Mobile Security Toolchain
This is the mobile security toolchain project. It is loosely based on the MSTG testing tools section (https://github.com/OWASP/owasp-mstg/blob/master/Document/0x08-Testing-Tools.md).
The project is in early beta stage. Feel free to contribute! Note that developments are currently slow as the primary focus is now on developing the MSTG.
Have a Mac OS X based system (needs 10.13.x) with about 4 GB of RAM and 4 GB of free space. Next, install Docker for Mac on it and then:
- if you want to have both the iOS and Android tools, as well as all the scaffolding, just use
- if you want to have the iOS tools only: install brew and Ansible, then type:
ansible-galaxy install -r requirements.yml ansible-playbook -K ./iOS/generic_items.yml
- if you want to have the Android tools only: install brew and Ansible, then type:
Please note: the iOS part requires you to install XCode using the Mac App Store (MAS) which will ask you to authenticate with a popup.
Brew, pip and Ansible will be installed first, if not available. Then generic, iOS and Android tools will be installed:
- python #python 3
- zsh //sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
Tools for Android
- super analyzer
Tools for iOS
As we are still in development of 1.0, there are the following quirks:
- Some applications might not work the first time as you will first have to start them from your Applications folder, such as: Android Studio (including ADB) & Docker for Mac. After that you have to run the runbooks once more. You should have , after 2 runs of the android runbook (e.g. run android runbook, run android studio, run android runbook, a working adb, given that you use .bash_profile)
- iOS has not been tested on the buildserver (only general and android are, so please test them)
- Some of the output of ansible seems very "drastic": in red/green/yellow. Please wait for it to finish and then see if something failed.
- For iOS you need to run things twice: once to start the installation, while being logged in into the Apple store with your account (actual active state can be achieved by installing any app from the app-store), second time with an active developer account in xCode.
- Lastly, it could be the case when you are testing this on a separate account, which does not have the correct rights for the brew folders. See Issue #30 reported by @TheDauntless. When you are on High Sierra you need to do:
chgrp -R admin /usr/local/* chmod -R g+w /usr/local/*
and otherwise you can follow this fix.
Does something not work? Create an issue, or even better: create a pull-request!
Special thanks to:
@clviper (reviewing), @andreaslindeboom for a lot of ansible improvements, @meetinthemiddle-be for testing & @sushi2k for contributing & @hierynomus for fixing travis issues & @RiieCco for motivating me to get the project started. @geerlingguy for creating awesome Ansible roles that speeded up the development tremendously. Xebia, as a company from which I used an private repo to start hacking at the project. My wife for supporting me in doing mobile security open source projects in my spare time.