Giter Club home page Giter Club logo

mobsf-auto-scan's Introduction

  • The script is designed to automate the scanning process of files uploaded on MobSF - the pen-testing app, also for static and dynamic analysis - and give an outlook of critical and high-level threats in the app.
  • It uses the MobSF scan api endpoint to send an http POST request using the hash of the file, file_name, scan_type, and API-key to receive a JSON file.

Running the script

  • You can run the script with the target files in the current directory or other directories in the file system. Simply apply the right file path as shown.
  • you can scan multiple files at once to get a breakdown of the issues of the uploaded files.
vboxuser@Frank-Ubuntu:~/Documents/Coding/Internship-Tasks$ ./mobsfScanAutomate.py /home/vboxuser/Downloads/'NBM merchant.apk' /home/vboxuser/Downloads/'Pen test.apk'

Prompt

  • Once you run the script, the following prompt shows. In the event, input the extension as shown.
Enter scan type (apk/ipa): apk

Sample output

  • Here is what you can expect as output for the above scanned files
3 dangerous warnings in permissions analysis
=================
0 warnings in permissions analysis
-----------------
0 high/critical warnings in certificate analysis
=================
1 warnings in certificate analysis
-----------------
0 high/critical warnings in manifest analysis
=================
3 warnings in manifest analysis
-----------------
0 high/critical warnings in code analysis
=================
5 warnings in code analysis
-----------------
File: /home/vboxuser/Downloads/NBM merchant.apk
+++++++++++++++++++++++++++++++++++++
Enter scan type (apk/ipa): apk
8 dangerous warnings in permissions analysis
=================
0 warnings in permissions analysis
-----------------
0 high/critical warnings in certificate analysis
=================
1 warnings in certificate analysis
-----------------
0 high/critical warnings in manifest analysis
=================
10 warnings in manifest analysis
-----------------
0 high/critical warnings in code analysis
=================
13 warnings in code analysis
-----------------
File: /home/vboxuser/Downloads/Pen test.apk
+++++++++++++++++++++++++++++++++++++

Author

If you would like to contribute to this repository and make improvements, contact me.

  • Let's do this!!!!

mobsf-auto-scan's People

Contributors

ranci-18 avatar

Stargazers

Mit Pandya avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.