Add a Quark Agent malware analysis showcase to README

[haeter525]

Quark Agent - Your AI-powered Android APK Analyst

Quark Agent enables vulnerability and malware analysis using only natural language. With Quark Agent, you can create Quark Script code, detect CWEs, generate Quark reports, and adjust the outputs based on your feedback. Explore the showcases below.

Showcase: Detect CWE-798 in ovaa.apk

Here’s a demonstration of using Quark Agent to detect the CWE-798 vulnerability in ovaa.apk.

Step 1: Environment Requirement

• Make sure your Python version is 3.9 or above.

Step 2: Install Quark Agent

• Install Quark Agent by running:

git clone https://github.com/quark-engine/quark-engine.git && cd quark-engine
pip install .[QuarkAgent]

Step 3: Prepare the Sample File and the Detection Rule

• Put the sample file and the rule in the quark/agent directory.

.
├── ...
├── quark                   
    ├── ...           
    ├── agent       # Put the sample file and rule file here.
    ├── ...                

Step 4: Add your OpenAI API key

• Add your OpenAI API key in quarkAgentWeb.py

os.environ["OPENAI_API_KEY"] = 'your-api-key-here'

Step 5: Run Quark Agent

• Start Quark Agent by running:

$ cd quark/agent
$ python3 quarkAgentWeb.py

# You can now chat with Quark Agent in your browser. 
# The default URL is http://127.0.0.1:5000

Open a browser and navigate to 127.0.0.1:5000 to start using Quark Agent.

See more CWE detections using Quark scripts and play them with Quark Agent!

Showcase: Generate & Enhance a Quark Report of Ahmyth.apk

Here’s a demonstration of using Quark Agent to generate and enhance a Quark report. The demonstration first generates a Quark summary report of Ahmyth.apk. Then, it enhances the report's scoring system to emphasize high-risk behaviors.

In this demonstration, we use the command-line interface of Quark Agent.

Step 1: Install Quark Agent

• Follow the steps in the first showcase to install Quark Agent.

Step 2: Prepare the Sample File and the Detection Rule

• Put the sample file in the current directory.
• Put the rules in a directory named "rules."

For easy demonstration, we use only 10 rules (00001.json - 00010.json) in this showcase.

Step 3: Run Quark Agent

• Start Quark Agent by running:

quark-agent

• Chat with Quark Agent to generate and enhance a summary report.

generate_and_enhance_Quark_summary_report.mp4

For more details on the prompts used in the video, please check the document here.

Acknowledgments

The Honeynet Project

Google Summer Of Code

Quark-Engine has been participating in the GSoC under the Honeynet Project!

• 2021:
  • YuShiang Dang: New Rule Generation Technique & Make Quark Everywhere Among Security Open Source Projects
  • Sheng-Feng Lu: Replace the core library of Quark-Engine

Stay tuned for the upcoming GSoC! Join the Honeynet Slack chat for more info.

Core Values of Quark Engine Team

• We love battle fields. We embrace uncertainties. We challenge impossibles. We rethink everything. We change the way people think. And the most important of all, we benefit ourselves by benefit others first.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.73%. Comparing base (5595efe) to head (7ff0e11).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #692   +/-   ##
=======================================
  Coverage   78.73%   78.73%           
=======================================
  Files          71       71           
  Lines        5656     5656           
=======================================
  Hits         4453     4453           
  Misses       1203     1203           

Flag	Coverage Δ
unittests	78.73% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.