移动端APP安全框架Mobsf的部署 | Word Count: 1.1k | Reading Time: 5mins | Post Views: 
简介 Mobile Security Framework (MobSF) 是一个印度人写的Allinone的全自动APP检测工具,可用于渗透测试、恶意软件、安全基线检查等用途,当前最新版本为3.4.5 beta。它支持安卓和苹果主机程序格式,比如apk、xapk、ipa、appx,进行静态或者动态安全分析。同时,它也提供APIs接口用于现有开发环境CI/CD流水线。
标准部署 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 #  环境准备 apt update apt upgrade -y apt install -y python3-pip python3-setuptools python3-venv python-is-python3 apt install -y openjdk-16-jdk git mlocate #  安装wkhtmltox,Ubuntu官方源中的wkhtmltox依赖包太多了,可以使用开发商自打包 apt install -y xfonts-75dpi xfonts-base xfonts-encodings xfonts-utils apt install -y language-pack-zh-hans fonts-wqy-* fc-cache -f -v wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox_0.12.6-1.focal_amd64.deb dpkg -i wkhtmltox_0.12.6-1.focal_amd64.deb ldconfig sync pip3 install pip --upgrade pip3 install launchpadlib --upgrade pip3 install --no-cache-dir wheel pip3 wheel --wheel-dir=yara-python-dex git+https://github.com/MobSF/yara-python-dex.git pip3 install --no-cache-dir --no-index --find-links=yara-python-dex yara-python-dex #  部署程序 git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git cd /opt/Mobile-Security-Framework-MobSF/ pip3 install -r requirements.txt ./setup.sh #  建立数据库 python manage.py makemigrations python manage.py migrate #  运行于本机0.0.0.0:8000 ./run.sh #  运行于127.0.0.1:8000 ./run.sh 127.0.0.1:8000 
容器部署 Dockerfile 原始mobsf镜像没有安装中文字体,导致输出PDF时会出现口口口的乱码,所需需要对默认DockerFile进行一点点的小修改,其他保留原始配置。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 #  Base image FROM ubuntu:20.04 #  Labels and Credits LABEL \     name="MobSF" \     author="Ajin Abraham <ajin25@gmail.com>" \     maintainer="Ajin Abraham <ajin25@gmail.com>" \     contributor_1="OscarAkaElvis <oscar.alfonso.diaz@gmail.com>" \     contributor_2="Vincent Nadal <vincent.nadal@orange.fr>" \     description="Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis." #  Environment vars ENV DEBIAN_FRONTEND="noninteractive" \     ANALYZER_IDENTIFIER="" \     JDK_FILE="openjdk-16.0.1_linux-x64_bin.tar.gz" \     JDK_FILE_ARM="openjdk-16.0.1_linux-aarch64_bin.tar.gz" \     WKH_FILE="wkhtmltox_0.12.6-1.focal_amd64.deb" \     WKH_FILE_ARM="wkhtmltox_0.12.6-1.focal_arm64.deb" \     JAVA_HOME="/jdk-16.0.1" ENV PATH="$JAVA_HOME/bin:$PATH" #  See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run RUN sed -i s@/archive.ubuntu.com/@/mirrors.huaweicloud.com/@g /etc/apt/sources.list RUN apt update -y && apt install -y  --no-install-recommends \     build-essential \     language-pack-zh-hans \     fonts-wqy-microhei \     fonts-wqy-zenhei \     xfonts-wqy \     locales \     sqlite3 \     fontconfig-config \     libjpeg-turbo8 \     libxrender1 \     libfontconfig1 \     libxext6 \     fontconfig \     xfonts-75dpi \     xfonts-base \     python3.9 \     python3-dev \     python3-pip \     wget \     curl \     git \     tzdata \     android-tools-adb #  Set locales RUN locale-gen en_US.UTF-8 ENV TZ Asia/Shanghai RUN echo 'LC_TIME=en_US.UTF-8' >> /etc/default/locale RUN echo 'LC_ALL=en_US.UTF-8' >> /etc/default/locale ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' #  Install wkhtmltopdf & OpenJDK ARG TARGETPLATFORM COPY scripts/install_java_wkhtmltopdf.sh . RUN ./install_java_wkhtmltopdf.sh RUN groupadd -g 9901 mobsf RUN adduser mobsf --shell /bin/false -u 9901 --ingroup mobsf --gecos "" --disabled-password #  Install Requirements COPY requirements.txt . RUN pip3 install --upgrade --no-cache-dir setuptools pip && \     pip3 install --quiet --no-cache-dir -r requirements.txt #  Cleanup RUN \     apt remove -y \         libssl-dev \         libffi-dev \         libxml2-dev \         libxslt1-dev \         python3-dev \         wget && \     apt clean && \     apt autoclean && \     apt autoremove -y && \     rm -rf /var/lib/apt/lists/* /tmp/* > /dev/null 2>&1 WORKDIR /home/mobsf/Mobile-Security-Framework-MobSF #  Copy source  code COPY . . #  Set adb binary path and apktool directory RUN sed -i "s#ADB_BINARY = ''#ADB_BINARY = '/usr/bin/adb'#" mobsf/MobSF/settings.py && \     mkdir -p /home/mobsf/.local/share/apktool/framework #  Postgres support is set  to false  by default ARG POSTGRES=False ENV POSTGRES_USER=postgres ENV POSTGRES_PASSWORD=password ENV POSTGRES_DB=mobsf ENV POSTGRES_HOST=postgres #  Check if  Postgres support needs to be enabled RUN ./scripts/postgres_support.sh $POSTGRES HEALTHCHECK CMD curl --fail http://host.docker.internal:8000/ || exit 1 #  Expose MobSF Port and Proxy Port EXPOSE 8000 8000 1337 1337 RUN chown -R mobsf:mobsf /home/mobsf/Mobile-Security-Framework-MobSF USER mobsf #  Run MobSF CMD ["/home/mobsf/Mobile-Security-Framework-MobSF/scripts/entrypoint.sh"] 
DockerBuild 1 2 3 4 5 6 7 8 docker build mobsf . [root@docker ~]# docker images REPOSITORY                                     TAG       IMAGE ID       CREATED        SIZE mobsf                                          latest    17ec050a7c8c   41 hours ago   2.1GB #  由于打包机器在开发网络,而部署机器在服务网络,所以需要导出并导入 docker save -o mobsf.tar mobsf 
DockerLoad 1 2 3 4 5 6 #  使用load导入,而不使用import docker load --input mobsf.tar #  打标签 docker tag 77cb7 firstshare/mobsf:v1 #  拉起容器并指定8000端口,并设定开机自启 docker run -itd --restart=always -p 8000:8000 mobsf 
总结 
Mobsf是一个使用Python+Djongo编写的免费、开源工具,它的检测结果是被专业机构接受和认可的有效报告,可以用于等保以及其他安全认证事宜; 
Mobsf认为使用外部存储设备、GPS、摄像头都是高风险行为,这点见仁见智,看报告接收方的态度; 
Mobsf输出PDF版本报告存在问题,不能按照A4格式标准输出,应该是某处的css格式引起,需要后续修正。