Äú¿ÉÒÔ¾èÖú£¬Ö§³ÖÎÒÃǵĹ«ÒæÊÂÒµ¡£

1Ôª 10Ôª 50Ôª





ÈÏÖ¤Â룺  ÑéÖ¤Âë,¿´²»Çå³þ?Çëµã»÷Ë¢ÐÂÑéÖ¤Âë ±ØÌî



  ÇóÖª ÎÄÕ ÎÄ¿â Lib ÊÓÆµ iPerson ¿Î³Ì ÈÏÖ¤ ×Éѯ ¹¤¾ß ½²×ù Model Center   Code  
»áÔ±   
   
 
     
   
 ¶©ÔÄ
  ¾èÖú
ÀûÓÃMobSF×Ô½¨Òƶ¯Ó¦ÓÃAPPɨÃèÔÆÆ½Ì¨
 
×÷Õߣº³æ³æËÑÆæ
  2510  次浏览      27
 2020-9-28 
 
±à¼­ÍƼö:
±¾ÎÄÖ÷Òª¸ø´ó¼Ò½éÉÜÁËÈçºÎÀûÓÿªÔ´µÄMobSFƽ̨×Ô¼ºÒƶ¯APP×Ô¶¯É¨ÃèÆ½Ì¨¡£°üÀ¨£º»ù´¡½éÉÜ¡¢°²×°²¿Êð¼°Ó¦Ó÷ÖÎö¡£
±¾ÎÄÀ´×ÔÓÚ΢ÐÅ³æ³æËÑÆæ £¬ÓÉ»ðÁú¹ûÈí¼þAnna±à¼­¡¢ÍƼö¡£

ÒÆ¶¯»¥ÁªÍøÍ³ÖÎÁËÎÒÃÇÊÀ½ç£¬Òƶ¯¶Ë°²È«Ô½À´Ô½ÖØÒª¡£Öն˰²È«×îÖØÒªµÄÔ­ÔòÊÇ"²»·ÃÎʲ»°²È«µÄÍøÕ¾£¬²»ÏÂÔØ²»Ã÷À´Ô´µÄÓ¦Ó㬲»°²×°²»ÐÅÈεÄAPP£¬²»¸øAPP²»±ØÒªµÄȨÏÞ"¡£»°ËäÈç´Ë£¬µ«ÊÇʵ¼ÊÉÏÓеÄʱºò£¬»¹ÐèÒª°²×°Ò»Ð©Î´ÖªµÄAPP£¬ÕâÊǺóÔõô°ìÄØ£¿

Õâ¾ÍÐèÒª¶ÔÆäÏȽøÐÐһϰ²È«ÆÀ¹À£¬ÏÖÔÚÓкܶàÔÚÏß°²È«¼ì²âƽ̨£¬±ÈÈç360×½³æÁÔÊÖ£¬Æó¶ì¼ÒµÄ½ð¸ÕÉó¼ÆÏµÍ³µÈ¡£×î½üÇ¡ºÃÒª³¢ÊÔÒ»¸öapkɨÃèµÄʱºò·¢ÏÖǰЩÄê¸ãµÄ´óÁ¿ÔÚÏ߯À¹Àϵͳ»ù±¾É϶¼²»ÄÜÓÃÁË£¨360×½³æÁÔÊÖ»¹ok£©¡£ËùÒÔ£¬³æ³æ½ñÌì¾Í¸ø´ó¼Ò½éÉÜÏ£¬»ùÓÚ¿ªÔ´µÄMobSF×Ô½¨Ò»¸öÓ¦ÓÃAPPɨÃèÔÆÆ½Ì¨¡£

MobSF¼ò½é

Mobile Security Framework£¨MobS£¬Òƶ¯°²È«¿ò¼Ü£©ÊÇÒ»ÖÖ×Ô¶¯»¯¶àÆ½Ì¨ÒÆ¶¯Ó¦ÓóÌÐò£¬Ö§³ÖAndroid¡¢iOSºÍWindowsÓ¦ÓÃ×Ô¶¯»¯²âÊÔ¡£Äܹ»½øÐо²Ì¬¡¢¶¯Ì¬·ÖÎö£¬web API²âÊÔ£¬¶ñÒâÈí¼þ·ÖÎöºÍ°²È«ÆÀ¹À¡£MobSFÖ§³Ö¶ÔÒÆ¶¯APP¶þ½øÖÆÎļþ£¬°üÀ¨APK£¬IPAºÍAPPXÒÔ¼°¶ÔѹËõµÄÔ´´úÂë½øÐзÖÎö£¬ÌṩWeb½çÃæ½øÐÐÈÎÎñ¹ÜÀíºÍ±¨¸æÏÔʾ£¬²¢ÌṩREST APIʵÏÖCI/CD»òDevSecOps¹ÜµÀÎ޷켯³É¡£ÆäÖж¯Ì¬·ÖÎöÆ÷¿É°ïÖúÎÒÃÇÖ´ÐÐÔËÐÐʱ°²È«ÐÔÆÀ¹ÀºÍ½»»¥Ê½¼ì²â¡£

°²×°²¿Êð

°²×°ÒªÇó

½øÐо²Ì¬·ÖÎö·ÖÎöÐèÒª°²×°ÒÔÏÂÌõ¼þ£º

Git£¬Python 3.6ÒÔÉϰ汾£¬JDK 8ÒÔÉϰ汾¡£

LinuxÏ¿ÉÒÔͨ¹ý·¢ÐаæµÄ°ü¹ÜÀíÈí¼þÖ±½Ó°²×°£¬±ÈÈçUbuntuÏ¿ÉÒÔÓãº

sudo apt install python3-venv python3-pip python3-dev build-essential libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdf

Æ»¹ûMac OSÓû§£º

sudo installer -pkg

/Library/ Developer/CommandLineTools/ Packages/macOS_SDK_headers_ for_macOS_10.14.pkg -targe /

WindowsÓû§ÐèÒª°²×°Microsoft Visual C ++ Build ToolsºÍOpenSSL

Windows App¾²Ì¬·ÖÎöÐèÒªMacºÍLinuxµÄWindowsÖ÷»ú»òWindows VM£¨ÂÔ£©¡£

ΪÁËÉú³ÉPDF±¨¸æ£¬ÐèÒªµ¥¶À°²×°wkhtmltopdf¶þ½øÖÆÎļþ¡£ÔÚWindowsÖУ¬ÐèÒª½«°üº¬wkhtmltopdf¶þ½øÖÆÎļþµÄÎļþ¼ÐÌí¼Óµ½»·¾³±äÁ¿PATH¡£

°²×°

°²×°¹ý³ÌºÜ¼òµ¥£¬Ê×ÏÈ´ÓMobSF²Ö¿âcloneÏÂÔØÔ´Â룺

git clone github /MobSF/Mobile-Security-Framework-MobSF.git

È»ºó£¬ÔÚLinuxºÍMac OSÏÂÖ´ÐÐ./setup.sh£¬WindowsÏÂÖ´ÐÐsetup.bat¼´¿É¡£

docker°²×°£º

MobSF 2.0Ò²ÐÂÔö¼ÓÁËdocker·½Ê½°²×°£¬°²×°ÔËÐзdz£·½±ã¡£·½±ãÆð¼û¿ÉÒÔÖ±½ÓÀ­È¡¹Ù·½¾µÏñ£º

docker pull opensecurity/mobile -security-framework-mobsf

docker run -it --name mobsf -p 8000:8000 opensecurity/mobile-security -framework-mobsf:latest

Ò²¿ÉÒÔ×Ô¼º±àÒë¾µÏñ»òÕßÐèÒª¶îÍ⹦ÄÜÒªÇóµÄÒ²±ØÐëÕÒ×Ô±àÒë¾µÏñ£º

git clone github /MobSF/Mobile-Security -Framework-MobSF.git

cd Mobile-Security-Framework-MobSF

docker build -t mobsf .

docker run -it -p 8000:8000 mobsf

ÔËÐÐ

LinuxºÍMacÏÂͨ¹ý£º

./ run.sh

WindowsÏÂÔËÐУº

run.bat

È»ºóĬÈϻῪÆôÒ»¸ö8080·þÎñÆ÷¼àÌý£¬Í¨¹ýä¯ÀÀÆ÷·ÃÎÊlocalhost:8080¾Í¿ÉÒÔ·ÃÎÊ¡£

¾²Ì¬·ÖÎö

ͨ¹ýä¯ÀÀÆ÷·ÃÎÊlocalhost:8080£¬»áµ¯³ö·ÖÎöÎļþÉÏ´«½çÃæ£¬¿ÉÒÔ°Ñapk°üͨ¹ýÍϷŵ½ÐéÏß¿òÀï»òÕßͨ¹ýUpload & AnalyzeÑ¡ÔñÎļþ¾Í¿ÉÒÔÍê³É·ÖÎöÈÎÎñµÄÉèÖá£

×ó±ßÀ¸Ä¿¸÷ÖÖ·ÖÎöÏîÄ¿£¬Óұߴ°ÌåÊǸôηÖÎöµÄÖÕ½á»ù±¾°üÀ¨ÁËËÄ´ó×é¼þɨÃè¸öÊý¡¢export Çé¿ö£©£¬·´±àÒëÔ´Â루java¡¢smali£©¡¢mainfest Îļþ·ÖÎö¡¢°²È«·ÖÎöµÈ¡£

±¾ÀýÖÐÎÒÉÏ´«ÁËGPS²âÊÔÒǵÄapk£¬½á¹ûÈçÏ£º

ɨÃèÏîÄ¿ÉèÖúÍÉè¼ÆÔ´Âëä¯ÀÀ£º

Ó¦ÓÃÇ©Ãû·ÖÎö£º

ȨÏ޺Ͷþ½øÖÆ¿â·ÖÎö£º

ÐèÒª¶¨Î»È¨ÏÞ£¬ÓÐÒ»¶¨µÄ·çÏÕ£¬·Ç·¨Ó¦ÓÿÉÒÔÇÔȡλÖÃÐÅÏ¢£¬»òÕßÓÃËüÀ´ÏûºÄµç³Ø¡£

ÎļþÇåµ¥·ÖÎö£º

¿ÉÒÔ±»¶ñÒâÐÅÏ¢¿½±´£¬ÍϿ⡣

¶¯Ì¬·ÖÎö

MobSFÒ²Ö§³Ö¶¯Ì¬·ÖÎö£¬µ«ÊÇÐèÒªGenymotionÄ£ÄâÆ½Ì¨µÄÖ§³Ö£¬Í¨¹ýËüÀ´Æô¶¯°²×¿ÐéÄâ»úVM¡£

MobSF¶¯Ì¬·ÖÎöÐèÒªGenymotion Android x86 VM 4.1ÖÁ9.0°æ±¾¡£Ò»°ã½¨ÒéʹÓÃAndroid 7.0¼°¸ü¸ß°æ±¾¡£Ê×´ÎÔËÐÐʱ»á×Ô¶¯MobSFyed Android 5¼°¸ü¸ß°æ±¾¡£¶ÔÓÚСÓÚ5µÄAndroid°æ±¾£¬±ØÐëÔÚµÚÒ»´Î½øÐÐDynamic Analysis֮ǰÏÈÔËÐа²×¿ÔËÐÐʱ¡£µ¥»÷"¶¯Ì¬·ÖÎö"Ò³ÃæÖеÄMobSFy AndroidÔËÐÐʱ°´Å¥ÒÔMobSFy AndroidÔËÐÐʱ»·¾³¡£

Èç¹ûDynamic AnalyzerÎÞ·¨¼ì²âµÄ°²×¿É豸£¬¿Éͨ¹ýMobSF/settings.pyÎļþ£¬ÊÖ¶¯ÅäÖÃANALYZER_IDENTIFIER¡£

ÀýÈ磺

ANALYZER_IDENTIFIER = '192.168.56.126:5555'¡£

¿ÉÒÔÔÚGenymotionÐéÄâ»úÁбíÖÐÕÒµ½°²×¿É豸µÄIP£¬Ä¬È϶˿ÚΪ5555¡£

ÅúÁ¿·ÖÎö

³ýÁËͨ¹ýWeb½çÃæÈ˹¤½øÐе¥ÈÎÎñ·ÖÎöÒÔÍ⣬MobSFÖ§³Öͨ¹ýÃüÁîÐнøÐÐÅúÁ¿·ÖÎö¡£

ÅúÁ¿·ÖÎöÐèÒªÓÃmass_static_analysis.py¹¤¾ß£¬Ê¹Ó÷½·¨ÊÇ mass_static_analysis.py [-h] [-d Ŀ¼] [-s IP¶Ë¿Ú]

ÆäÖÐ-h±íʾʹÓðïÖú¡£

-dÑ¡ÏîÀ´Öƶ¨ÐèҪɨÃèAPP°üºÍÔ´ÂëѹËõ°üËùÔÚµÄĿ¼¡£

-s ÓÃÀ´Öƶ¨MobSF·þÎñÆ÷µÄµØÖ·ºÍ¶Ë¿Ú£¬±ÈÈç127.0.0.1:8080

ÀýÈ磺

python mass_static_analysis.py -s 127.0.0.1:8000 -d /opt/apks/

·ÖÎö±¨¸æ

¿ÉÒÔÒÔPDFµ¼³ö¸Ã´Î·ÖÎöµÄ±¨¸æ¡£×¢Òâ,ºÃÏñĬÈÏÉèÖÃ϶ÔÖÐÎÄÖ§³ÖÓÐÎÊÌ⣺

×ܽá

±¾Îĸø´ó¼Ò½éÉÜÁËÈçºÎÀûÓÿªÔ´µÄMobSFƽ̨×Ô¼ºÒƶ¯APP×Ô¶¯É¨ÃèÆ½Ì¨¡£MobSF¹¦ÄÜÇ¿´óµÄÒÆ¶¯°²È«²âÊÔÆ½Ì¨£¬Ö§³Ö¾²Ì¬£¬¶¯Ì¬·ÖÎöÒÔWeb API Fuzzer²âÊÔ¡£MobSFÖ§³ÖdockerÒ»¼ü²¿Êð£¬Web½çÃæ½øÐйÜÀí¡¢µ¼³öPDF·ÖÎö±¨¸æ£¬°²×°ºÍʹÓö¼·Ç³£·½±ãÓѺá£

   
2510 ´Îä¯ÀÀ       27
Ïà¹ØÎÄÕÂ

ÔÆ¼ÆËãµÄ¼Ü¹¹
¶ÔÔÆ¼ÆËã·þÎñÄ£ÐÍ
ÔÆ¼ÆËãºËÐļ¼ÊõÆÊÎö
Á˽âÔÆ¼ÆËãµÄ©¶´
Ïà¹ØÎĵµ

ÔÆ¼ÆËã¼ò½é
ÔÆ¼ÆËã¼ò½éÓëÔÆ°²È«
ÏÂÒ»´úÍøÂç¼ÆËã--ÔÆ¼ÆËã
ÈídzÎöÔÆ¼ÆËã
Ïà¹Ø¿Î³Ì

ÔÆ¼ÆËãÔ­ÀíÓëÓ¦ÓÃ
ÔÆ¼ÆËãÓ¦ÓÃÓ뿪·¢
CMMIÌåϵÓëʵ¼ù
»ùÓÚCMMI±ê×¼µÄÈí¼þÖÊÁ¿±£Ö¤
×îл¼Æ»®
DeepSeekÔÚÈí¼þ²âÊÔÓ¦ÓÃʵ¼ù 4-12[ÔÚÏß]
DeepSeek´óÄ£ÐÍÓ¦Óÿª·¢Êµ¼ù 4-19[ÔÚÏß]
UAF¼Ü¹¹ÌåϵÓëʵ¼ù 4-11[±±¾©]
AIÖÇÄÜ»¯Èí¼þ²âÊÔ·½·¨Óëʵ¼ù 5-23[ÉϺ£]
»ùÓÚ UML ºÍEA½øÐзÖÎöÉè¼Æ 4-26[±±¾©]
ÒµÎñ¼Ü¹¹Éè¼ÆÓ뽨ģ 4-18[±±¾©]
 
×îÐÂÎÄÕÂ
ÔÆÔ­Éú¼Ü¹¹¸ÅÊö
K8S¸ß¿ÉÓü¯Èº¼Ü¹¹ÊµÏÖ
ÈÝÆ÷ÔÆ¹ÜÀíÖ®K8S¼¯Èº¸ÅÊö
k8s-ÕûÌå¸ÅÊöºÍ¼Ü¹¹
Ê®·ÖÖÓѧ»áÓÃdocker²¿Êð΢·þÎñ
×îпγÌ
ÔÆ¼ÆË㡢΢·þÎñÓë·Ö²¼Ê½¼Ü¹¹
Æóҵ˽ÓÐÔÆÔ­ÀíÓë¹¹½¨
»ùÓÚKubernetesµÄDevOpsʵ¼ù
ÔÆÆ½Ì¨¼Ü¹¹ÓëÓ¦Ó㨰¢ÀïÔÆ£©
Docker²¿Êð±»²âϵͳÓë×Ô¶¯»¯¿ò¼Üʵ¼ù
³É¹¦°¸Àý
±±¾© ÔÆÆ½Ì¨Óë΢·þÎñ¼Ü¹¹Éè¼Æ
ͨÓù«Ë¾GE DockerÔ­ÀíÓëʵ¼ùÅàѵ
ij¾ü¹¤Ñо¿µ¥Î» MDA£¨Ä£ÐÍÇý¶¯¼Ü¹¹£©
ÖªÃûÏû·Ñ½ðÈÚ¹«Ë¾ ÁìÓòÇý¶¯Éè¼Æ
ÉîÛÚijÆû³µÆóÒµ Ä£ÐÍÇý¶¯µÄ·ÖÎöÉè¼Æ