add mobsf to mobile packages

[spameier]

Description

Adds MobSF to packages for mobile apps.

[QU35T-code]

Thanks for your PR.

I quickly tested on ARM and the installation failed because of dependencies. Have you been able to verify that it installs correctly on amd ?

[spameier]

Thanks for your PR.

I quickly tested on ARM and the installation failed because of dependencies. Have you been able to verify that it installs correctly on amd ?

It works for AMD on my VM. What error do you see?

[QU35T-code]

On ARM :

root@exegol-test2 /workspace # python3 -m pipx install /opt/tools/Mobile-Security-Framework-MobSF/
Fatal error from pip prevented installation. Full pip output in file:
    /root/.local/pipx/logs/cmd_2023-09-05_14.49.13_pip_errors.log

pip seemed to fail to build package:
    yara-python-dex>=1.0.1

Some possibly relevant errors from pip install:
    error: subprocess-exited-with-error
    FileNotFoundError: [Errno 2] No such file or directory: 'yara-python/README.rst'
    error: metadata-generation-failed

Error installing mobsf from spec '/opt/tools/Mobile-Security-Framework-MobSF'.

[QU35T-code]

When I have time, I'll try to fix the problem on the ARM side (https://github.com/MobSF/yara-python-dex)

[ShutdownRepo]

Putting PR on hold while #216 isn't merged
The PR is a major one and could induce some conflicts here

[ShutdownRepo]

#216 is now merged, removing the hold on this PR. @spameier can you update accordingly please?

[spameier]

ARM build still fails 😿:

2023-09-23T22:29:47.6720670Z #19 771.1 [EXEGOL DEBUG] sh -c "pipx install /opt/tools/Mobile-Security-Framework-MobSF/ "
2023-09-23T22:29:47.8197140Z #19 771.3 creating virtual environment...
2023-09-23T22:29:47.8198860Z #19 771.4 determining package name from '/opt/tools/Mobile-Security-Framework-MobSF'...
2023-09-23T22:29:53.7015020Z #19 777.3 creating virtual environment...
2023-09-23T22:29:53.8535340Z #19 777.4 installing mobsf from spec '/opt/tools/Mobile-Security-Framework-MobSF'...
2023-09-23T22:29:56.1239950Z #19 779.7 Fatal error from pip prevented installation. Full pip output in file:
2023-09-23T22:29:56.1241710Z #19 779.7     /root/.local/pipx/logs/cmd_2023-09-23_22.29.47_pip_errors.log
2023-09-23T22:29:56.1242630Z #19 779.7 
2023-09-23T22:29:56.1243520Z #19 779.7 pip seemed to fail to build package:
2023-09-23T22:29:56.1244540Z #19 779.7     yara-python-dex>=1.0.1
2023-09-23T22:29:56.1245390Z #19 779.7 
2023-09-23T22:29:56.1246190Z #19 779.7 Some possibly relevant errors from pip install:
2023-09-23T22:29:56.1247370Z #19 779.7     error: subprocess-exited-with-error
2023-09-23T22:29:56.1248760Z #19 779.7     FileNotFoundError: [Errno 2] No such file or directory: 'yara-python/README.rst'
2023-09-23T22:29:56.1250090Z #19 779.7     error: metadata-generation-failed
2023-09-23T22:29:56.1251610Z #19 779.7 Error installing mobsf from spec '/opt/tools/Mobile-Security-Framework-MobSF'.

[ShutdownRepo]

Could be fixed with

python3 -m pip install git+https://github.com/MobSF/yara-python-dex.git

Install should then succeed on both archs with the following code

function install_mobsf(){
    # CODE-CHECK-WHITELIST=add-aliases
    colorecho "Installing Mobile Security Framework"
    fapt wkhtmltopdf
    git -C /opt/tools clone --depth 1 https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF
    cd /opt/tools/MobSF || exit
    python3 -m venv ./venv
    # "./venv/bin/python3 -m pip install yara-python-dex" doesn't work in ARM64
    ./venv/bin/python3 -m pip install git+https://github.com/MobSF/yara-python-dex.git
    ./venv/bin/python3 -m pip install .
    add-history mobsf
    add-test-command "./venvs/mobsf/bin/python -c 'from mobsf.MobSF.settings import VERSION; print(VERSION)'"
    add-to-list "mobsf,https://github.com/MobSF/Mobile-Security-Framework-MobSF,Automated and all-in-one mobile application (Android/iOS/Windows) pen-testing malware analysis and security assessment framework"
}

The problem here is that all MobSF binaries would be installed in /opt/tools/MobSF/venv/bin/ along pip and python binaries, and in order to use commands like mobsf, we would need to find a way to have these tools in the PATH. This could be achieved with symbolic links, but there are many binaries in the /venv/bin/ folder and I'm not sure what symlinks we'd want.

MobSF # ls venv/bin
activate       androcg     apkid          flask       ipython3          mitmdump      pip3         pyrsa-decrypt   python3     ttx
activate.csh   androdd     apksigcopier   fonttools   jsonschema        mitmproxy     pip3.11      pyrsa-encrypt   python3.11
activate.fish  androdis    apksigtool     freshquark  libsast           mitmweb       pwiz.py      pyrsa-keygen    quark
Activate.ps1   androguard  distro         glom        macho_dump        mobsf         __pycache__  pyrsa-priv2pub  semgrep
androapkid     androgui    django-admin   gunicorn    macho_find        normalizer    pyftmerge    pyrsa-sign      sqlformat
androarsc      androlyze   elf_reader.py  httptools   macho_reader.py   pe_reader.py  pyftsubset   pyrsa-verify    tldextract
androaxml      androsign   f2py           ipython     macho_standalone  pip           pygmentize   python          tqdm

Converting PR to draft while there's still major work to be done on it

[spameier]

Could be fixed with

python3 -m pip install git+https://github.com/MobSF/yara-python-dex.git

This will be supported in the next release of pipx through --preinstall (see pypa/pipx#900). For now I am changing it to your proposal.

[ShutdownRepo]

Let's run the pipeline and merge if we get the green lights, thank you @spameier 👍