Mobile Security framework installation
目前筆者查看一下手機安全相關的掃描軟體,發現有這一套Framework,於是下載下來用,目前掃描出來的結果需要專業的分析,並不完全判斷是對的,目前跟大家分享一下MobSF的安裝及使用。
先看一下描述
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless.
下載軟體MobSF
下載路徑 : https://github.com/MobSF/Mobile-Security-Framework-MobSF/releases
注意你必須要安裝Python和Java run time(JRE),筆者目前是安裝Python2
安裝MobSF
1. 先在C:\下建立一個資料夾為MobSF
2. 解壓縮在C:\MobSF下
3. 執行Command line
4. 切換目錄到C:\MobSF下,輸入 cd C:\MobSF
5. 輸入指令 pip install -r requirements.txt
6. 等待安裝
7. 安裝完成
8. 運行Server 在commad line中輸入 python manage.py runserver
9. 安裝完後,畫面會顯示預設的連結位置
10. 開始Browser 並輸入 localhost://127.0.0.1:8000
11. 把要分析的檔案上傳
12. 完成
