mobsf / mobile-security-framework-mobsf Goto Github PK

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Home Page: https://opensecurity.in

License: GNU General Public License v3.0

Python 30.02% HTML 25.37% CSS 3.77% JavaScript 39.76% Shell 0.66% Batchfile 0.33% Dockerfile 0.08%

static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing web-security malware-analysis runtime-security devsecops apk rest cwe owasp mstg masvs mastg

mobile-security-framework-mobsf's Introduction

Mobile Security Framework (MobSF)

Version: v3.9 beta

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. MobSF can be used for a variety of use cases such as mobile application security, penetration testing, malware analysis, and privacy analysis. The Static Analyzer supports popular mobile app binaries like APK, IPA, APPX and source code. Meanwhile, the Dynamic Analyzer supports both Android and iOS applications and offers a platform for interactive instrumented testing, runtime data and network traffic analysis. MobSF seamlessly integrates with your DevSecOps or CI/CD pipeline, facilitated by REST APIs and CLI tools, enhancing your security workflow with ease.

Made with in India

MobSF is also bundled with Android Tamer, BlackArch and Pentoo.

Support MobSF

If you liked MobSF and find it useful, please consider donating.

It's easy to build open source, maintaining one is a different story. Long live open source!

Documentation

Quick setup

docker pull opensecurity/mobile-security-framework-mobsf:latest
docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest

Try MobSF Static Analyzer Online: mobsf.live
MobSF in CI/CD: mobsfscan
Conference Presentations: Slides & Videos
MobSF Online Course: OpSecX MAS
What's New: See Changelog

Collaborators

Ajin Abraham | Magaofei | Matan Dobrushin | Vincent Nadal

e-Learning Courses & Certifications

Automated Mobile Application Security Assessment with MobSF -MAS

Android Security Tools Expert -ATX

MobSF Support

Free Support: Free limited support, questions, help and discussions, join our Slack channel
Enterprise Support: Priority feature requests, live support & onsite training, see

Contribution, Feature Requests & Bugs

Read CONTRIBUTING.md before opening bugs, feature requests and pull request.
For Project updates and announcements, follow @ajinabraham or @OpenSecurity_IN.
Github Issues are only for tracking bugs and feature requests. Do not post support or help queries there. We have a slack channel for that.

Static Analysis - Android

Static Analysis - iOS

Dynamic Analysis - Android APK

Web API Viewer

Dynamic Analysis - iOS IPA

Past Collaborators

Dominik Schlecht

Honorable Contributors

Amrutha VC - For the new MobSF logo
Dominik Schlecht - For the awesome work on adding Windows Phone App Static Analysis to MobSF
Esteban - Better Android Manifest Analysis and Static Analysis Improvement.
Matan Dobrushin - For adding Android ARM Emulator support to MobSF - Special thanks goes for cuckoo-droid
Shuxin - Android Binary Analysis
Abhinav Saxena - (@xandfury) - For Travis CI and Logging integration
Netguru (@karolpiateknet, @mtbrzeski) - For iOS Swift support, Rule contributions and SAST refactoring.
Maxime Fawe - (@Arenash13) - For Matching Strategy implementation of SAST pattern matching algorithms.

Shoutouts

Abhinav Sejpal (@Abhinav_Sejpal) - For poking me with bugs, feature requests, and UI & UX suggestions
Anant Srivastava (@anantshri) - For Activity Tester Idea
Anto Joseph (@antojoseph) - For the help with SuperSU
Bharadwaj Machiraju (@tunnelshade) - For writing pyWebProxy from scratch
Rahul (@c0dist) - Kali Support
MindMac - For writing Android Blue Pill
Oscar Alfonso Diaz - (@OscarAkaElvis) - For Dockerfile contributions
Thomas Abraham - For JS Hacks on UI
Tim Brown (@timb_machine) - For the iOS Binary Analysis Ruleset
Shanil Prasad (@Rajuraju14) - For improving iOS ATS Analysis
Jovan Petrovic (@JovanPetrovic) - For sponsoring a server to host mobsf.live

mobile-security-framework-mobsf's People

Contributors

Stargazers

Watchers

Forkers

lashidhar hysia subho007 bupt007 lucabongiorni ivatester sd031 lwllovewf2010 tchernicum gkhighelf luisxiaomai odin1314 ramyarevanth devenlu tdr130 moonight10 h4ng3r devil00k pratikbarjatya m4rm0k zoechen799 cuongitbk magicyb sh4d0ws4int sunipa21 qqgirllianxin bcber cyberintruder kamaiah torque59 anhfactor thinhnd8752 johnjohnsp1 icandylabs mb1689 chubbymaggie dparker18 virqdroid rotflsec friedbutter tyekrgk felix-mao zonemo ir2-d2 0xr0ot yanrun pandazheng somebody365 lidonghao1116 mindmac cuihaoliang fooying d8c difcareer goodhacker securityigi lovewalter purplehua cvvt harite banana42 chenji1978 xbalien creturn noscripter gamehacker ahmatjan gurdzain baiyunping333 scharsey junejuly cogbee iamspid3r aylhex kis2009dsh amanaksu list3nt0 astronaut1712 djmin wudiliand0ng securextools sdgdsffdsfff zhangjizhi ilocker16 franklea omnarayan jokerni ze4lfrog pulkitpagare xtxwy hkingz xautzbl wxdublin paran0ids0ul nuanse nicewarm jvegh1 lethe0217 lina1 samyoyo

mobile-security-framework-mobsf's Issues

License type isn’t mentioned for this code, can I reuse your framework code – by giving credit?

Issue after uploading APK file

Hi team.
Please refer the below error and suggest me the solution.

IOError at /StaticAnalyzer_iOS/

I am uploading a zip file withe iOS source code, then I got this message:

Environment:

Request Method: GET
Request URL: http://127.0.0.1:8000/StaticAnalyzer_iOS/?name=myapp-ios-develop.zip&type=ios&checksum=405f10e7b3498311d8e7eb4491dcac99

Django Version: 1.8.3
Python Version: 2.7.9
Installed Applications:
('django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'StaticAnalyzer',
'DynamicAnalyzer')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware')

Traceback:
File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py" in get_response

                response = wrapped_callback(request, _callback_args, *_callback_kwargs)

File "/home/noname/YSO-Mobile-Security-Framework/StaticAnalyzer/views.py" in StaticAnalyzer_iOS

        html,dang,URLnFile,EmailnFile,INFO_PLIST,BIN_NAME,ID,VER,SDK,PLTFM,MIN=iOS_Source_Analysis(APP_DIR,MD5)

File "/home/noname/YSO-Mobile-Security-Framework/StaticAnalyzer/views.py" in iOS_Source_Analysis

with io.open(InfoP, mode='r',encoding="utf8",errors="ignore") as f:

Exception Type: IOError at /StaticAnalyzer_iOS/
Exception Value: [Errno 2] No such file or directory: ''

IPA file not support and Dynamic Analyzer not working

Hi,

I have trying to upload IPA file with zipped format not working,when i click Dynamic Analyzer VM not able to connect,please help me regarding this issue.

Email panels should bifurcate invalid file type (Like image files etc.)

Expected result : Domain schema identification logic should be updated.

[Suggestion - Enhancement] Save&Show reports

Save reports, once you do an analysis, the report can not be recovered .At least I can not find it.

PDF reports, and I have seen that you are working on it as dynamic analysis.

Good Joob!

add release tags please

Can we also use github release tags for each release.

as of now i see zero releases made as per github.

MANIFEST ANALYSIS Popup & Activities doesn't wrap the text.

Search pane doesn't work

Search for the MD5 or SHA1 and observe the error.

Files for Readme

When the apk is unable to reverse - Download Java option should not be available

IMAGE REPO

Framework should also support upload Core code zip upload w.r.t Scenario bug #20

Static analysis should be possible if user upload the code zip

UI needs to be adjusted for the reporting - content gets out from table view

Failed to launch the home page : SyntaxError at / invalid syntax (views.py, line 31)

Request Method:
GET

Request URL:
http://127.0.0.1:9002/

Django Version:
1.8a1

Exception Type:
SyntaxError

Exception Value:
invalid syntax (views.py, line 31)

Exception Location:

C:\Python34\lib\importlib__init__.py in import_module, line 104

Python Executable:
C:\Python34\python.exe

Python Version:
3.4.0

Python Path:
['C:\YSO-Mobile-Security-Framework',
'C:\Python34\lib\site-packages\blinker-1.3-py3.4.egg',
'C:\Python34\lib\site-packages\cherrypy-3.6.0-py3.4.egg',
'C:\Python34\lib\site-packages\flask-0.10.1-py3.4.egg',
'C:\Python34\lib\site-packages\itsdangerous-0.24-py3.4.egg',
'C:\Python34\lib\site-packages\jinja2-2.7.3-py3.4.egg',
'C:\Python34\lib\site-packages\werkzeug-0.10.1-py3.4.egg',
'C:\Python34\lib\site-packages\markupsafe-0.23-py3.4.egg',
'C:\Python34\lib\site-packages\flask_sqlalchemy-2.0-py3.4.egg',
'C:\Python34\lib\site-packages\sqlalchemy-0.9.8-py3.4.egg',
'C:\Appie\vendor\drozer\Lib\site-packages',
'C:\Windows\system32\python34.zip',
'C:\Python34\DLLs',
'C:\Python34\lib',
'C:\Python34',
'C:\Python34\lib\site-packages']

Uploading the images -

[MANIFEST ANALYSIS] exported activites are not being displayed under report.

com.pinterest.apk(753272342b079e6c331af5aad3ded586)

com.pinterest.activity.webhook.WebhookActivity - True
com.pinterest.sdk.PinterestOauthActivity - True
com.pinterest.activity.create.PinItActivity - True

<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:versionCode="471" android:versionName="4.7.1" android:installLocation="0" package="com.pinterest" platformBuildVersionCode="21" platformBuildVersionName="5.0.1-1624448" > <uses-sdk android:minSdkVersion="15" android:targetSdkVersion="21" > </uses-sdk> <uses-feature android:glEsVersion="0x00020000" android:required="true" > </uses-feature> <supports-screens android:smallScreens="false" > </supports-screens> <uses-permission android:name="android.permission.INTERNET" > </uses-permission> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" > </uses-permission> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" > </uses-permission> <uses-permission android:name="com.sec.android.provider.badge.permission.READ" > </uses-permission> <uses-permission android:name="com.sec.android.provider.badge.permission.WRITE" > </uses-permission> <uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" > </uses-permission> <uses-permission android:name="android.permission.READ_PROFILE" > </uses-permission> <uses-permission android:name="android.permission.READ_CONTACTS" > </uses-permission> <uses-permission android:name=".permission.C2D_MESSAGE" > </uses-permission> <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" > </uses-permission> <uses-permission android:name="android.permission.GET_ACCOUNTS" > </uses-permission> <uses-permission android:name="android.permission.WAKE_LOCK" > </uses-permission> <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" > </uses-permission> <uses-permission android:name="android.permission.USE_CREDENTIALS" > </uses-permission> <permission android:name=".permission.C2D_MESSAGE" android:protectionLevel="0x00000002" > </permission> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" > </uses-permission> <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" > </uses-permission> <application android:theme="@7F0B00D9" android:label="@7F070058" android:icon="@7F020033" android:name="com.pinterest.base.Application" android:allowBackup="false" android:hardwareAccelerated="true" android:supportsRtl="false" > <activity android:theme="@android:0103000D" android:label="@7F070058" android:name="com.pinterest.activity.PinterestActivity" android:noHistory="true" > <intent-filter > <action android:name="android.intent.action.MAIN" > </action> <category android:name="android.intent.category.LAUNCHER" > </category> </intent-filter> </activity> <activity android:theme="@7F0B00E1" android:label="" android:name="com.pinterest.activity.pin.PinActivity" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000012" > </activity> <activity android:theme="@7F0B00DC" android:label="" android:name="com.pinterest.activity.task.activity.MainActivity" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000020" > </activity> <activity android:theme="@7F0B00DD" android:name="com.pinterest.activity.nux.NUXActivity" android:configChanges="0x000004A0" > </activity> <activity android:theme="@7F0B00DB" android:label="" android:name="com.pinterest.activity.user.UserSetImageActivity" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000012" > </activity> <activity android:label="" android:name="com.pinterest.activity.unauth.UnauthWallActivity" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000022" > </activity> <activity android:label="" android:name="com.pinterest.activity.signin.TwitterAuthActivity" android:configChanges="0x000004A0" > </activity> <activity android:label="" android:name="com.pinterest.activity.signin.RakutenAuthActivity" android:configChanges="0x000004A0" > </activity> <activity android:theme="@7F0B00DE" android:label="" android:name="com.pinterest.activity.sendapin.SendPinActivity" android:launchMode="1" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000022" > </activity> <activity android:theme="@7F0B00DB" android:label="" android:name="com.pinterest.activity.create.CreateActivity" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000012" > </activity> <activity android:theme="@7F0B00DB" android:label="" android:name="com.pinterest.activity.create.RepinActivity" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000012" > </activity> <activity android:theme="@7F0B00DB" android:label="" android:name="com.pinterest.activity.create.PinEditActivity" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000012" > </activity> <activity android:theme="@7F0B00DB" android:label="@7F070124" android:name="com.pinterest.activity.create.PinItActivity" android:launchMode="1" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000012" > <intent-filter > <action android:name="android.intent.action.SEND" > </action> <category android:name="android.intent.category.DEFAULT" > </category> <data android:mimeType="text/plain" > </data> <data android:mimeType="image/*" > </data> </intent-filter> <intent-filter > <action android:name="com.pinterest.action.PIN_IT" > </action> <category android:name="android.intent.category.DEFAULT" > </category> </intent-filter> </activity> <activity android:label="" android:name="com.pinterest.activity.web.WebViewActivity" android:configChanges="0x000004A0" android:windowSoftInputMode="0x00000012" > </activity> <activity android:theme="@7F0B00DB" android:label="@7F070058" android:name="com.pinterest.activity.webhook.WebhookActivity" android:configChanges="0x000004A0" > <intent-filter > <action android:name="android.intent.action.VIEW" > </action> <category android:name="android.intent.category.DEFAULT" > </category> <category android:name="android.intent.category.BROWSABLE" > </category> <data android:scheme="http" android:host="*.pinterest.com" > </data> <data android:scheme="https" android:host="*.pinterest.com" > </data> <data android:scheme="http" android:host="pinterest.com" > </data> <data android:scheme="https" android:host="pinterest.com" > </data> <data android:host="*.pinterdev.com" > </data> <data android:scheme="pinterest" > </data> <data android:scheme="pinit" > </data> <data android:scheme="pinterest://http" > </data> </intent-filter> <intent-filter > <action android:name="android.intent.action.VIEW" > </action> <category android:name="android.intent.category.DEFAULT" > </category> <category android:name="android.intent.category.BROWSABLE" > </category> <data android:scheme="pinterest" > </data> </intent-filter> </activity> <service android:name="com.pinterest.gcm.GcmBroadcastReceiver$GcmIntentService" > </service> <service android:name="com.pinterest.service.PinterestWorkerService" > </service> <service android:name="com.pinterest.service.NotificationService" > </service> <receiver android:name="com.pinterest.receiver.GeofenceReceiver" > </receiver> <receiver android:name="com.pinterest.gcm.GcmBroadcastReceiver" android:permission="com.google.android.c2dm.permission.SEND" > <intent-filter > <action android:name="com.google.android.c2dm.intent.RECEIVE" > </action> <action android:name="com.google.android.c2dm.intent.REGISTRATION" > </action> <action android:name="com.google.android.gcm.intent.RETRY" > </action> <category android:name="com.pinterest" > </category> </intent-filter> </receiver> <activity android:theme="@7F0B00DF" android:label="@7F070058" android:name="com.facebook.LoginActivity" > </activity> <meta-data android:name="com.facebook.sdk.ApplicationId" android:value="@7F070578" > </meta-data> <receiver android:name="com.pinterest.appwidget.PWidgetProvider" > <intent-filter > <action android:name="android.appwidget.action.APPWIDGET_UPDATE" > </action> </intent-filter> <meta-data android:name="android.appwidget.provider" android:resource="@7F050000" > </meta-data> </receiver> <service android:name="com.pinterest.appwidget.PWidgetService" android:permission="android.permission.BIND_REMOTEVIEWS" android:exported="false" > </service> <activity android:theme="@7F0B00E1" android:name="com.pinterest.appwidget.SwitcherActivity" android:launchMode="2" > </activity> <activity android:theme="@7F0B00E1" android:name="com.pinterest.sdk.PinterestOauthActivity" android:exported="true" > </activity> <receiver android:name="com.pinterest.receiver.DeviceStartReceiver" > <intent-filter > <action android:name="android.intent.action.BOOT_COMPLETED" > </action> </intent-filter> </receiver> <receiver android:name="com.pinterest.receiver.SignupNotificationReceiver" > </receiver> <receiver android:name="com.pinterest.receiver.GlobalDataUpdateReceiver" > </receiver> <meta-data android:name="com.crashlytics.ApiKey" android:value="05a6e8f0efd5cab488c1871e5dd7e03ab597d9ae" > </meta-data> <meta-data android:name="com.pinterest.mapbox.ApiKey" android:value="sk.eyJ1IjoicGludGVyZXN0IiwiYSI6ImNRLXhJOHMifQ.FCS6VzbiUVLenbkIf6MPRg" > </meta-data> <meta-data android:name="com.google.android.maps.v2.API_KEY" android:value="AIzaSyDybBm_hqwipeuJdUDfpMjYdPxGG3jJjAA" > </meta-data> <meta-data android:name="com.google.android.gms.version" android:value="@7F0D0016" > </meta-data> <meta-data android:name="RealmEncKey" android:value="324937439" > </meta-data> <meta-data android:name="AutoCompleteFileSecret" android:value="1006F0AE5A7ECE19828A67AC62288E05" > </meta-data> <meta-data android:name="AutoCompleteFileIv" android:value="2A1E30DC65DACC71C3883E6E32C0D9BA" > </meta-data> <meta-data android:name="YozioAppKey" android:value="5baa19f9-33f8-4789-adef-e29a1cfa81c9" > </meta-data> <meta-data android:name="YozioSecretKey" android:value="7ac9e9c0-fa8b-42e0-945d-3423333d5fab" > </meta-data> <receiver android:name="com.pinterest.receiver.MasterInstallReferrerReceiver" android:exported="true" > <intent-filter > <action android:name="com.android.vending.INSTALL_REFERRER" > </action> </intent-filter> </receiver> <meta-data android:name="YozioNewInstallMetaDataCallback" android:value="com.pinterest.analytics.YozioMetaDataCallback" > </meta-data> </application></manifest>

DEBUG flag should be set false at setting files.

Path :- YSO-Mobile-Security-Framework/YodleeMobSec/settings.py

Try out com.pinterest.apk pacakge, latest build pushed into infinite process

[INFO] MIME Type: application/octet-stream FILE: com.pinterest.apk
[10/Jul/2015 20:03:00]"POST /Upload/ HTTP/1.1" 200 140
[INFO] Starting Analysis on : com.pinterest.apk
[INFO] Generating Hashes
[INFO] Unzipping
[INFO] Getting Hardcoded Certificates
[INFO] APK Extracted
[INFO] Getting Manifest from Binary
[INFO] AXML -> XML
[INFO] Parsing AndroidManifest.xml
[INFO] Extracting Manifest Data
[INFO] Manifest Analysis Started
[INFO] Formatting Permissions
[INFO] Reading Signer Certificate
[INFO] DEX -> JAR

fresh clone asking for migration

Did a fresh clone and still its asking for a migration. after migration it works just fine.

$ python manage.py runserver 127.0.0.1:8000                                                                     
Performing system checks...

System check identified no issues (0 silenced).

You have unapplied migrations; your app may not work properly until they are applied.
Run 'python manage.py migrate' to apply them.

May 02, 2015 - 17:52:47
Django version 1.8, using settings 'YodleeMobSec.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.

How can i contribute to the framework w.r.t new definition [Query]

Lets take example - i have python script and wanted to add some new updates in code review.
Can i have any sample example w.r.t framework so i can provide accordingly and commit the same.

Basically I am talking about code scalability

[Feature Request] Identify the application calls methods of the Log class.

Capture messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device

The logged data can be read using Logcat on the device.PII (Personally identifiable information) : Emails logs / Contact and much more potential details disclosure.

[Suggestion] Add one summary box for postive findings

WindowsError at /StaticAnalyzer/ - on successfully Upload (Win7 64 - Python 2.7 - Java 1.8)

[Error 2] The system cannot find the file specified
Request Method: GET
Request URL: http://127.0.0.1:9095/StaticAnalyzer/?name=in_startv_hotstar-69.apk&type=apk&checksum=9816563268dfb15105c41eef193f6ef5
Django Version: 1.8a1
Exception Type: WindowsError
Exception Value:
[Error 2] The system cannot find the file specified
Exception Location: C:\Python27\lib\subprocess.py in _execute_child, line 882
Python Executable: C:\Python27\python.exe
Python Version: 2.7.0
Python Path:
['C:\YSO-Mobile-Security-Framework',
'C:\Windows\system32\python27.zip',
'C:\Python27\DLLs',
'C:\Python27\lib',
'C:\Python27\lib\plat-win',
'C:\Python27\lib\lib-tk',
'C:\Python27',
'C:\Python27\lib\site-packages']
Server time: Thu, 2 Apr 2015 17:42:29 +0530

[Google Chrome - Win7] Progress bar doesn't display fix align below the upload & Analyse button

In the case of strong binary, Failure message should be more clear and self exploratory. [Enc]

Rules for iOS Application Source Code Analysis

I am adding support for Security Code Review of iOS Application Source code. It would be great if someone with good experience in iOS Code Review from security perspective to contribute some keywords or insecure code that I should look for. I have a small checklist with me. Looking forward to get more ideas from the community.

This exception is raised when a process run by check_call() or check_output() returns a non-zero exit status. The exit status will be stored in the returncode attribute; check_output() will also store the output in the output attribute.

Mac Pro. configured -- Try wih Any binary build

Static Analyzer doesn't work

Hello!

I've tried to install and play a bit with YSO in an xubuntu vm, but I couldn't make it work. My setup:

Python 2.7.8, django 1.8a1, openjdk version "1.8.0_40-internal"

The server runs, but when I upload an apk nothing happens. Is there any log file to help me troubleshoot? Is there any info that I can provide regarding my setup to help you guide me to fix the problem?

Many thanks!

Any option to stop Server [Query]

python manage.py stopserver {}...

Any option is available like this ?

[Suggestion - Enhancement] Would be better to have OWASP Top 10 tag with the code anaysis which gives good impression.

Getting error after launching "http://127.0.0.1:8000/"

Hi,

I am trying to setup "YSO mobile security framework"

Have installed jav, Django and pyhton
also have performed below commands

python manage.py migrate
python manage.py runserver 127.0.0.1:8000

but when I am trying to launch "http://127.0.0.1:8000/"

getting below error

"SyntaxError at /
Missing parentheses in call to 'print' (views.py, line 9)
Request Method: GET
Request URL: http://127.0.0.1:8000/
Django Version: 1.8.3
Exception Type: SyntaxError
Exception Value:
Missing parentheses in call to 'print' (views.py, line 9)
Exception Location: C:\Python34\lib\importlib__init__.py in import_module, line 109
Python Executable: C:\Python34\python.exe
Python Version: 3.4.3
Python Path:
['G:\Security Testing\YSO '
'Mobile\YSO-Mobile-Security-Framework-master\YSO-Mobile-Security-Framework-master',
'C:\Windows\system32\python34.zip',
'C:\Python34\DLLs',
'C:\Python34\lib',
'C:\Python34',
'C:\Python34\lib\site-packages']
Server time: Wed, 15 Jul 2015 15:06:36 +0530"

Please help me resolving this issue.

Note:

I am using pyhton 3.4 and have updated all print "text" to print("Text") in view.py file
Have tried setting (DEBUG = False) and (ALLOWED_HOSTS = ['127.0.0.1'] ) in YodleeMobSec.settings.py file

Framework doesn't work in FF 37.0.1 (Verified on Win7 SP1 * 64)

There should be nice error handler when binary unable reverse.

Take out the binary from playstore : com.barclays.android.barclaysmobilebanking

Observe the Framework went to debugging state which can be disabled using manage.py however there should be proper error handler in either of scenario.

Progress bar doesn't render in FF & IE11

How can we download the dynamic analyzer VM ？

Simple run instructions

There's a manage.py which appears to require django. As a new user of this tool (which looks great BTW), how do I run it?

Instructions and documentation

a cheatsheet or a sample set of instructions on how to start analysis

Report Download Error

Hi Team,

The final report get downloaded in PNG format and that file is corrupt.
Kindly check the issue.

Thanks,
SHG

[Check] Does this framework verify app that app has rooted detection mechanism or not ?

iOS IPA Binary Analysis requires MAC [Ask]

Which lib requires MAC supports, just wanted to know (let me check if any alternative)

Error while "Extracting Strings from APK"

[INFO] Extracting Strings from APK
Exception in thread "main" brut.androlib.AndrolibException: Could not decode arsc file
    at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:54)
    at brut.androlib.res.AndrolibResources.getResPackagesFromApk(AndrolibResources.java:540)
    at brut.androlib.res.AndrolibResources.loadMainPkg(AndrolibResources.java:76)
    at brut.androlib.res.AndrolibResources.getResTable(AndrolibResources.java:68)
    at strings.StringsXML.run(StringsXML.java:84)
    at strings.StringsXML.main(StringsXML.java:151)
Caused by: java.io.IOException: Expected: 0x001c0001, got: 0x00000000
    at brut.util.ExtDataInput.skipCheckInt(ExtDataInput.java:48)
    at brut.androlib.res.decoder.StringBlock.read(StringBlock.java:43)
    at brut.androlib.res.decoder.ARSCDecoder.readPackage(ARSCDecoder.java:100)
    at brut.androlib.res.decoder.ARSCDecoder.readTable(ARSCDecoder.java:81)
    at brut.androlib.res.decoder.ARSCDecoder.decode(ARSCDecoder.java:49)
    ... 5 more

APK:
https://play.google.com/store/apps/details?id=com.Slack

Download report button doesn't seem function correctly, downloaded image failed open

An Activity is not shared and with permission however the framework shows the wrong result.

An Activity was found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.

here are drozer result for the - om.yahoo.mobile.client.android.im

-------------------------------------------------*
dz> run app.activity.info -a com.yahoo.mobile.client.android.im
Package: com.yahoo.mobile.client.android.im
com.yahoo.mobile.client.android.im.YahooMessenger
com.yahoo.mobile.client.android.im.LoginScreenActivity
com.yahoo.mobile.client.share.activity.LoginActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.share.activity.SignUpActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.android.im.SendToActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
Target Activity: com.yahoo.mobile.client.android.im.BuddyListActivity
com.yahoo.mobile.client.android.im.BrowserActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.android.im.ConversationActivity
com.yahoo.mobile.client.android.im.SettingsActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.android.im.NearbyLocationActivity

Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP

com.yahoo.mobile.client.android.im.LocationDetailsActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.android.im.AddLocationActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.android.im.TextDisplayPreference
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.android.im.ContactViewActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.android.im.ContactEditActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.android.im.NewConversationActivity
Permission: com.yahoo.mobile.client.android.permissions.YAHOO_INTER_APP
com.yahoo.mobile.client.share.sync.account.AccountServiceSelectActivity
com.yahoo.mobile.client.share.sync.account.AccountSetupActivity
com.yahoo.mobile.client.share.sync.account.AccountResetPassword
com.yahoo.mobile.client.share.sync.account.AccountSettingActivity