Giter Club home page Giter Club logo

mobilesf's Introduction

Mobile-Security-Framework (HackingLab 定制版 MobSF)

Version: v0.9.2 beta

功能介简介:

  • 1.支持安卓APK静态分析,动态分析 (动态分析可使用MobileSafeFramework官方提供的VirtualBox虚拟机也可以使用用户自己的手机进行测试,需要开启USB调试并安装响应的测试软件)
  • 2.支持IOS应用静态分析(需要使用MacOS)

功能介绍[官方]:

  • MobSF是一款智能的,集多种功能于一体的移动App(安卓/IOS)测试工具框架.他支持安卓/IOS应用和ZIP格式的源码包
  • 静态分析: 静态分析可以查看源代码,检测不安全的权限/配置,检测代码中不安全的ssl管理(如重写,绕过等),弱的加密算法,代码混淆,导入权限,硬编码密钥,不恰当的危险的API使用,敏感信息泄露,不安全的文件存储等.
  • 动态分析: 动态分析是在虚拟机中/或配置好的设备中运行APP并进行安全检测.对应用进行更深层的检测,包括网络抓包,解密HTTPS流量,应用dump,日志,错误,崩溃,调试信息,调用栈,应用资源,属性,数据库等.在这个框架中,你也可以自行定制自己的测试规则.最后会生成一份快速简洁的测试报告.以后我们也会拓展该框架,使得其能够支持其他的移动平台,如Tizen,WindowsPhone等.

界面截图:

系统首页界面 index

进行静态分析 static

apk动态分析过程会自动测试多个安全项目,并自动进行屏幕截图. 不仅包括Activities相关测试,还能够自动对网络流量进行分析,并保存由APP发出的HTTP/HTTPS请求.

HackingLab XsecLab Team

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also perform Web API Security testing with it's API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.

support License platform python Code Issues

Documentation

Presentation Slides

Video Course

What's New?

Queries

Screenshots

###Static Analysis - Android APK

android-static-analysis-apk android-static-analysis-apk2

###Static Analysis - iOS IPA

ios-static-analysis-ipa

###Dynamic Analysis - Android APK

android-dynamic-analysis android-dynamic-report android-dynamic-report2 android-dynamic-expact

###Web API Fuzzer

api-fuzzer-start-scan api-fuzzer-start-report

##Credits

  • Bharadwaj Machiraju (@tunnelshade_) - For writing pyWebProxy from scratch
  • MindMac - For writing Android Blue Pill
  • Thomas Abraham - For JS Hacks on UI.
  • Anto Joseph (@antojosep007) - For the help with SuperSU.
  • Tim Brown (@timb_machine) - For the iOS Binary Analysis Ruleset.
  • Abhinav Sejpal (@Abhinav_Sejpal) - For poking me with bugs and feature requests.
  • Anant Srivastava (@anantshri) - For Activity Tester Idea
  • Amrutha VC (@amruthavc) - For the new MobSF logo

mobilesf's People

Contributors

asasassa avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.