Organize help output

APlus123 · Jul 3, 2019 · 65422fb · 65422fb
1 parent 2189be0
commit 65422fb
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 30 deletions.
diff --git a/README.md b/README.md
@@ -65,8 +65,9 @@ docker/apkid.sh ~/reverse/targets/android/example/example.apk
 # Usage
 
 ```
-usage: apkid [-h] [-j] [-t TIMEOUT] [-o DIR] [-r] [--scan-depth SCAN_DEPTH]
-             [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-v]
+usage: apkid [-h] [-v] [-t TIMEOUT] [-r] [--scan-depth SCAN_DEPTH]
+             [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-j]
+             [-o DIR]
              [FILE [FILE ...]]
 
 APKiD - Android Application Identifier v2.1.0
@@ -76,14 +77,18 @@ positional arguments:
 
 optional arguments:
   -h, --help                                 show this help message and exit
-  -j, --json                                 output scan results in JSON format
+  -v, --verbose                              log debug messages
+
+scanning:
   -t TIMEOUT, --timeout TIMEOUT              Yara scan timeout (in seconds)
-  -o DIR, --output-dir DIR                   write individual results here (implies --json)
   -r, --recursive                            recurse into subdirectories
   --scan-depth SCAN_DEPTH                    how deep to go when scanning nested zips
   --entry-max-scan-size ENTRY_MAX_SCAN_SIZE  max zip entry size to scan in bytes, 0 = no limit
   --typing {magic,filename,none}             method to decide which files to scan
-  -v, --verbose                              log debug messages
+
+output:
+  -j, --json                                 output scan results in JSON format
+  -o DIR, --output-dir DIR                   write individual results here (implies --json)
 ```
 
 # Submitting New Packers / Compilers / Obfuscators

diff --git a/README.rst b/README.rst
@@ -25,16 +25,34 @@ For more information on what this tool can be used for, check out:
 Installing
 ==========
 
-First, install yara-python with ``--enable-dex`` to compile Yara’s DEX
-module:
+Installation is unfortunately a bit involved until a `pull
+request <https://github.com/VirusTotal/yara/pull/1073>`__ is merged in a
+dependency. Here’s how you do it:
 
 .. code:: bash
 
-   pip install wheel
-   pip wheel --wheel-dir=/tmp/yara-python --build-option="build" --build-option="--enable-dex" git+https://github.com/VirusTotal/[email protected]
-   pip install --no-index --find-links=/tmp/yara-python yara-python
+   git clone --recursive -b "v3.10.0" https://github.com/VirusTotal/yara-python.git /tmp/yara-python
+   cd /tmp/yara-python/yara 
+   curl https://patch-diff.githubusercontent.com/raw/VirusTotal/yara/pull/1073.patch | git am
+   cd ..
+   python setup.py build --enable-dex
+   python setup.py install
 
-Then, install apkid:
+Without this patch to Yara, the dexlib1 detection rule will fail as will
+any rule relying on string sizes.
+
+If this patch wasn’t needed, here’s how you’d install. First, install
+`yara-python <https://github.com/VirusTotal/yara-python>`__ with
+``--enable-dex`` to compile Yara’s DEX module:
+
+.. code:: bash
+
+   # Don't use this method, for now.
+   #pip install --upgrade wheel
+   #pip wheel --wheel-dir=/tmp/yara-python --build-option="build" --build-option="--enable-dex" git+https://github.com/VirusTotal/[email protected]
+   #pip install --no-index --find-links=/tmp/yara-python yara-python
+
+Finally, install APKiD:
 
 .. code:: bash
 
@@ -64,8 +82,9 @@ Usage
 
 ::
 
-   usage: apkid [-h] [-j] [-t TIMEOUT] [-o DIR] [-r] [--scan-depth SCAN_DEPTH]
-                [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-v]
+   usage: apkid [-h] [-v] [-t TIMEOUT] [-r] [--scan-depth SCAN_DEPTH]
+                [--entry-max-scan-size ENTRY_MAX_SCAN_SIZE] [--typing {magic,filename,none}] [-j]
+                [-o DIR]
                 [FILE [FILE ...]]
 
    APKiD - Android Application Identifier v2.1.0
@@ -75,14 +94,18 @@ Usage
 
    optional arguments:
      -h, --help                                 show this help message and exit
-     -j, --json                                 output scan results in JSON format
+     -v, --verbose                              log debug messages
+
+   scanning:
      -t TIMEOUT, --timeout TIMEOUT              Yara scan timeout (in seconds)
-     -o DIR, --output-dir DIR                   write individual results here (implies --json)
      -r, --recursive                            recurse into subdirectories
      --scan-depth SCAN_DEPTH                    how deep to go when scanning nested zips
      --entry-max-scan-size ENTRY_MAX_SCAN_SIZE  max zip entry size to scan in bytes, 0 = no limit
      --typing {magic,filename,none}             method to decide which files to scan
-     -v, --verbose                              log debug messages
+
+   output:
+     -j, --json                                 output scan results in JSON format
+     -o DIR, --output-dir DIR                   write individual results here (implies --json)
 
 Submitting New Packers / Compilers / Obfuscators
 ================================================

diff --git a/apkid/main.py b/apkid/main.py
@@ -39,22 +39,27 @@ def get_parser():
     )
     parser.add_argument('input', metavar='FILE', type=str, nargs='*',
                         help="apk, dex, or directory")
-    parser.add_argument('-j', '--json', action='store_true',
-                        help="output scan results in JSON format", )
-    parser.add_argument('-t', '--timeout', type=int, default=30,
-                        help="Yara scan timeout (in seconds)")
-    parser.add_argument('-o', '--output-dir', metavar='DIR', default=None,
-                        help="write individual results here (implies --json)")
-    parser.add_argument('-r', '--recursive', action='store_true', default=False,
-                        help="recurse into subdirectories")
-    parser.add_argument('--scan-depth', type=int, default=2,
-                        help="how deep to go when scanning nested zips")
-    parser.add_argument('--entry-max-scan-size', type=int, default=100 * 1024 * 1024,
-                        help="max zip entry size to scan in bytes, 0 = no limit")
-    parser.add_argument('--typing', choices=('magic', 'filename', 'none'), default='magic',
-                        help="method to decide which files to scan")
     parser.add_argument('-v', '--verbose', action='store_true',
                         help="log debug messages")
+
+    scanning = parser.add_argument_group('scanning')
+    scanning.add_argument('-t', '--timeout', type=int, default=30,
+                          help="Yara scan timeout (in seconds)")
+    scanning.add_argument('-r', '--recursive', action='store_true', default=False,
+                          help="recurse into subdirectories")
+    scanning.add_argument('--scan-depth', type=int, default=2,
+                          help="how deep to go when scanning nested zips")
+    scanning.add_argument('--entry-max-scan-size', type=int, default=100 * 1024 * 1024,
+                          help="max zip entry size to scan in bytes, 0 = no limit")
+    scanning.add_argument('--typing', choices=('magic', 'filename', 'none'), default='magic',
+                          help="method to decide which files to scan")
+
+    output = parser.add_argument_group('output')
+    output.add_argument('-j', '--json', action='store_true',
+                        help="output scan results in JSON format", )
+    output.add_argument('-o', '--output-dir', metavar='DIR', default=None,
+                        help="write individual results here (implies --json)")
+
     return parser