Difference between revisions of "ORP APK Bot"

From Exploitee.rs
Jump to navigationJump to search
(Created page with "== About == The Discord bot "ORP_APK" iterates through applications in the Google Play store looking for instances of insecure cloud storage, open real time databases, and private keys. After manual verification of the finding, a user can then report the finding to the affected app developer through the use of bot commands. == Services == * Amazon AWS S3 Buckets * Linode Objects Buckets * Digital Ocean Spaces * DreamHost Buckets * Azure Blobs * BackBlaze S3 * IBM Clo...")
 
Line 20: Line 20:


== Usage ==
== Usage ==
 
{| class="wikitable"
* !start
!| Command
* !scan <app_id>
!| Description
* !get_findings <app_id>
|-
* !update_notified <finding_id_num>
| !start
* !get_email <finding_id_num> <researcher_name>
| Starts the bot in the specified channel.
* !add_note <Not to application developer here>
|-
* !cancel_email
| !scan <app_id>
* !send_email
| Scans the provided app id (ex: com.google.play)
|-
| !get_findings <app_id>
| Gets previously found findings for a specified app id
|-
| !update_notified <finding_id_num>
| Used to set the finding (based on the finding id) as reported (for reports handled outside of bot).
|-
| !get_email <finding_id_num> <researcher_name>
| Create a report for the specified finding with the specified researchers name (submission is previewed before sending).
|-
| !add_note <Not to application developer here>
| Adds a note to a finding submission (used after !get_email)
|-
| !cancel_email
| Cancels an email after being previewed through !get_email
|-
| !send_email
| Sends an email after being previewed through !get_email
|}


[[Category:Open Research Project]]
[[Category:Open Research Project]]

Revision as of 05:49, 29 May 2022

About

The Discord bot "ORP_APK" iterates through applications in the Google Play store looking for instances of insecure cloud storage, open real time databases, and private keys. After manual verification of the finding, a user can then report the finding to the affected app developer through the use of bot commands.

Services

  • Amazon AWS S3 Buckets
  • Linode Objects Buckets
  • Digital Ocean Spaces
  • DreamHost Buckets
  • Azure Blobs
  • BackBlaze S3
  • IBM Cloud Buckets
  • Wasabi Object Buckets
  • Vultr Objects Buckets
  • FireBase Database
  • Google Cloud Buckets
  • RSA Private Keys
  • AWS Creds

Usage

Command Description
!start Starts the bot in the specified channel.
!scan <app_id> Scans the provided app id (ex: com.google.play)
!get_findings <app_id> Gets previously found findings for a specified app id
!update_notified <finding_id_num> Used to set the finding (based on the finding id) as reported (for reports handled outside of bot).
!get_email <finding_id_num> <researcher_name> Create a report for the specified finding with the specified researchers name (submission is previewed before sending).
!add_note <Not to application developer here> Adds a note to a finding submission (used after !get_email)
!cancel_email Cancels an email after being previewed through !get_email
!send_email Sends an email after being previewed through !get_email