|((?:\/|\\.\\.\/|\\.\/)[^\"'><,;| *()(%%$^\/\\\\\\[\\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{1,}\\.(?:[a-zA-Z]{1,4}|action)(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-\/]{1,}\/[a-zA-Z0-9_\\-\/]{3,}(?:[\\?|#][^\"|']{0,}|))|([a-zA-Z0-9_\\-]{1,}\\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\\?|#][^\"|']{0,}|)))(?:\"|')",
+    # "Mac_Address": r"(([0-9A-Fa-f]{2}[:]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{2}[-]){5}[0-9A-Fa-f]{2}|([0-9A-Fa-f]{4}[\\.]){2}[0-9A-Fa-f]{4})$",
+    # "MailChimp_API_Key": r"[0-9a-f]{32}-us[0-9]{1,2}",
+    # "Mailgun_API_Key": r"key-[0-9a-zA-Z]{32}",
+    # "Mailto": r"(?<=mailto:)[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9.-]+",
+    # "Password_in_URL": r"[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
+    # "PayPal_Braintree_Access_Token": r"access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}",
+    # "PGP_private_key_block": r"-----BEGIN PGP PRIVATE KEY BLOCK-----",
+    # "Picatic_API_Key": r"sk_live_[0-9a-z]{32}",
+    # "RSA_Private_Key": r"-----BEGIN RSA PRIVATE KEY-----",
+    # "Slack_Token": r"(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
+    # "Slack_Webhook": r"https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
+    # "Square_Access_Token": r"sq0atp-[0-9A-Za-z\\-_]{22}",
+    # "Square_OAuth_Secret": r"sq0csp-[0-9A-Za-z\\-_]{43}",
+    # "SSH_DSA_Private_Key": r"-----BEGIN DSA PRIVATE KEY-----",
+    # "SSH_EC_Private_Key": r"-----BEGIN EC PRIVATE KEY-----",
+    # "Stripe_API_Key": r"sk_live_[0-9a-zA-Z]{24}",
+    # "Stripe_Restricted_API_Key": r"rk_live_[0-9a-zA-Z]{24}",
+    # "TryHackMe_CTF_Flag": r"[t|T](?:[r|R][y|Y][h|H][a|A][c|C][k|K][m|M][e|E]|[h|H][m|M])\\{.*\\}$",
+    # "Twilio_API_Key": r"SK[0-9a-fA-F]{32}",
+    # "Twitter_Access_Token": r"[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}",
+    # "Twitter_ClientID": r"[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{18,25}",
+    # "Twitter_OAuth": r"[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*['|\"][0-9a-zA-Z]{35,44}['|\"]",
+    # "Twitter_Secret_Key": r"[t|T][w|W][i|I][t|T][t|T][e|E][r|R](.{0,20})?['\"][0-9a-z]{35,44}"
 }
 
 # 此处配置壳信息
-shell_list =[
+shell_list = [
     'com.stub.StubApp',
     's.h.e.l.l.S',
     'com.Kiwisec.KiwiSecApplication',
@@ -150,7 +151,7 @@
 ]
 
 # 此处配置需要扫描的web文件后缀
-web_file_suffix =[
+web_file_suffix = [
     "html",
     "js",
     "xml",
@@ -163,7 +164,7 @@
 ]
 
 # 配置需要忽略网络嗅探的文件后缀名,此处根据具体需求进行配置，默认为不过滤
-sniffer_filter=[
+sniffer_filter = [
     "jpg",
     "png",
     "jpeg",
@@ -172,8 +173,8 @@
 
 # 配置自动下载Apk文件或者缓存HTML的请求头信息
 headers = {
-    "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0",
-    "Connection":"close"
+    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0",
+    "Connection": "close"
 }
 
 # 配置自动下载Apk文件或者缓存HTML的请求体信息
@@ -183,4 +184,3 @@
 
 # 配置自动下载Apk文件或者缓存HTML的请求方法信息，目前仅支持GET和POST
 method = "GET"
-
diff --git a/libs/core/__init__.py b/libs/core/__init__.py
@@ -26,7 +26,7 @@
 download_flag = False
 
 # excel 起始行号
-excel_row = 0
+excel_row = 1
 
 class Bootstrapper(object):
 
@@ -78,7 +78,7 @@ def __init__(self, path, out_path, all=False, no_resource= False):
         apktool_path = os.path.join(tools_dir, "apktool.jar")
         download_path = os.path.join(out_dir,"download")
         txt_result_path = os.path.join(out_dir,"result_"+str(create_time)+".txt")
-        xls_result_path = os.path.join(out_dir,"result_"+str(create_time)+".xls")
+        xls_result_path = os.path.join(out_dir,"result_"+str(create_time)+".xlsx")
         app_history_path = os.path.join(history_path,"app_history.txt")
         domain_history_path = os.path.join(history_path,"domain_history.txt")
 
@@ -100,7 +100,6 @@ def init(self):
         print("[*] Create directory {}".format(output_path))
 
         if not os.path.exists(download_path):
-            # shutil.rmtree(download_path)
             os.makedirs(download_path)
             print("[*] Create directory {}".format(download_path))