Pentest automation với Mobile-Security-Framework

Thảo luận trong 'Audit/Pentest Security' bắt đầu bởi Sugi_b3o, 16/07/21, 12:07 AM.

  1. Sugi_b3o

    Sugi_b3o Moderator Thành viên BQT

    Tham gia: 30/08/16, 10:08 AM
    Bài viết: 399
    Đã được thích: 299
    Điểm thành tích:
    63
    Mobile-Security-Framework được biết đến là công cụ chuyên pentest cho các App Android, IOS. Phân tích ứng dụng có chứa mã độc trên android, ios, ngoài ra còn cung cấp Rest API để tích hợp vào quy trình CI/CD của DevSecOps.
    [​IMG]
    Tản mạng sơ qua môt chút thôi, bây giờ mình xin hướng dẫn cách cài đặt
    Với docker các bạn có thể chạy script bên dưới để cài đặt docker compose
    Mã:
    #!/bin/sh
    set -e
    # Docker CE for Linux installation script
    #
    # See https://docs.docker.com/engine/install/ for the installation steps.
    #
    # This script is meant for quick & easy install via:
    #   $ curl -fsSL https://get.docker.com -o get-docker.sh
    #   $ sh get-docker.sh
    #
    # For test builds (ie. release candidates):
    #   $ curl -fsSL https://test.docker.com -o test-docker.sh
    #   $ sh test-docker.sh
    #
    # NOTE: Make sure to verify the contents of the script
    #       you downloaded matches the contents of install.sh
    #       located at https://github.com/docker/docker-install
    #       before executing.
    #
    # Git commit from https://github.com/docker/docker-install when
    # the script was uploaded (Should only be modified by upload job):
    SCRIPT_COMMIT_SHA="7cae5f8b0decc17d6571f9f52eb840fbc13b2737"
    
    
    # The channel to install from:
    #   * nightly
    #   * test
    #   * stable
    #   * edge (deprecated)
    DEFAULT_CHANNEL_VALUE="stable"
    if [ -z "$CHANNEL" ]; then
            CHANNEL=$DEFAULT_CHANNEL_VALUE
    fi
    
    DEFAULT_DOWNLOAD_URL="https://download.docker.com"
    if [ -z "$DOWNLOAD_URL" ]; then
            DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
    fi
    
    DEFAULT_REPO_FILE="docker-ce.repo"
    if [ -z "$REPO_FILE" ]; then
            REPO_FILE="$DEFAULT_REPO_FILE"
    fi
    
    mirror=''
    DRY_RUN=${DRY_RUN:-}
    while [ $# -gt 0 ]; do
            case "$1" in
                    --mirror)
                            mirror="$2"
                            shift
                            ;;
                    --dry-run)
                            DRY_RUN=1
                            ;;
                    --*)
                            echo "Illegal option $1"
                            ;;
            esac
            shift $(( $# > 0 ? 1 : 0 ))
    done
    
    case "$mirror" in
            Aliyun)
                    DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
                    ;;
            AzureChinaCloud)
                    DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
                    ;;
    esac
    
    # docker-ce-rootless-extras is packaged since Docker 20.10.0
    has_rootless_extras="1"
    if echo "$VERSION" | grep -q '^1'; then
            has_rootless_extras=
    fi
    
    command_exists() {
            command -v "[email protected]" > /dev/null 2>&1
    }
    
    is_dry_run() {
            if [ -z "$DRY_RUN" ]; then
                    return 1
            else
                    return 0
            fi
    }
    
    is_wsl() {
            case "$(uname -r)" in
            *microsoft* ) true ;; # WSL 2
            *Microsoft* ) true ;; # WSL 1
            * ) false;;
            esac
    }
    
    is_darwin() {
            case "$(uname -s)" in
            *darwin* ) true ;;
            *Darwin* ) true ;;
            * ) false;;
            esac
    }
    
    deprecation_notice() {
            distro=$1
            date=$2
            echo
            echo "DEPRECATION WARNING:"
            echo "    The distribution, $distro, will no longer be supported in this script as of $date."
            echo "    If you feel this is a mistake please submit an issue at https://github.com/docker/docker-install/issues/new"
            echo
            sleep 10
    }
    
    get_distribution() {
            lsb_dist=""
            # Every system that we officially support has /etc/os-release
            if [ -r /etc/os-release ]; then
                    lsb_dist="$(. /etc/os-release && echo "$ID")"
            fi
            # Returning an empty string here should be alright since the
            # case statements don't act unless you provide an actual value
            echo "$lsb_dist"
    }
    
    add_debian_backport_repo() {
            debian_version="$1"
            backports="deb http://ftp.debian.org/debian $debian_version-backports main"
            if ! grep -Fxq "$backports" /etc/apt/sources.list; then
                    (set -x; $sh_c "echo \"$backports\" >> /etc/apt/sources.list")
            fi
    }
    
    echo_docker_as_nonroot() {
            if is_dry_run; then
                    return
            fi
            if command_exists docker && [ -e /var/run/docker.sock ]; then
                    (
                            set -x
                            $sh_c 'docker version'
                    ) || true
            fi
    
            # intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
            echo
            echo "================================================================================"
            echo
            if [ -n "$has_rootless_extras" ]; then
                    echo "To run Docker as a non-privileged user, consider setting up the"
                    echo "Docker daemon in rootless mode for your user:"
                    echo
                    echo "    dockerd-rootless-setuptool.sh install"
                    echo
                    echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode."
                    echo
            fi
            echo
            echo "To run the Docker daemon as a fully privileged service, but granting non-root"
            echo "users access, refer to https://docs.docker.com/go/daemon-access/"
            echo
            echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent"
            echo "         to root access on the host. Refer to the 'Docker daemon attack surface'"
            echo "         documentation for details: https://docs.docker.com/go/attack-surface/"
            echo
            echo "================================================================================"
            echo
    }
    
    # Check if this is a forked Linux distro
    check_forked() {
    
            # Check for lsb_release command existence, it usually exists in forked distros
            if command_exists lsb_release; then
                    # Check if the `-u` option is supported
                    set +e
                    lsb_release -a -u > /dev/null 2>&1
                    lsb_release_exit_code=$?
                    set -e
    
                    # Check if the command has exited successfully, it means we're in a forked distro
                    if [ "$lsb_release_exit_code" = "0" ]; then
                            # Print info about current distro
                            cat <<-EOF
                            You're using '$lsb_dist' version '$dist_version'.
                            EOF
    
                            # Get the upstream release info
                            lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
                            dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
    
                            # Print info about upstream distro
                            cat <<-EOF
                            Upstream release is '$lsb_dist' version '$dist_version'.
                            EOF
                    else
                            if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
                                    if [ "$lsb_dist" = "osmc" ]; then
                                            # OSMC runs Raspbian
                                            lsb_dist=raspbian
                                    else
                                            # We're Debian and don't even know it!
                                            lsb_dist=debian
                                    fi
                                    dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
                                    case "$dist_version" in
                                            10)
                                                    dist_version="buster"
                                            ;;
                                            9)
                                                    dist_version="stretch"
                                            ;;
                                            8|'Kali Linux 2')
                                                    dist_version="jessie"
                                            ;;
                                    esac
                            fi
                    fi
            fi
    }
    
    semverParse() {
            major="${1%%.*}"
            minor="${1#$major.}"
            minor="${minor%%.*}"
            patch="${1#$major.$minor.}"
            patch="${patch%%[-.]*}"
    }
    
    do_install() {
            echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
    
            if command_exists docker; then
                    docker_version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
                    MAJOR_W=1
                    MINOR_W=10
    
                    semverParse "$docker_version"
    
                    shouldWarn=0
                    if [ "$major" -lt "$MAJOR_W" ]; then
                            shouldWarn=1
                    fi
    
                    if [ "$major" -le "$MAJOR_W" ] && [ "$minor" -lt "$MINOR_W" ]; then
                            shouldWarn=1
                    fi
    
                    cat >&2 <<-'EOF'
                            Warning: the "docker" command appears to already exist on this system.
    
                            If you already have Docker installed, this script can cause trouble, which is
                            why we're displaying this warning and provide the opportunity to cancel the
                            installation.
    
                            If you installed the current Docker package using this script and are using it
                    EOF
    
                    if [ $shouldWarn -eq 1 ]; then
                            cat >&2 <<-'EOF'
                            again to update Docker, we urge you to migrate your image store before upgrading
                            to v1.10+.
    
                            You can find instructions for this here:
                            https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
                            EOF
                    else
                            cat >&2 <<-'EOF'
                            again to update Docker, you can safely ignore this message.
                            EOF
                    fi
    
                    cat >&2 <<-'EOF'
    
                            You may press Ctrl+C now to abort this script.
                    EOF
                    ( set -x; sleep 20 )
            fi
    
            user="$(id -un 2>/dev/null || true)"
    
            sh_c='sh -c'
            if [ "$user" != 'root' ]; then
                    if command_exists sudo; then
                            sh_c='sudo -E sh -c'
                    elif command_exists su; then
                            sh_c='su -c'
                    else
                            cat >&2 <<-'EOF'
                            Error: this installer needs the ability to run commands as root.
                            We are unable to find either "sudo" or "su" available to make this happen.
                            EOF
                            exit 1
                    fi
            fi
    
            if is_dry_run; then
                    sh_c="echo"
            fi
    
            # perform some very rudimentary platform detection
            lsb_dist=$( get_distribution )
            lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
    
            if is_wsl; then
                    echo
                    echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
                    echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
                    echo
                    cat >&2 <<-'EOF'
    
                            You may press Ctrl+C now to abort this script.
                    EOF
                    ( set -x; sleep 20 )
            fi
    
            case "$lsb_dist" in
    
                    ubuntu)
                            if command_exists lsb_release; then
                                    dist_version="$(lsb_release --codename | cut -f2)"
                            fi
                            if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
                                    dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
                            fi
                    ;;
    
                    debian|raspbian)
                            dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
                            case "$dist_version" in
                                    10)
                                            dist_version="buster"
                                    ;;
                                    9)
                                            dist_version="stretch"
                                    ;;
                                    8)
                                            dist_version="jessie"
                                    ;;
                            esac
                    ;;
    
                    centos|rhel)
                            if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
                                    dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
                            fi
                    ;;
    
                    *)
                            if command_exists lsb_release; then
                                    dist_version="$(lsb_release --release | cut -f2)"
                            fi
                            if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
                                    dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
                            fi
                    ;;
    
            esac
    
            # Check if this is a forked Linux distro
            check_forked
    
            # Run setup for each distro accordingly
            case "$lsb_dist" in
                    ubuntu|debian|raspbian)
                            pre_reqs="apt-transport-https ca-certificates curl"
                            if [ "$lsb_dist" = "debian" ]; then
                                    # libseccomp2 does not exist for debian jessie main repos for aarch64
                                    if [ "$(uname -m)" = "aarch64" ] && [ "$dist_version" = "jessie" ]; then
                                            add_debian_backport_repo "$dist_version"
                                    fi
                            fi
    
                            if ! command -v gpg > /dev/null; then
                                    pre_reqs="$pre_reqs gnupg"
                            fi
                            apt_repo="deb [arch=$(dpkg --print-architecture)] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
                            (
                                    if ! is_dry_run; then
                                            set -x
                                    fi
                                    $sh_c 'apt-get update -qq >/dev/null'
                                    $sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
                                    $sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | apt-key add -qq - >/dev/null"
                                    $sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
                                    $sh_c 'apt-get update -qq >/dev/null'
                            )
                            pkg_version=""
                            if [ -n "$VERSION" ]; then
                                    if is_dry_run; then
                                            echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
                                    else
                                            # Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
                                            pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
                                            search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
                                            pkg_version="$($sh_c "$search_command")"
                                            echo "INFO: Searching repository for VERSION '$VERSION'"
                                            echo "INFO: $search_command"
                                            if [ -z "$pkg_version" ]; then
                                                    echo
                                                    echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
                                                    echo
                                                    exit 1
                                            fi
                                            search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
                                            # Don't insert an = for cli_pkg_version, we'll just include it later
                                            cli_pkg_version="$($sh_c "$search_command")"
                                            pkg_version="=$pkg_version"
                                    fi
                            fi
                            (
                                    if ! is_dry_run; then
                                            set -x
                                    fi
                                    if [ -n "$cli_pkg_version" ]; then
                                            $sh_c "apt-get install -y -qq --no-install-recommends docker-ce-cli=$cli_pkg_version >/dev/null"
                                    fi
                                    $sh_c "apt-get install -y -qq --no-install-recommends docker-ce$pkg_version >/dev/null"
                                    # shellcheck disable=SC2030
                                    if [ -n "$has_rootless_extras" ]; then
                                            # Install docker-ce-rootless-extras without "--no-install-recommends", so as to install slirp4netns when available
                                            $sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce-rootless-extras$pkg_version >/dev/null"
                                    fi
                            )
                            echo_docker_as_nonroot
                            exit 0
                            ;;
                    centos|fedora|rhel)
                            yum_repo="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
                            if ! curl -Ifs "$yum_repo" > /dev/null; then
                                    echo "Error: Unable to curl repository file $yum_repo, is it valid?"
                                    exit 1
                            fi
                            if [ "$lsb_dist" = "fedora" ]; then
                                    pkg_manager="dnf"
                                    config_manager="dnf config-manager"
                                    enable_channel_flag="--set-enabled"
                                    disable_channel_flag="--set-disabled"
                                    pre_reqs="dnf-plugins-core"
                                    pkg_suffix="fc$dist_version"
                            else
                                    pkg_manager="yum"
                                    config_manager="yum-config-manager"
                                    enable_channel_flag="--enable"
                                    disable_channel_flag="--disable"
                                    pre_reqs="yum-utils"
                                    pkg_suffix="el"
                            fi
                            (
                                    if ! is_dry_run; then
                                            set -x
                                    fi
                                    $sh_c "$pkg_manager install -y -q $pre_reqs"
                                    $sh_c "$config_manager --add-repo $yum_repo"
    
                                    if [ "$CHANNEL" != "stable" ]; then
                                            $sh_c "$config_manager $disable_channel_flag docker-ce-*"
                                            $sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
                                    fi
                                    $sh_c "$pkg_manager makecache"
                            )
                            pkg_version=""
                            if [ -n "$VERSION" ]; then
                                    if is_dry_run; then
                                            echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
                                    else
                                            pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
                                            search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
                                            pkg_version="$($sh_c "$search_command")"
                                            echo "INFO: Searching repository for VERSION '$VERSION'"
                                            echo "INFO: $search_command"
                                            if [ -z "$pkg_version" ]; then
                                                    echo
                                                    echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
                                                    echo
                                                    exit 1
                                            fi
                                            search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
                                            # It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
                                            cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
                                            # Cut out the epoch and prefix with a '-'
                                            pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
                                    fi
                            fi
                            (
                                    if ! is_dry_run; then
                                            set -x
                                    fi
                                    # install the correct cli version first
                                    if [ -n "$cli_pkg_version" ]; then
                                            $sh_c "$pkg_manager install -y -q docker-ce-cli-$cli_pkg_version"
                                    fi
                                    $sh_c "$pkg_manager install -y -q docker-ce$pkg_version"
                                    # shellcheck disable=SC2031
                                    if [ -n "$has_rootless_extras" ]; then
                                            $sh_c "$pkg_manager install -y -q docker-ce-rootless-extras$pkg_version"
                                    fi
                            )
                            echo_docker_as_nonroot
                            exit 0
                            ;;
                    *)
                            if [ -z "$lsb_dist" ]; then
                                    if is_darwin; then
                                            echo
                                            echo "ERROR: Unsupported operating system 'macOS'"
                                            echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
                                            echo
                                            exit 1
                                    fi
                            fi
                            echo
                            echo "ERROR: Unsupported distribution '$lsb_dist'"
                            echo
                            exit 1
                            ;;
            esac
            exit 1
    }
    
    # wrapped up in a function so that we have some protection against only getting
    # half the file during "curl | sh"
    do_install
    # Alternatively you can use the official docker install script
    wget -qO- https://get.docker.com/ | sh
    
    # Install docker-compose
    COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oE "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | sort --version-sort | tail -n 1`
    sudo sh -c "curl -L https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
    sudo chmod +x /usr/local/bin/docker-compose
    sudo sh -c "curl -L https://raw.githubusercontent.com/docker/compose/${COMPOSE_VERSION}/contrib/completion/bash/docker-compose > /etc/bash_completion.d/docker-compose"
    
    # Install docker-cleanup command
    cd /tmp
    git clone https://gist.github.com/76b450a0c986e576e98b.git
    cd 76b450a0c986e576e98b
    sudo mv docker-cleanup /usr/local/bin/docker-cleanup
    sudo chmod +x /usr/local/bin/docker-cleanup
    Sau đó chạy docker pull về
    Mã:
     #docker pull opensecurity/mobile-security-framework-mobsf
    #docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
    upload_2021-7-16_0-13-18.png
    Hoặc các bạn ko muốn chạy bằng docker thì chạy lệnh bên dưới
    Mã:
    git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
    cd Mobile-Security-Framework-MobSF
    ./setup.sh # For Linux and Mac
    
    # Installation process
    ./run.sh # For Linux and Mac
    
    Kết quả thu được cũng tương tự với docker nhé
    upload_2021-7-16_0-16-8.png
    Bây giờ chúng ta vào giao diện web để trai nghiệm thôi
    upload_2021-7-16_0-17-41.png
    Sau đó ta upload một vài file lên và xem kết quả nhé

    [​IMG]
    [​IMG]
     
    Chỉnh sửa cuối: 16/07/21, 08:07 AM
    Mời các bạn tham gia Group WhiteHat để thảo luận và cập nhật tin tức an ninh mạng hàng ngày.
    Lưu ý từ WhiteHat: Kiến thức an ninh mạng để phòng chống, không làm điều xấu. Luật pháp liên quan
  1. Marcus1337
  2. ToanDV
  3. ToanDV
  4. DDos
  5. WhiteHat Team
Tags: