简介

Mobile Security Framework (MobSF)是一个印度人写的Allinone的全自动APP检测工具,可用于渗透测试、恶意软件、安全基线检查等用途,当前最新版本为3.4.5 beta。它支持安卓和苹果主机程序格式,比如apk、xapk、ipa、appx,进行静态或者动态安全分析。同时,它也提供APIs接口用于现有开发环境CI/CD流水线。

标准部署

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# 环境准备
apt update
apt upgrade -y
apt install -y python3-pip python3-setuptools python3-venv python-is-python3
apt install -y openjdk-16-jdk git mlocate

# 安装wkhtmltox,Ubuntu官方源中的wkhtmltox依赖包太多了,可以使用开发商自打包
apt install -y xfonts-75dpi xfonts-base xfonts-encodings xfonts-utils
apt install -y language-pack-zh-hans fonts-wqy-*
fc-cache -f -v
wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox_0.12.6-1.focal_amd64.deb
dpkg -i wkhtmltox_0.12.6-1.focal_amd64.deb

ldconfig
sync
pip3 install pip --upgrade
pip3 install launchpadlib --upgrade
pip3 install --no-cache-dir wheel
pip3 wheel --wheel-dir=yara-python-dex git+https://github.com/MobSF/yara-python-dex.git
pip3 install --no-cache-dir --no-index --find-links=yara-python-dex yara-python-dex

# 部署程序
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd /opt/Mobile-Security-Framework-MobSF/
pip3 install -r requirements.txt
./setup.sh

# 建立数据库
python manage.py makemigrations
python manage.py migrate

# 运行于本机0.0.0.0:8000
./run.sh

# 运行于127.0.0.1:8000
./run.sh 127.0.0.1:8000

容器部署

Dockerfile

原始mobsf镜像没有安装中文字体,导致输出PDF时会出现口口口的乱码,所需需要对默认DockerFile进行一点点的小修改,其他保留原始配置。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# Base image
FROM ubuntu:20.04

# Labels and Credits
LABEL \
name="MobSF" \
author="Ajin Abraham <ajin25@gmail.com>" \
maintainer="Ajin Abraham <ajin25@gmail.com>" \
contributor_1="OscarAkaElvis <oscar.alfonso.diaz@gmail.com>" \
contributor_2="Vincent Nadal <vincent.nadal@orange.fr>" \
description="Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis."

# Environment vars
ENV DEBIAN_FRONTEND="noninteractive" \
ANALYZER_IDENTIFIER="" \
JDK_FILE="openjdk-16.0.1_linux-x64_bin.tar.gz" \
JDK_FILE_ARM="openjdk-16.0.1_linux-aarch64_bin.tar.gz" \
WKH_FILE="wkhtmltox_0.12.6-1.focal_amd64.deb" \
WKH_FILE_ARM="wkhtmltox_0.12.6-1.focal_arm64.deb" \
JAVA_HOME="/jdk-16.0.1"

ENV PATH="$JAVA_HOME/bin:$PATH"

# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
RUN sed -i s@/archive.ubuntu.com/@/mirrors.huaweicloud.com/@g /etc/apt/sources.list
RUN apt update -y && apt install -y --no-install-recommends \
build-essential \
language-pack-zh-hans \
fonts-wqy-microhei \
fonts-wqy-zenhei \
xfonts-wqy \
locales \
sqlite3 \
fontconfig-config \
libjpeg-turbo8 \
libxrender1 \
libfontconfig1 \
libxext6 \
fontconfig \
xfonts-75dpi \
xfonts-base \
python3.9 \
python3-dev \
python3-pip \
wget \
curl \
git \
tzdata \
android-tools-adb

# Set locales
RUN locale-gen en_US.UTF-8
ENV TZ Asia/Shanghai
RUN echo 'LC_TIME=en_US.UTF-8' >> /etc/default/locale
RUN echo 'LC_ALL=en_US.UTF-8' >> /etc/default/locale
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'

# Install wkhtmltopdf & OpenJDK
ARG TARGETPLATFORM

COPY scripts/install_java_wkhtmltopdf.sh .
RUN ./install_java_wkhtmltopdf.sh

RUN groupadd -g 9901 mobsf
RUN adduser mobsf --shell /bin/false -u 9901 --ingroup mobsf --gecos "" --disabled-password


# Install Requirements
COPY requirements.txt .
RUN pip3 install --upgrade --no-cache-dir setuptools pip && \
pip3 install --quiet --no-cache-dir -r requirements.txt

# Cleanup
RUN \
apt remove -y \
libssl-dev \
libffi-dev \
libxml2-dev \
libxslt1-dev \
python3-dev \
wget && \
apt clean && \
apt autoclean && \
apt autoremove -y && \
rm -rf /var/lib/apt/lists/* /tmp/* > /dev/null 2>&1

WORKDIR /home/mobsf/Mobile-Security-Framework-MobSF
# Copy source code
COPY . .

# Set adb binary path and apktool directory
RUN sed -i "s#ADB_BINARY = ''#ADB_BINARY = '/usr/bin/adb'#" mobsf/MobSF/settings.py && \
mkdir -p /home/mobsf/.local/share/apktool/framework

# Postgres support is set to false by default
ARG POSTGRES=False

ENV POSTGRES_USER=postgres
ENV POSTGRES_PASSWORD=password
ENV POSTGRES_DB=mobsf
ENV POSTGRES_HOST=postgres

# Check if Postgres support needs to be enabled
RUN ./scripts/postgres_support.sh $POSTGRES

HEALTHCHECK CMD curl --fail http://host.docker.internal:8000/ || exit 1

# Expose MobSF Port and Proxy Port
EXPOSE 8000 8000 1337 1337

RUN chown -R mobsf:mobsf /home/mobsf/Mobile-Security-Framework-MobSF
USER mobsf
# Run MobSF
CMD ["/home/mobsf/Mobile-Security-Framework-MobSF/scripts/entrypoint.sh"]

DockerBuild

1
2
3
4
5
6
7
8
docker build mobsf .

[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mobsf latest 17ec050a7c8c 41 hours ago 2.1GB

# 由于打包机器在开发网络,而部署机器在服务网络,所以需要导出并导入
docker save -o mobsf.tar mobsf

DockerLoad

1
2
3
4
5
6
# 使用load导入,而不使用import
docker load --input mobsf.tar
# 打标签
docker tag 77cb7 firstshare/mobsf:v1
# 拉起容器并指定8000端口,并设定开机自启
docker run -itd --restart=always -p 8000:8000 mobsf

总结

  1. Mobsf是一个使用Python+Djongo编写的免费、开源工具,它的检测结果是被专业机构接受和认可的有效报告,可以用于等保以及其他安全认证事宜;
  2. Mobsf认为使用外部存储设备、GPS、摄像头都是高风险行为,这点见仁见智,看报告接收方的态度;
  3. Mobsf输出PDF版本报告存在问题,不能按照A4格式标准输出,应该是某处的css格式引起,需要后续修正。