MobSF[Mobile-Security-Framework-MobSF-0.9.2] installl
移动安全框架 (MobSF) 是一个智能化、一体化的开源移动应用(Android / iOS)自动测试框架,能够对以上两种移动应用进行静态和动态分析(动态分析目前暂时只支持Android)。
它可以有效、快速地对应用APK 和IPA文件 及压缩的源代码进行审计分析。同时,MobSF 也能够通过其API Fuzzer功能模块,对 Web API 的安全性进行检测,如收集信息,分析安全头部信息,识别移动API 的具体漏洞,如XXE路径遍历,IDOR以及其他的与会话和API调用速率限制有关的逻辑问题。
###运行环境:
Python 2.7,下载请点击:Python 2.7
Oracle JDK 1.7或以上版本,下载请点击:Oracle JDK
Oracle VirtualBox 下载请点击: VirtualBox
iOS IPA分析(需在 Mac系统上执行)所需命令行工具( Mac系统)下载请点击:Conmand-line tool
###硬件配置:4GB 或以上内存,5G硬盘空间
###安装目录:
Linux:解压MobSF压缩文件到/home/[username]/MobSF
###配置静态分析器:
pip install -r requirements.txt
###运行MobSF:
python manage.py runserver
===============================================
###install python
Linux的yum依赖自带Python,为防止错误,此处更新其实就是再安装一个Python
查看默认Python版本
python -V
1、安装gcc,用于编译Python源码
yum install gcc
2、下载源码包,https://www.python.org/ftp/python/
3、解压并进入源码文件
4、编译安装
./configure
make all
make install
5、查看版本
/usr/local/bin/python2.7 -V
6、修改默认Python版本
mv /usr/bin/python /usr/bin/python2.6
ln -s /usr/local/bin/python2.7 /usr/bin/python
7、防止yum执行异常,修改yum使用的Python版本
vi /usr/bin/yum
将头部 #!/usr/bin/python 修改为 #!/usr/bin/python2.6
===============================================
###下载最新版的pip,然后安装
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
查找pip的位置
whereis pip
找到pip2.7的路径,为其创建软链作为系统默认的启动版本
ln -s /usr/local/bin/pip2.7 /usr/bin/pip
第三步:pip安装完毕,安装scrapy测试
pip install scrapy
###zlib安装
vi ./Modules/Setup
找到#zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib -lz去掉注释并保存,然后进行编译和安装
###setuptools安装
ImportError: No module named _markerlib
下载地址:https://pypi.python.org/pypi/setuptools
wget https://bootstrap.pypa.io/ez_setup.py -O - | python
###sqlite-devel安装
ImportError: No module named _sqlite3
yum install sqlite-devel
再编译升级python
###安装插件
pip install xhtml2pdf
pip install html5lib==1.0b8
###64位安装32位开发库
glibc-devel-2.12-1.132.el6.i686.rpm
libstdc++-4.4.7-4.el6.i686.rpm
ERROR_LOG日志
###Error: That port is already in use.
# lsof -i:8000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
adb 13326 root 4u IPv4 297976 0t0 TCP localhost:irdmi (LISTEN)
adb 13326 root 22u IPv4 304164 0t0 TCP localhost:irdmi->localhost:55632 (CLOSE_WAIT)
adb 13326 root 24u IPv4 304186 0t0 TCP localhost:irdmi->localhost:55646 (CLOSE_WAIT)
adb 13326 root 26u IPv4 300850 0t0 TCP localhost:irdmi->localhost:53604 (CLOSE_WAIT)
# ps -ef |grep 13326
root 13326 1 0 16:31 pts/0 00:00:00 adb -P 5037 fork-server server
root 13408 1880 0 16:37 pts/0 00:00:00 grep 13326
# kill -9 13326
###[ERROR] Unzipping Error
(/home/ccxx/Mobile-Security-Framework-MobSF-0.9.2/StaticAnalyzer/views.py, LINE 945 "z.extractall(EXT_PATH)"): 'ascii' codec can't decode byte 0xe5 in position 39: ordinal not in range(128)
编码问题:# -*- coding: utf_8 -*-
###初始化警告
You have unapplied migrations; your app may not work properly until they are applied.
Run 'python manage.py migrate' to apply them.
删除项目重新安装
# pip install -r requirements.txt
===============================================
###VBoxError
[INFO] Refreshing MobSF VM
VBoxManage: error: Machine 'afd32fda-5ac3-4dd7-a309-2a71cd0a412c' is not currently running
[INFO] VM Closed
Restoring snapshot 183cf883-ade1-4fbf-8594-7ecd498281f5
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
[INFO] VM Restore Snapshot
Waiting for VM "afd32fda-5ac3-4dd7-a309-2a71cd0a412c" to power on...
VBoxManage: error: The virtual machine 'MobSF_VM_0.2' has terminated unexpectedly during startup because of signal 6
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MachineWrap, interface IMachine
[INFO] VM Starting
1.关闭manage.py
2.关闭127.0.0.1:8000
3.清除IE缓存
点击CreateEnvironment出现,返回主页面刷新StartDynamicAnalysis多点几次可以跳过!!!
[INFO] Connecting to VM/Device
unable to connect to 192.168.56.107:5555:5555
!!!可以忽略。
===============================================