简介

Mobile Security Framework (MobSF)是一个印度人写的Allinone的全自动APP检测工具,可用于渗透测试、恶意软件、安全基线检查等用途,当前最新版本为3.4.5 beta。它支持安卓和苹果主机程序格式,比如apk、xapk、ipa、appx,进行静态或者动态安全分析。同时,它也提供APIs接口用于现有开发环境CI/CD流水线。

标准部署

# 环境准备
apt update
apt upgrade -y
apt install -y python3-pip python3-setuptools python3-venv python-is-python3
apt install -y openjdk-16-jdk git mlocate

# 安装wkhtmltox,Ubuntu官方源中的wkhtmltox依赖包太多了,可以使用开发商自打包
apt install -y xfonts-75dpi xfonts-base xfonts-encodings xfonts-utils
apt install -y language-pack-zh-hans fonts-wqy-*
fc-cache -f -v
wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox_0.12.6-1.focal_amd64.deb
dpkg -i wkhtmltox_0.12.6-1.focal_amd64.deb

ldconfig
sync
pip3 install pip --upgrade
pip3 install launchpadlib --upgrade
pip3 install --no-cache-dir wheel
pip3 wheel --wheel-dir=yara-python-dex git+https://github.com/MobSF/yara-python-dex.git
pip3 install --no-cache-dir --no-index --find-links=yara-python-dex yara-python-dex

# 部署程序
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd /opt/Mobile-Security-Framework-MobSF/
pip3 install -r requirements.txt
./setup.sh

# 建立数据库
python manage.py makemigrations
python manage.py migrate

# 运行于本机0.0.0.0:8000
./run.sh

# 运行于127.0.0.1:8000
./run.sh 127.0.0.1:8000

容器部署

Dockerfile

原始mobsf镜像没有安装中文字体,导致输出PDF时会出现口口口的乱码,所需需要对默认DockerFile进行一点点的小修改,其他保留原始配置。

# Base image
FROM ubuntu:20.04

# Labels and Credits
LABEL \
    name="MobSF" \
    author="Ajin Abraham <ajin25@gmail.com>" \
    maintainer="Ajin Abraham <ajin25@gmail.com>" \
    contributor_1="OscarAkaElvis <oscar.alfonso.diaz@gmail.com>" \
    contributor_2="Vincent Nadal <vincent.nadal@orange.fr>" \
    description="Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis."

# Environment vars
ENV DEBIAN_FRONTEND="noninteractive" \
    ANALYZER_IDENTIFIER="" \
    JDK_FILE="openjdk-16.0.1_linux-x64_bin.tar.gz" \
    JDK_FILE_ARM="openjdk-16.0.1_linux-aarch64_bin.tar.gz" \
    WKH_FILE="wkhtmltox_0.12.6-1.focal_amd64.deb" \
    WKH_FILE_ARM="wkhtmltox_0.12.6-1.focal_arm64.deb" \
    JAVA_HOME="/jdk-16.0.1"

ENV PATH="$JAVA_HOME/bin:$PATH"

# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
RUN sed -i s@/archive.ubuntu.com/@/mirrors.huaweicloud.com/@g /etc/apt/sources.list
RUN apt update -y && apt install -y  --no-install-recommends \
    build-essential \
    language-pack-zh-hans \
    fonts-wqy-microhei \
    fonts-wqy-zenhei \
    xfonts-wqy \
    locales \
    sqlite3 \
    fontconfig-config \
    libjpeg-turbo8 \
    libxrender1 \
    libfontconfig1 \
    libxext6 \
    fontconfig \
    xfonts-75dpi \
    xfonts-base \
    python3.9 \
    python3-dev \
    python3-pip \
    wget \
    curl \
    git \
    tzdata \
    android-tools-adb

# Set locales
RUN locale-gen en_US.UTF-8
ENV TZ Asia/Shanghai
RUN echo 'LC_TIME=en_US.UTF-8' >> /etc/default/locale
RUN echo 'LC_ALL=en_US.UTF-8' >> /etc/default/locale
ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'

# Install wkhtmltopdf & OpenJDK
ARG TARGETPLATFORM

COPY scripts/install_java_wkhtmltopdf.sh .
RUN ./install_java_wkhtmltopdf.sh

RUN groupadd -g 9901 mobsf
RUN adduser mobsf --shell /bin/false -u 9901 --ingroup mobsf --gecos "" --disabled-password


# Install Requirements
COPY requirements.txt .
RUN pip3 install --upgrade --no-cache-dir setuptools pip && \
    pip3 install --quiet --no-cache-dir -r requirements.txt

# Cleanup
RUN \
    apt remove -y \
        libssl-dev \
        libffi-dev \
        libxml2-dev \
        libxslt1-dev \
        python3-dev \
        wget && \
    apt clean && \
    apt autoclean && \
    apt autoremove -y && \
    rm -rf /var/lib/apt/lists/* /tmp/* > /dev/null 2>&1

WORKDIR /home/mobsf/Mobile-Security-Framework-MobSF
# Copy source code
COPY . .

# Set adb binary path and apktool directory
RUN sed -i "s#ADB_BINARY = ''#ADB_BINARY = '/usr/bin/adb'#" mobsf/MobSF/settings.py && \
    mkdir -p /home/mobsf/.local/share/apktool/framework

# Postgres support is set to false by default
ARG POSTGRES=False

ENV POSTGRES_USER=postgres
ENV POSTGRES_PASSWORD=password
ENV POSTGRES_DB=mobsf
ENV POSTGRES_HOST=postgres

# Check if Postgres support needs to be enabled
RUN ./scripts/postgres_support.sh $POSTGRES

HEALTHCHECK CMD curl --fail http://host.docker.internal:8000/ || exit 1

# Expose MobSF Port and Proxy Port
EXPOSE 8000 8000 1337 1337

RUN chown -R mobsf:mobsf /home/mobsf/Mobile-Security-Framework-MobSF
USER mobsf
# Run MobSF
CMD ["/home/mobsf/Mobile-Security-Framework-MobSF/scripts/entrypoint.sh"]

DockerBuild

docker build mobsf .

[root@docker ~]# docker images
REPOSITORY                                     TAG       IMAGE ID       CREATED        SIZE
mobsf                                          latest    17ec050a7c8c   41 hours ago   2.1GB

# 由于打包机器在开发网络,而部署机器在服务网络,所以需要导出并导入
docker save -o mobsf.tar mobsf

DockerLoad

# 使用load导入,而不使用import
docker load --input mobsf.tar
# 打标签
docker tag 77cb7 firstshare/mobsf:v1
# 拉起容器并指定8000端口,并设定开机自启
docker run -itd --restart=always -p 8000:8000 mobsf

总结

  1. Mobsf是一个使用Python+Djongo编写的免费、开源工具,它的检测结果是被专业机构接受和认可的有效报告,可以用于等保以及其他安全认证事宜;
  2. Mobsf认为使用外部存储设备、GPS、摄像头都是高风险行为,这点见仁见智,看报告接收方的态度;
  3. Mobsf输出PDF版本报告存在问题,不能按照A4格式标准输出,应该是某处的css格式引起,需要后续修正。