MobSF[Mobile-Security-Framework-MobSF-0.9.2] installlhtml
移動安全框架 (MobSF) 是一個智能化、一體化的開源移動應用(Android / iOS)自動測試框架,可以對以上兩種移動應用進行靜態和動態分析(動態分析目前暫時只支持Android)。html5
它能夠有效、快速地對應用APK 和IPA文件 及壓縮的源代碼進行審計分析。同時,MobSF 也可以經過其API Fuzzer功能模塊,對 Web API 的安全性進行檢測,如收集信息,分析安全頭部信息,識別移動API 的具體漏洞,如XXE路徑遍歷,IDOR以及其餘的與會話和API調用速率限制有關的邏輯問題。python
###運行環境:c++
Python 2.7,下載請點擊:Python 2.7sql
Oracle JDK 1.7或以上版本,下載請點擊:Oracle JDKbootstrap
Oracle VirtualBox 下載請點擊: VirtualBox緩存
iOS IPA分析(需在 Mac系統上執行)所需命令行工具( Mac系統)下載請點擊:Conmand-line tool安全
###硬件配置:4GB 或以上內存,5G硬盤空間app
###安裝目錄:框架
Linux:解壓MobSF壓縮文件到/home/[username]/MobSF
###配置靜態分析器:
pip install -r requirements.txt
###運行MobSF:
python manage.py runserver
===============================================
###install python
Linux的yum依賴自帶Python,爲防止錯誤,此處更新其實就是再安裝一個Python
查看默認Python版本
python -V
一、安裝gcc,用於編譯Python源碼
yum install gcc
二、下載源碼包,https://www.python.org/ftp/python/
三、解壓並進入源碼文件
四、編譯安裝
./configure
make all
make install
五、查看版本
/usr/local/bin/python2.7 -V
六、修改默認Python版本
mv /usr/bin/python /usr/bin/python2.6
ln -s /usr/local/bin/python2.7 /usr/bin/python
七、防止yum執行異常,修改yum使用的Python版本
vi /usr/bin/yum
將頭部 #!/usr/bin/python 修改成 #!/usr/bin/python2.6
===============================================
###下載最新版的pip,而後安裝
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
查找pip的位置
whereis pip
找到pip2.7的路徑,爲其建立軟鏈做爲系統默認的啓動版本
ln -s /usr/local/bin/pip2.7 /usr/bin/pip
第三步:pip安裝完畢,安裝scrapy測試
pip install scrapy
###zlib安裝
vi ./Modules/Setup
找到#zlib zlibmodule.c -I$(prefix)/include -L$(exec_prefix)/lib -lz去掉註釋並保存,而後進行編譯和安裝
###setuptools安裝
ImportError: No module named _markerlib
下載地址:https://pypi.python.org/pypi/setuptools
wget https://bootstrap.pypa.io/ez_setup.py -O - | python
###sqlite-devel安裝
ImportError: No module named _sqlite3
yum install sqlite-devel
再編譯升級python
###安裝插件
pip install xhtml2pdf
pip install html5lib==1.0b8
###64位安裝32位開發庫
glibc-devel-2.12-1.132.el6.i686.rpm
libstdc++-4.4.7-4.el6.i686.rpm
ERROR_LOG日誌
###Error: That port is already in use.
# lsof -i:8000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
adb 13326 root 4u IPv4 297976 0t0 TCP localhost:irdmi (LISTEN)
adb 13326 root 22u IPv4 304164 0t0 TCP localhost:irdmi->localhost:55632 (CLOSE_WAIT)
adb 13326 root 24u IPv4 304186 0t0 TCP localhost:irdmi->localhost:55646 (CLOSE_WAIT)
adb 13326 root 26u IPv4 300850 0t0 TCP localhost:irdmi->localhost:53604 (CLOSE_WAIT)
# ps -ef |grep 13326
root 13326 1 0 16:31 pts/0 00:00:00 adb -P 5037 fork-server server
root 13408 1880 0 16:37 pts/0 00:00:00 grep 13326
# kill -9 13326
###[ERROR] Unzipping Error
(/home/ccxx/Mobile-Security-Framework-MobSF-0.9.2/StaticAnalyzer/views.py, LINE 945 "z.extractall(EXT_PATH)"): 'ascii' codec can't decode byte 0xe5 in position 39: ordinal not in range(128)
編碼問題:# -*- coding: utf_8 -*-
###初始化警告
You have unapplied migrations; your app may not work properly until they are applied.
Run 'python manage.py migrate' to apply them.
刪除項目從新安裝
# pip install -r requirements.txt
===============================================
###VBoxError
[INFO] Refreshing MobSF VM
VBoxManage: error: Machine 'afd32fda-5ac3-4dd7-a309-2a71cd0a412c' is not currently running
[INFO] VM Closed
Restoring snapshot 183cf883-ade1-4fbf-8594-7ecd498281f5
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
[INFO] VM Restore Snapshot
Waiting for VM "afd32fda-5ac3-4dd7-a309-2a71cd0a412c" to power on...
VBoxManage: error: The virtual machine 'MobSF_VM_0.2' has terminated unexpectedly during startup because of signal 6
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MachineWrap, interface IMachine
[INFO] VM Starting
1.關閉manage.py
2.關閉127.0.0.1:8000
3.清除IE緩存
點擊CreateEnvironment出現,返回主頁面刷新StartDynamicAnalysis多點幾回能夠跳過!!!
[INFO] Connecting to VM/Device
unable to connect to 192.168.56.107:5555:5555
!!!能夠忽略。
===============================================