Skip to content

Commit

Permalink
v0.8.7beta
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajinabraham
ajinabraham committed Jul 10, 2015
1 parent c5435cf commit bb4b8aa
Show file tree
Hide file tree
Showing 13 changed files with 627 additions and 209 deletions.
8 changes: 7 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Mobile-Security-Framework
Version: v0.8.6beta
Version: v0.8.7beta
![mobsecfav](https://cloud.githubusercontent.com/assets/4301109/7418958/68ec3d44-ef8f-11e4-97e2-b26a3d723814.png)

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. We've been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test and this process requires a lot of effort and time. Mobile Security Framework can be used for effective and fast security analysis of Android and iOS Applications. It supports binaries (APK & IPA) and zipped source code.
Expand Down Expand Up @@ -63,6 +63,12 @@ Pending....
* Features and Updates : [@ajinabraham](http://twitter.com/ajinabraham) or [@OpenSecurity_IN](http://twitter.com/OpenSecurity_IN).
* Open Bugs Here - https://github.com/ajinabraham/YSO-Mobile-Security-Framework/issues

#v0.8.7 Changelog

* Improved Static Analysis Rules
* Better AndroidManifest View
* Search in Files

#v0.8.6 Changelog

* Detects implicitly exported component from manifest.
Expand Down
539 changes: 386 additions & 153 deletions StaticAnalyzer/views.py
View file

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions YodleeMobSec/urls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@
url(r'^ViewFile/$', 'StaticAnalyzer.views.ViewFile', name='ViewFile'),
url(r'^Smali/$', 'StaticAnalyzer.views.Smali', name='Smali'),
url(r'^Java/$', 'StaticAnalyzer.views.Java', name='Java'),
url(r'^Search/$', 'StaticAnalyzer.views.Search', name='Search'),
url(r'^ManifestView/$', 'StaticAnalyzer.views.ManifestView', name='ManifestView'),
url(r'^DynamicAnalyzer/$', 'DynamicAnalyzer.views.DynamicAnalyzer', name='DynamicAnalyzer'),
url(r'^InternalUpload/$', 'DynamicAnalyzer.views.InternalUpload', name='InternalUpload'),
url(r'^View/$', 'DynamicAnalyzer.views.View', name='View'),
Expand Down
2 changes: 1 addition & 1 deletion YodleeMobSec/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
# Create your views here.

def index(request):
print "[INFO] Mobile Security Framework v0.8.6beta"
print "[INFO] Mobile Security Framework v0.8.7beta"
context = {}
template="index.html"
return render(request,template,context)
Expand Down
97 changes: 97 additions & 0 deletions static/js/shBrushCpp.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
/**
* SyntaxHighlighter
* http://alexgorbatchev.com/SyntaxHighlighter
*
* SyntaxHighlighter is donationware. If you are using it, please donate.
* http://alexgorbatchev.com/SyntaxHighlighter/donate.html
*
* @version
* 3.0.83 (July 02 2010)
*
* @copyright
* Copyright (C) 2004-2010 Alex Gorbatchev.
*
* @license
* Dual licensed under the MIT and GPL licenses.
*/
;(function()
{
// CommonJS
typeof(require) != 'undefined' ? SyntaxHighlighter = require('shCore').SyntaxHighlighter : null;

function Brush()
{
// Copyright 2006 Shin, YoungJin

var datatypes = 'ATOM BOOL BOOLEAN BYTE CHAR COLORREF DWORD DWORDLONG DWORD_PTR ' +
'DWORD32 DWORD64 FLOAT HACCEL HALF_PTR HANDLE HBITMAP HBRUSH ' +
'HCOLORSPACE HCONV HCONVLIST HCURSOR HDC HDDEDATA HDESK HDROP HDWP ' +
'HENHMETAFILE HFILE HFONT HGDIOBJ HGLOBAL HHOOK HICON HINSTANCE HKEY ' +
'HKL HLOCAL HMENU HMETAFILE HMODULE HMONITOR HPALETTE HPEN HRESULT ' +
'HRGN HRSRC HSZ HWINSTA HWND INT INT_PTR INT32 INT64 LANGID LCID LCTYPE ' +
'LGRPID LONG LONGLONG LONG_PTR LONG32 LONG64 LPARAM LPBOOL LPBYTE LPCOLORREF ' +
'LPCSTR LPCTSTR LPCVOID LPCWSTR LPDWORD LPHANDLE LPINT LPLONG LPSTR LPTSTR ' +
'LPVOID LPWORD LPWSTR LRESULT PBOOL PBOOLEAN PBYTE PCHAR PCSTR PCTSTR PCWSTR ' +
'PDWORDLONG PDWORD_PTR PDWORD32 PDWORD64 PFLOAT PHALF_PTR PHANDLE PHKEY PINT ' +
'PINT_PTR PINT32 PINT64 PLCID PLONG PLONGLONG PLONG_PTR PLONG32 PLONG64 POINTER_32 ' +
'POINTER_64 PSHORT PSIZE_T PSSIZE_T PSTR PTBYTE PTCHAR PTSTR PUCHAR PUHALF_PTR ' +
'PUINT PUINT_PTR PUINT32 PUINT64 PULONG PULONGLONG PULONG_PTR PULONG32 PULONG64 ' +
'PUSHORT PVOID PWCHAR PWORD PWSTR SC_HANDLE SC_LOCK SERVICE_STATUS_HANDLE SHORT ' +
'SIZE_T SSIZE_T TBYTE TCHAR UCHAR UHALF_PTR UINT UINT_PTR UINT32 UINT64 ULONG ' +
'ULONGLONG ULONG_PTR ULONG32 ULONG64 USHORT USN VOID WCHAR WORD WPARAM WPARAM WPARAM ' +
'char bool short int __int32 __int64 __int8 __int16 long float double __wchar_t ' +
'clock_t _complex _dev_t _diskfree_t div_t ldiv_t _exception _EXCEPTION_POINTERS ' +
'FILE _finddata_t _finddatai64_t _wfinddata_t _wfinddatai64_t __finddata64_t ' +
'__wfinddata64_t _FPIEEE_RECORD fpos_t _HEAPINFO _HFILE lconv intptr_t ' +
'jmp_buf mbstate_t _off_t _onexit_t _PNH ptrdiff_t _purecall_handler ' +
'sig_atomic_t size_t _stat __stat64 _stati64 terminate_function ' +
'time_t __time64_t _timeb __timeb64 tm uintptr_t _utimbuf ' +
'va_list wchar_t wctrans_t wctype_t wint_t signed';

var keywords = 'break case catch class const __finally __exception __try ' +
'const_cast continue private public protected __declspec ' +
'default delete deprecated dllexport dllimport do dynamic_cast ' +
'else enum explicit extern if for friend goto inline ' +
'mutable naked namespace new noinline noreturn nothrow ' +
'register reinterpret_cast return selectany ' +
'sizeof static static_cast struct switch template this ' +
'thread throw true false try typedef typeid typename union ' +
'using uuid virtual void volatile whcar_t while';

var functions = 'assert isalnum isalpha iscntrl isdigit isgraph islower isprint' +
'ispunct isspace isupper isxdigit tolower toupper errno localeconv ' +
'setlocale acos asin atan atan2 ceil cos cosh exp fabs floor fmod ' +
'frexp ldexp log log10 modf pow sin sinh sqrt tan tanh jmp_buf ' +
'longjmp setjmp raise signal sig_atomic_t va_arg va_end va_start ' +
'clearerr fclose feof ferror fflush fgetc fgetpos fgets fopen ' +
'fprintf fputc fputs fread freopen fscanf fseek fsetpos ftell ' +
'fwrite getc getchar gets perror printf putc putchar puts remove ' +
'rename rewind scanf setbuf setvbuf sprintf sscanf tmpfile tmpnam ' +
'ungetc vfprintf vprintf vsprintf abort abs atexit atof atoi atol ' +
'bsearch calloc div exit free getenv labs ldiv malloc mblen mbstowcs ' +
'mbtowc qsort rand realloc srand strtod strtol strtoul system ' +
'wcstombs wctomb memchr memcmp memcpy memmove memset strcat strchr ' +
'strcmp strcoll strcpy strcspn strerror strlen strncat strncmp ' +
'strncpy strpbrk strrchr strspn strstr strtok strxfrm asctime ' +
'clock ctime difftime gmtime localtime mktime strftime time';

this.regexList = [
{ regex: SyntaxHighlighter.regexLib.singleLineCComments, css: 'comments' }, // one line comments
{ regex: SyntaxHighlighter.regexLib.multiLineCComments, css: 'comments' }, // multiline comments
{ regex: SyntaxHighlighter.regexLib.doubleQuotedString, css: 'string' }, // strings
{ regex: SyntaxHighlighter.regexLib.singleQuotedString, css: 'string' }, // strings
{ regex: /^ *#.*/gm, css: 'preprocessor' },
{ regex: new RegExp(this.getKeywords(datatypes), 'gm'), css: 'color1 bold' },
{ regex: new RegExp(this.getKeywords(functions), 'gm'), css: 'functions bold' },
{ regex: new RegExp(this.getKeywords(keywords), 'gm'), css: 'keyword bold' }
];
};

Brush.prototype = new SyntaxHighlighter.Highlighter();
Brush.aliases = ['cpp', 'c'];

SyntaxHighlighter.brushes.Cpp = Brush;

// CommonJS
typeof(exports) != 'undefined' ? exports.Brush = Brush : null;
})();
66 changes: 65 additions & 1 deletion templates/ios_source_analysis.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,15 +125,78 @@ <h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphico
</tr>
</thead>
<tbody>
{{ bin_anal | safe}}
{{ insecure| safe}}
</tbody>
</table>

</div>
</div>
</div>
</div>
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-tasks"></span> iOS API</h3>
</div>
<div class="panel-body">
<div class="table-responsive">
<table class="table table-bordered table-hover table-striped">
<thead>
<tr>

<th>API</th>
<th>FILES</th>

</tr>
</thead>
<tbody>
{{ api | safe}}
</tbody>
</table>

</div>
</div>
</div>
</div>

<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-globe"></span> URLS</h3>
</div>
<div class="panel-body">
<div class="table-responsive">
<table class="table table-bordered table-hover table-striped">

<tbody>

{{ urls | safe}}
</tbody>
</table>

</div>
</div>
</div>
</div>
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-envelope"></span> EMAILS</h3>
</div>
<div class="panel-body">
<div class="table-responsive">
<table class="table table-bordered table-hover table-striped">

<tbody>

{{ emails | safe}}
</tbody>
</table>

</div>
</div>
</div>
</div>
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
Expand Down Expand Up @@ -172,6 +235,7 @@ <h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphico
</div>
</div>
</div>

<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
Expand Down
11 changes: 8 additions & 3 deletions templates/java.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,16 @@
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-list-alt"></span> JAVA SOURCE</h3>
</div>
<form class="navbar-form navbar-right" action="../Search/" method="POST">
{% csrf_token %}
Find in files: <input type="text" name="q" class="form-control" placeholder="Find....">
<input type="hidden" name="md5" value="{{md5}}">
<input type="hidden" name="code" value="java">
</form>
<div class="panel-body">
<div class="table-responsive">
<table class="table table-bordered table-hover table-striped">

<tbody>
<table class="table table-bordered table-hover table-striped">
<tbody>
{{ files | safe}}
</tbody>
</table>
Expand Down
24 changes: 24 additions & 0 deletions templates/search.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{% extends "skelton_base.html" %}
{% block content %}
</br>
<div class="page-header">
</div>
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-list-alt"></span> You 've searched for: <strong>{{ term }}</strong>. Found in {{ found }} files.</h3>
</div>
<div class="panel-body">
<table>

{% for m in matches %}

<tr><td> {{ m|safe }} </td></tr>

{% endfor %}

</table>
</div>
</div>
</div>
{% endblock %}
23 changes: 14 additions & 9 deletions templates/smali.html
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,29 @@
{% extends "skelton_base.html" %}
{% block content %}
</br>
<div class="page-header">
<div class="page-header">
</div>
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-list-alt"></span> SMALI SOURCE</h3>
</div>
<form class="navbar-form navbar-right" action="../Search/" method="POST">
{% csrf_token %}
Find in files: <input type="text" name="q" class="form-control" placeholder="Find....">
<input type="hidden" name="md5" value="{{md5}}">
<input type="hidden" name="code" value="smali">
</form>
<div class="panel-body">
<div class="table-responsive">
<table class="table table-bordered table-hover table-striped">

<tbody>
{{ files | safe}}
</tbody>
</table>
<div class="table-responsive">
<table class="table table-bordered table-hover table-striped">
<tbody>
{{ files | safe}}
</tbody>
</table>

</div>
</div>
</div>
</div>
</div>
{% endblock %}
26 changes: 5 additions & 21 deletions templates/static_analysis.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,7 @@ <h1 class="page-header">Static Analysis</h1>



<!-- Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="myModalLabel">AndroidManifest.xml</h4>
</div>
<div class="modal-body">
<code>
{{ mani }}
</code>
</div>
<div class="modal-footer">

</div>
</div>
</div>
</div>

<div class="col-lg-7">
<div class="panel panel-default">
<div class="panel-heading">
Expand Down Expand Up @@ -135,8 +117,10 @@ <h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i> <span class="glyphic
<input type="hidden" name="pkg" value="{{ packagename }}">
<input type="hidden" name="lng" value="{{ mainactivity }}">
</form>

<script>



$(document).ready(function () {

var data = [
Expand Down Expand Up @@ -255,7 +239,7 @@ <h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphico
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-search"></span> MANIFEST ANALYSIS - <a data-target="#myModal" role="button" class="btn btn-success" data-toggle="modal">View AndroidManifest.xml</a>
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-search"></span> MANIFEST ANALYSIS - <a target="_blank" href="{{mani}}" role="button" class="btn btn-success">View AndroidManifest.xml</a>



Expand Down
21 changes: 1 addition & 20 deletions templates/static_analysis_zip.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,6 @@ <h1 class="page-header">Static Analysis</h1>



<!-- Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="myModalLabel">AndroidManifest.xml</h4>
</div>
<div class="modal-body">
<code>
{{ mani }}
</code>
</div>
<div class="modal-footer">

</div>
</div>
</div>
</div>
<div class="col-lg-7">
<div class="panel panel-default">
<div class="panel-heading">
Expand Down Expand Up @@ -234,7 +215,7 @@ <h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphico
<div class="col-lg-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-search"></span> MANIFEST ANALYSIS - <a data-target="#myModal" role="button" class="btn btn-success" data-toggle="modal">View AndroidManifest.xml</a>
<h3 class="panel-title"><i class="fa fa-clock-o fa-fw"></i><span class="glyphicon glyphicon-search"></span> MANIFEST ANALYSIS - <a target="_blank" href="{{mani}}" role="button" class="btn btn-success">View AndroidManifest.xml</a>



Expand Down
Loading

0 comments on commit bb4b8aa

Please sign in to comment.