Skip to content

Commit

Permalink
Added Malware lookup for Android, iOS, Windows and other binary types
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajinabraham
ajinabraham committed Nov 12, 2024
1 parent 3cf21ce commit ba628ec
Show file tree
Hide file tree
Showing 9 changed files with 203 additions and 9 deletions.
12 changes: 6 additions & 6 deletions mobsf/MobSF/init.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@

logger = logging.getLogger(__name__)

VERSION = '4.1.9'
VERSION = '4.2.0'
BANNER = r"""
__ __ _ ____ _____ _ _ _
| \/ | ___ | |__/ ___|| ___|_ _| || | / |
| |\/| |/ _ \| '_ \___ \| |_ \ \ / / || |_ | |
| | | | (_) | |_) |__) | _| \ V /|__ _|| |
|_| |_|\___/|_.__/____/|_| \_/ |_|(_)_|
__ __ _ ____ _____ _ _ ____
| \/ | ___ | |__/ ___|| ___|_ _| || | |___ \
| |\/| |/ _ \| '_ \___ \| |_ \ \ / / || |_ __) |
| | | | (_) | |_) |__) | _| \ V /|__ _| / __/
|_| |_|\___/|_.__/____/|_| \_/ |_|(_)_____|
""" # noqa: W291
# ASCII Font: Standard

Expand Down
18 changes: 18 additions & 0 deletions mobsf/MobSF/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -966,3 +966,21 @@ def run_func(result, *args, **kwargs):
if result:
return result[0]
return None


def set_permissions(path):
# Convert the path to a Path object
base_path = Path(path)
perm_755 = stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH
perm_644 = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH
# Set permissions for directories and files
for item in base_path.rglob('*'): # Recursively go through all items

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
This path depends on a
user-provided value
Loading
.
This path depends on a
user-provided value
Loading
.
This path depends on a
user-provided value
Loading
.
try:
if item.is_dir():
# Set permissions for directories to 755
item.chmod(perm_755)
elif item.is_file():
# Set permissions for files to 644
item.chmod(perm_644)
except Exception:
pass
3 changes: 3 additions & 0 deletions mobsf/StaticAnalyzer/views/android/manifest_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ def get_android_manifest_androguard(apk, app_dir):
"""Get AndroidManifest.xml using Androguard."""
try:
logger.info('Extracting AndroidManifest.xml with Androguard')
if not apk:
logger.warning('Androgaurd APK parsing failed')
return
manifest = apk.get_android_manifest_axml()
if not manifest:
return
Expand Down
1 change: 1 addition & 0 deletions mobsf/StaticAnalyzer/views/common/binary/strings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,4 @@ def strings_on_binary(bin_path):
return list(set(strings_util(bin_path)))
except Exception:
logger.exception('Extracting strings from binary')
return []
4 changes: 4 additions & 0 deletions mobsf/StaticAnalyzer/views/common/shared_func.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
is_path_traversal,
is_safe_path,
print_n_send_error_response,
set_permissions,
)
from mobsf.MobSF.views.scanning import (
add_to_recent_scan,
Expand Down Expand Up @@ -108,6 +109,9 @@ def unzip(checksum, app_path, ext_path):
unzip_b = shutil.which('unzip')
subprocess.call(
[unzip_b, '-o', '-q', app_path, '-d', ext_path])
# Set permissions, packed files
# may not have proper permissions
set_permissions(ext_path)
dat = subprocess.check_output([unzip_b, '-qq', '-l', app_path])
dat = dat.decode('utf-8').split('\n')
files_det = ['Length Date Time Name']
Expand Down
62 changes: 60 additions & 2 deletions mobsf/templates/static_analysis/android_binary_analysis.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,12 @@
</p>
</a>
<ul class="nav nav-treeview">
<li class="nav-item">
<a href="#malware_lookup" class="nav-link">
<i class="fa fa-ban nav-icon"></i>
<p>Malware Lookup</p>
</a>
</li>
{% if app_type not in 'so' %}
<li class="nav-item">
<a href="#apkid" class="nav-link">
Expand All @@ -206,12 +212,14 @@
</a>
</li>
{% endif %}
{% if app_type not in 'so' %}
<li class="nav-item">
<a href="#malware_permissions" class="nav-link">
<i class="fa fa-braille nav-icon"></i>
<p>Abused Permissions</p>
</a>
</li>
{% endif %}
<li class="nav-item">
<a href="#serverlocations" class="nav-link">
<i class="fas fa-globe-asia nav-icon"></i>
Expand Down Expand Up @@ -1511,6 +1519,7 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
</div>
</section>
<!-- ===========================end file analysis ================================== -->
{% endif %}
<a id="firebase" class="anchor"></a>
<section class="content">
<div class="container-fluid">
Expand Down Expand Up @@ -1559,7 +1568,56 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
</div>
</section>
<!-- ===========================end firebase db analysis ================================== -->

<!---Malware Analysis Section-->
<a id="malware_lookup" class="anchor"></a>
<section class="content">
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-body">
<p>
<strong><i class="fa fa-ban"></i> MALWARE LOOKUP</strong>
</p>
<div class="table-responsive">
<div class="row">
<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-danger"><a href="https://www.virustotal.com/gui/file/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> VirusTotal Report</a></span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-warning"></i><a href="https://tria.ge/s?q={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Triage Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-info"><a href="https://metadefender.com/results/hash/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> MetaDefender Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-success"><a href="https://www.hybrid-analysis.com/search?query={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Hybrid Analysis Report</a>
</span>
</div>
</div>
</div>
</div>
</div><!-- /.card -->
</div>
<!-- end row -->
</div>
</div>
</section>
<!-- ===========================end malware lookup ================================== -->
{% if app_type not in 'so' %}
<!---APKiD Analysis Section-->
<a id="apkid" class="anchor"></a>
<section class="content">
<div class="container-fluid">
Expand Down Expand Up @@ -1762,7 +1820,6 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
</div>
</div>
</section>
{% endif %}
<!-- ===========================end virus total ================================== -->
<a id="malware_permissions" class="anchor"></a>
<section class="content">
Expand Down Expand Up @@ -1822,6 +1879,7 @@ <h5 class="description-header">{{ code_analysis.summary.suppressed }}</h5>
</div>
</section>
<!-- ===========================end malware permissions ================================== -->
{% endif %}
<style>
#chartdiv {
width: 100%;
Expand Down
54 changes: 54 additions & 0 deletions mobsf/templates/static_analysis/ios_binary_analysis.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,12 @@
</p>
</a>
<ul class="nav nav-treeview">
<li class="nav-item">
<a href="#malware_lookup" class="nav-link">
<i class="fa fa-ban nav-icon"></i>
<p>Malware Lookup</p>
</a>
</li>
{% if virus_total %}
<li class="nav-item">
<a href="#virus_total" class="nav-link">
Expand Down Expand Up @@ -1280,6 +1286,54 @@ <h5 class="description-header">{{ binary_analysis.summary.suppressed }}</h5>
</div>
</section>
<!-- ===========================end firebase db analysis ================================== -->
<!---Malware Analysis Section-->
<a id="malware_lookup" class="anchor"></a>
<section class="content">
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-body">
<p>
<strong><i class="fa fa-ban"></i> MALWARE LOOKUP</strong>
</p>
<div class="table-responsive">
<div class="row">
<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-danger"><a href="https://www.virustotal.com/gui/file/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> VirusTotal Report</a></span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-warning"></i><a href="https://tria.ge/s?q={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Triage Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-info"><a href="https://metadefender.com/results/hash/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> MetaDefender Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-success"><a href="https://www.hybrid-analysis.com/search?query={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Hybrid Analysis Report</a>
</span>
</div>
</div>
</div>
</div>
</div><!-- /.card -->
</div>
<!-- end row -->
</div>
</div>
</section>
<!-- ===========================end malware lookup ================================== -->
{% if virus_total %}
<a id="virus_total" class="anchor"></a>
<section class="content">
Expand Down
56 changes: 56 additions & 0 deletions mobsf/templates/static_analysis/windows_binary_analysis.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,14 @@
Binary Analysis
</p>
</a>
</li>
<li class="nav-item">
<a href="#malware_lookup" class="nav-link">
<i class="fa fa-ban nav-icon"></i>
<p>
Malware Lookup
</p>
</a>
</li>
{% if virus_total %}
<li class="nav-item">
Expand Down Expand Up @@ -280,6 +288,54 @@ <h5 class="card-title"></h5>
</div>
</section>
<!-- ===========================end binary analysis ================================== -->
<!---Malware Analysis Section-->
<a id="malware_lookup" class="anchor"></a>
<section class="content">
<div class="container-fluid">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-body">
<p>
<strong><i class="fa fa-ban"></i> MALWARE LOOKUP</strong>
</p>
<div class="table-responsive">
<div class="row">
<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-danger"><a href="https://www.virustotal.com/gui/file/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> VirusTotal Report</a></span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-warning"></i><a href="https://tria.ge/s?q={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Triage Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-info"><a href="https://metadefender.com/results/hash/{{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> MetaDefender Report</a>
</span>
</div>
</div>

<div class="col-sm-3 col-6">
<div class="description-block border-right">
<span class="text-success"><a href="https://www.hybrid-analysis.com/search?query={{ sha256 }}" target="_blank" rel="noopener"><i class="fa fa-eye"></i> Hybrid Analysis Report</a>
</span>
</div>
</div>
</div>
</div>
</div><!-- /.card -->
</div>
<!-- end row -->
</div>
</div>
</section>
<!-- ===========================end malware lookup ================================== -->
{% if virus_total %}
<a id="virus_total" class="anchor"></a>
<section class="content">
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "mobsf"
version = "4.1.9"
version = "4.2.0"
description = "Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis."
keywords = ["mobsf", "mobile security framework", "mobile security", "security tool", "static analysis", "dynamic analysis", "malware analysis"]
authors = ["Ajin Abraham <[email protected]>"]
Expand Down

0 comments on commit ba628ec

Please sign in to comment.